WCF Certificate Authentication Readme 

This sample illustrates how to authenticate to ACS using a client certificate and obtain access to a WCF relying party. It includes a WCF service and a WCF client as command line applications. The WCF service requires a SAML token from the ACS certificate endpoint. The client follows the service binding to request a token from ACS using WS-Trust protocol with a client certificate registered with ACS. The code for this sample is in the Acs2CertificateBindingSample folder of the ACS 2.0 Samples package.

Prerequisites

To run this sample, you will need:

  1. To create an account at http://windows.azure.com and create an Access Control Service namespace. 
  2. Visual Studio 2010 (any version)

See Prerequisites for more details. Note that it may be beneficial to walk through the Getting Started sample before running this sample.

Configuring the Sample

The ACS configuration required for this sample can be performing using either the ACS management portal, or the ACS management service.

Option 1: Configuring via the ACS Management Portal

1. Open a browser and navigate to http://windows.azure.com and sign in. From there, navigate to the Service Bus, Access Control, and Caching section to configure your ACS service namespace. Once you have created a namespace, select it and click Manage > Access Control Service at the top of the page. This should launch the following page in a new window:  

 

 

 2. Next, register your application with ACS by creating a Relying Party. Click the Relying Party Applications link on the main page, then select Add and enter the following information in the subsequent form

  • In the Name field, enter "Certificate Binding Sample RP"
  • In the Realm field, enter "http://localhost:7000/Service/Default.aspx" 
  • In the Token encryption policy field, select "Require Encryption"
  • In the Identity Providers field, uncheck any selected identity providers

When complete, click the Save button and then navigate back to the main page

  

3. With your relying party application registered, it is now time to create the rules that determine the claims that ACS will issue to your application. In this sample we will create a rule that passes through any claim received by ACS. To do this, navigate to the main portal page and select Rule Groups. From there, select the Default Rule Group for Certificate Binding Sample. Add a new rule, similar to the following:

4. The last step is registering the certificate for the client application to use. To configure a new client certificate, select the Service Identities link on the main portal page. Click Add and enter a name, add a Credential Type of X.509 Certificate, and browse for the ACS2ClientCertificate.cer file in the Certificates folder of this sample. Click Save and return to the main portal page.

Option 2: Configuring via the ACS Management Service

 The Visual Studio sample solution has a console application called ConfigureSample which uses the ACS Management Service and the common helpers defined in the Common class library. This application can be used to configure your ACS service namespace for use with this sample.

1.      Update the Common class library with information about your Service Namespace. Open SamplesConfiguration.cs and enter your:

 

·        ServiceNamespace - This is the namespace used with ACS.

·        ManagementServiceIdentityName - This is a management service account’s Name 

·        ManagementServiceIdentityKey - This is the password associated with the management service account.

·        AcsHostUrl - This is the host name of the ACS

 

2. Run the ConfigureSample application in Visual Studio, which will configure ACS to run this sample 

 Running the Sample

1. Now that ACS is configured, open the sample in Visual Studio. The solution consists of two projects: WcfService and WcfClient

2. If you did not do so during configuration, enter your Service Namespace details in Common\SamplesConfiguration.cs. See step 1 of “Option 2: Configuring via the ACS Management Service” above.  This file is also used by the WcfService and WcfClient projects.

3. It is time to run the sample! Start the WcfService, then start the WcfClient. At the client, enter a string to reverse. After entering that information, the Client console window should show output similar to the following:

Last edited Apr 16, 2011 at 5:43 AM by asmalser, version 20

Comments

No comments yet.