ASP.NET Simple MVC Readme

This samples illustrates how to integrate ACS with an ASP.NET MVC application. The code for this sample is in the ASPNETSimpleMVC folder of the ACS 2.0 Samples package.

Prerequisites

To run this sample, you will need to:

  1. An account at http://portal.appfabriclabs.com and a Service Namespace. This sample assumes a Service Namespace of "acssamples" (Your Service Namespace will be different).
  2. Visual Studio 2010 (any version)
  3. Windows Identity Foundation SDK

See Prerequisites for more details. Note that it may be beneficial to walkthrough the Getting Started sample before running this sample.

Configuring the Sample

The ACS configuration required for this sample can be performing using either the ACS management portal, or the ACS management service.  Select one of the two options below to go to the relevant section.

Option 1: Configuring via the ACS Management Portal

 


1. Open a browser and navigate to http://windows.azure.com and sign in. From there, navigate to the Service Bus, Access Control, and Caching section to configure your ACS service namespace. Once you have created a namespace, select it and click Manage > Access Control Service at the top of the page. This should launch the following page in a new window:

ACS_Main.png

2. The first step in configuring ACS is to establish relationships with the identity providers you would like the users of your website to use when logging in. To do this, click on the Identity providers link and add Yahoo! and Google. When both are added, click Home to return to the main page.

ACS_IDPs_Populated.png

3. Next, register your application with ACS by creating a Relying Party in ACS. Click the Relying party applications link on the main page, then select Add and enter the following information in the subsequent form. When complete, click the Save button and then navigate back to the main page.

ASPNET_SimpleMVC_AddRP.png

4. With your relying party registered, it is now time to create the rules that determine the claims that ACS will issue to your application. In this sample, we will simply pass through all the claims issued by the identity provider (Yahoo!, Google, or Windows Live ID). To do this, click Rule Groups from the main page, and click the Default Rule Group for ASPNET Simple MVC Sample. Near the bottom of the subsequent page, click the Generate link. Ensure that the three identity providers (Yahoo!, Google, and Windows Live ID) are selected and click Generate. Finally, click Save and navigate back to the main page.

5. With ACS now configured, open Visual Studio.

Option 2: Configuring via the ACS Management Service


The Visual Studio sample solution has a console application called ConfigureSample which uses the ACS Management Service and the common helpers defined in the Common class library. This application can be used to configure your ACS service namespace for use with this sample.

1. Update the Common class library with information about your Service Namespace. Open SamplesConfiguration.cs and enter your:

  • ServiceNamespace - This is the namespace used with ACS.
  • ManagementServiceIdentityName - This is a management service account’s Name
  • ManagementServiceIdentityKey - This is the password associated with the management service account.
  • AcsHostUrl - This is the host name of the ACS


2. Run the ConfigureSample application in Visual Studio, which will configure ACS to run this sample.

Running the Sample

1. Open the sample in Visual Studio (Websites\ASPNETSimpleMVC\ASPNETSimpleMVC.sln)

2. Press "F5" to start the application. When the browser loads, you should see something similar to the following:

ASPNETSimpleMVC1.png

3. Close the browser to stop the application and proceed with configuring ACS.

4. Right click the project, and select "Add STS Reference" from the context menu (shown below):

ASPNETSimpleMVC3.png

5. In the dialog, enter the root of the web application into the "Application URI" field and click "Next". For this sample this value is "http://localhost:63000/". Note: the trailing slash is important as it lines up with the values you entered in ACS for your relying party. The wizard will issue a warning that your site isn't using SSL. Accept this warning by clicking the "Yes" button, but remember that a production website should almost always be using SSL for these types of scenarios.

6. In the next window, select the "Use Existing STS" radio button, and enter the URI of the WS-Federation metadata published by your ACS Service Namespace. That URI may be found on the portal under "Application Integration". If your Service Namespace is "acssamples", then the URI is "https://acssamples.accesscontrol.windows.net/FederationMetadata/2007-06/FederationMetadata.xml". Once you have entered this value, click "Next".

7. Since your website isn't requiring encrypted tokens, click "Next" and "Finish".

8. At this point, both ACS and your application are configured. Press F5 in Visual Studio to run the application. Your browser should be taken to the ACS hosted Home Realm Discovery page and appear similar to the following:

ASPNETSimpleMVC5.png

9. Click Google. Your browser will be redirected to a Google sign in page.

10. Enter credentials for a Google account, and decline the user consent form.

11. Your browser should return to http://localhost:63000/Error and display a custom error string indicating that login to the site was cancelled.

12. Click the link to try again and click on an identity provider again.

13. Once your browser is at the identity provider, enter credentials for a test account as before, but this time accept the user consent form.

14. Your browser should return to http://localhost:63000/ and appear similar to what is shown below. Notice that the name of your test identity is shown in the top right of the page. This data was issued by the identity provider, and returned to your application through ACS.

ASPNETSimpleMVC4.png

 

Last edited Apr 9, 2011 at 1:53 AM by oremel, version 39

Comments

erik_oppedijk Dec 28, 2010 at 4:06 PM 
Maybe add a [ValidateInput(false)] at the HomeController / Index Action.
That way you don't have to disable page request validation for the complete site.