ASP.NET Simple Service Readme

This samples illustrates how to integrate ACS into a simple web service. It uses ASP.NET as a web service host and a command line client. The ASP.NET web service requires a SWT token issued by ACS. The Client requests a token from ACS with a username and password registered with ACS. The code for this sample is in the ASPNETSimpleService folder of the ACS 2.0 Samples package.


To run this sample, you will need:

  1. To create an account at and create an Access Control Service namespace. # Visual Studio 2010 (any version)
  2. Visual Studio 2010 (any version)

See Prerequisites for more details. Note that it may be beneficial to walkthrough the Getting Started sample before running this sample.

Configuring the Sample

The ACS configuration required for this sample can be performing using either the ACS management portal, or the ACS management service.  Select one of the two options below to go to the relevant section.

Option 1: Configuring via the ACS Management Portal

1. Open a browser and navigate to and sign in. From there, navigate to the Service Bus, Access Control, and Caching section to configure your ACS service namespace. Once you have created a namespace, select it and click Manage > Access Control Service at the top of the page. This should launch the following page in a new window:


2. Next, register your application with ACS by creating a relying party application. Click the Relying party applications link on the main page, then select Add and enter the following information in the subsequent form. Be sure to select SWT as the token type, and click Generate to create a key below. When complete, click the Save button and then navigate back to the main page.


3. With your relying party registered, it is now time to create the rules that determine the claims that ACS will issue to your application. In this sample we will create a rule that grants any registered username and password an "action" claim with a value of "reverse". To do this, navigate to the main portal page and select Rule Groups. From there, select the Default Rule Group for ASP.NET Simple Service. Add a new rule, similar to the following:


4. In contrast to the web site samples, this sample relies on credentials managed by ACS. The last step in configuring ACS is registering the username and password for the client application to use. To configure a new username and password, select the Service identities link on the main portal page. Click the Add link and fill out the subsequent form. For this sample, use a username of "acssample", a Credential Type of "Password", and a password of "pass@word1". Click Save and return to the main portal page.

Option 2: Configuring via the ACS Management Service

The Visual Studio sample solution has a console application called ConfigureSample which uses the ACS Management Service and the common helpers defined in the Common class library. This application can be used to configure your ACS service namespace for use with this sample.

1. Update the Common class library with information about your Service Namespace. Open SamplesConfiguration.cs and enter your:

  • ServiceNamespace - This is the namespace used with ACS.
  • ManagementServiceIdentityName - This is a management service account’s Name
  • ManagementServiceIdentityKey - This is the password associated with the management service account.
  • AcsHostUrl - This is the host name of the ACS

2. Run the ConfigureSample application in Visual Studio, which will configure ACS to run this sample.

3. When the ConfigureSample application completes, it will output the generated relying party signing key to the console. Copy this key to the clipboard.

Running the Sample

1. Open the sample in Visual Studio. The solution consists of two projects: Service and Client.

2. If you did not do so during configuration, enter your Service Namespace details in Common\SamplesConfiguration.cs. See step 1 of “Option 2: Configuring via the ACS Management Service” above. This file is also used by the Service and Client projects.

3. Open the web.config in the Service project. Enter your token signing key in the appropriate AppSettings elements. If you configured ACS using the management service, this is the value that you copied to the clipboard. If needed, refer back to the "Certificates and Keys" area of the portal to obtain the token signing key. Below is a code snippet showing this area of the Service web.config file.

    <add key="IssuerSigningKey" value="...update to your signing key..."/>

4. Next, Open the app.config in the Client project. Enter your username, and password in the appropriate AppSettings elements. If needed, refer back to the "Service Identities" area of the portal to obtain the username and password you previously registered. Below is a code snippet showing this area of the Client app.config file.

    <add key="WrapUsername" value="acssample"/>
    <add key="WrapPassword" value="pass@word1"/>
    <add key="ServiceAddress" value="http://localhost:8000/Service/Default.aspx" />

5. Last, but not least, it is time to run the sample! Start the Service, then start the Client. At the Client, enter a string to reverse. After entering that information, the Client console window should show output similar to the following:


Last edited Jun 17, 2011 at 6:09 PM by alikl, version 44


lawrencesilkroute Apr 5, 2011 at 9:44 AM 
I am also getting a 403 error message when using the credentials

WrapUsername = acssample
WrapPassword = Pass@word1

I have ensured that I am using the correct namespace.. seems everyone is having this same error..


Zolty82 Feb 21, 2011 at 11:04 PM 

I've found the error. It says "Be sure to select "SWT" as the token type".

Well, be sure NOT TO SELECT "SWT", because that requires encription. Select SAML and select ENCRIPTION = NONE

That will work.

Zolty82 Feb 21, 2011 at 10:25 PM 
I can't get the sample to work. It says: "Token encryption is required but no encrypting certificate is configured for the relying party." And since I am using the key above, there is no exncryption certificate present. Please help. I am having a hard time getting AppFabric to work, allthough Microsoft claims it is soooo easy... :/

SudipPujari Sep 30, 2010 at 6:25 AM 

I have resolved the error. Actually I was passing wrong user name which was specified in Credential Name which is under Service Identity -><Select your service Identity> -> Credentials. Which is wrong.

Actually it should be Service Identity Name which is under Service Identity -><Select your service Identity> -> Service Identity Details.


SudipPujari Sep 30, 2010 at 5:46 AM 

I am trying this lab and have downloaded the sample application too. But, when I try to run the Client it is giving me error "The remote server returned an error: (401) Unauthorized."

rsdev5 Aug 19, 2010 at 8:54 AM 

Very good doc but I can't get it to work.

I have 2 problems:
1. Clicking on Certificates and Keys shows an error: "Sorry, an unexpected error occurred while processing your request."
2. When I use 'acssample' as the wrap user (after creating a Service Identity with that name) I get an exception saying:

Even though I see it on the portal.

Am I missing something?