The Identity and Access Add-In to Visual Studio does a great job of securing a web site with a variety f mechanisms including Azure ACS. I was bitterly disappointed to find it did not offer the same ability for a Web Service.
In the end my salvation came by using the Sentinet Service Repository which does allow me to virtualize the web service and can include authentication with ACS. It does so using binding configuration and this extract does the job of providing ACS authentication. Note that you need to be using HTTPS protocol.
I've not had a chance yet to add this directly to a web service to see if it works. My hope is that just adding it will be enough and then all I need to do is pass in the user name and password when I call the web service. What ACS will do is produce a SAML token which will be encrypted within the SOAP message.
<bindings>
<customBinding>
<binding name="IssuedToken">
<security authenticationMode="IssuedToken">
<issuedTokenParameters>
<issuerMetadata address="https://mynamespace.accesscontrol.windows.net/v2/wstrust/mex" />
<issuer address="https://mynamespace.accesscontrol.windows.net/v2/wstrust/13/username" binding="ws2007HttpBinding" bindingConfiguration="AcsBinding" />
</issuedTokenParameters>
</security>
<httpTransport />
</binding>
</customBinding>
<ws2007HttpBinding>
<binding name="AcsBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
This is some sample code for a client console application calling a WCF web service that is secured with Windows Azure Access Control Service. In fact all I need is to pass the username and password in the client credentials and my web service will do the authentication for me. If I supply an incorrect password then a MessageSecurityException is created so I need to ensure I have captured that an handled it in some way.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace ACE.TestClient.ACS
{
class Program
{
static void Main(string[] args)
{
try
{
VirtualService.VirtualInterfaceClient c = new VirtualService.VirtualInterfaceClient();
c.ClientCredentials.UserName.UserName = "MyService";
c.ClientCredentials.UserName.Password = "Hydrogen1";
VirtualService.Event input = new VirtualService.Event() { Date = DateTime.Now, Id = "123", Name = "Peter Rabbit" };
string result = c.PostEvent(input);
Console.WriteLine("Service Returned: " + result);
}
catch (System.ServiceModel.Security.MessageSecurityException mex)
{
Console.WriteLine("Failed to authenticate." );
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
}
}
