I'm trying to implement ACS for WCF Service Application(For using Google, Facebook for Authentication). I configured my ACS in Azure Portal and I tried the way of adding STS Reference for WCF Service Application(This is the way generally used of web application). Is this the correct way or do we need to add any more specifications for it?
I have gone through many samples but couldn't understand..
If possible can any one provide a small example with snapshots..
Please help me in right path...
Thanks in Advance...
Related
I have to use a number of functions provided by a government web service. I have no idea what they used to implement this service. Could have been COBOL for all I know.
My problem is that I've been trying to access this service using the security features provided by WSE3.0 but have had no luck. I'm consistently getting errors regarding the certificates.
After some research I've realized that WSE3.0 is essentially defunct and I should be using WCF. But, I'm only writing a client and most literature seems to refer to the services themselves.
Is there even such a thing as using 'WCF' to write a client? Should it matter which I use?
Thanks in advance.
Sure, WCF is a great choice for writing a web service client. Here is how to create the client ("add service reference"). After this you need to create the binding (just like in the service samples).
Masters,
I am new to WCF but aware about Web API's [Authorize] attribute.
Same i want to duplicate for WCF REST basic authentication service, Expecting as the security header will pass in every subsequent request once authenticated.
We target to make Restful service using webHttpBinding. Please provide any relevant example to achieve this. Also we target to run same on Https then.
Things seems much simpler in Web API but not in WCF.
I googled and get some answers like
Something like an operation filter in WCF REST?
Can anybody give me simpler way to achieve this very straight forward as we do in Web API.
Thanks.
There's some nice article and projects for activating authentication in WCF:
http://blogs.msdn.com/b/pedram/archive/2007/10/05/wcf-authentication-custom-username-and-password-validator.aspx
http://www.codeproject.com/Articles/36289/8-steps-to-enable-windows-authentication-on-WCF-Ba
And then: http://msdn.microsoft.com/en-us/library/bb398990.aspx
Edit:
See this article: Custom Basic Authentication for RESTful services
Hope helps.
I have a monotouch application that currently calls a hosted WCF service in IIS using ssl and basic authentication. I need to move this wcf service to Azure and am confused on the best security practice. I've read to use ACS, but I can't find any examples of using that setup with monotouch and am not sure it will work. Does anyone have any examples or suggestions with calling a WCF service from monotouch securely in azure?
Thanks, Ben
I am not familiar with MonoTouch. But as far as the service side is concerned, you can continue to use SSL and basic authentication. Note by default IIS basic authentication require Windows credential. Since it works locally, I think you’ve already implemented a custom basic authentication module. Another area to note is it needs additional steps to support SSL in Windows Azure. You can refer to http://msdn.microsoft.com/en-us/gg271302 for a tutorial. ACS is usually used if you want to support claim based authorization.
Best Regards,
Ming Xu.
I'm struggling with securing IIS hosted svc WCF service hosted in Azure using WIF and ACS.
I found lot of how-tos here:
http://msdn.microsoft.com/en-us/library/gg185939.aspx
I'm particularly interested in those describing how create secure WCF service and authenticate using certificate or username/password.
Now the ACS definition part is pretty clear. But when it comes to securing the service itself I struggle. I'm using WebRole and SVC file to expose the service and the configuration in how-to is done in code and I guess it won't work with azure webrole as well.
Any help on how to get this combination working would be much appreciated!
Just a small clarification: if you rely on ACS then the authentication (in whatever form: certs / username/password, etc) will happen in ACS, not in your app. Your WCF service will simply expect a token issued by ACS and will remain largely ignorant of the type of authentication used.
Also, the actual implementation depends on whether you are creating a SOAP service or a REST one. Typically you have different token formats and protocols involved (e.g. SAML vs SWT, etc.)
Besides the how-tos you mentioned, take a look at the samples in this guide. Especially these:
http://msdn.microsoft.com/en-us/library/hh446528.aspx
http://msdn.microsoft.com/en-us/library/hh446531.aspx
Hope it helps
Most probably you need to use a HttpModule to secure your service. The primary responsibility of this module is to read the Authorization header and create the claims.
Also make sure in the web.config tag should contain
You can get the code for HttpModule from the below sample.
http://acs.codeplex.com/wikipage?title=ACS%20Windows%20Phone%20Sample
Look at the ProtectedResourceModule.cs
Joy
I have an Excel add-on which connects to a WCF endpoint located in our network to collect data. We're considering moving the application out to Windows Azure.
Currently the users are authenticated using their windows log on. I know that WIF, ACS and ADFS can allow us to authenticate on a web app but wondered if this would be possible with the WCF client.
Thanks
See here: Securing WCF Services with ACS
Also ACS and the code samples within.
If you are looking for delegation i.e. sign on using WIF and use that token for WCF, there's a delegation scenario and sample in the WIF SDK.