WCF (SOAP) Service With Federated Authentication, Identities In Active Directory

WCF (SOAP) Service With Federated Authentication, Identities In Active Directory

Back to Windows Azure Active Directory Solutions For Developers 



Scenario

In this scenario you have WCF service that exposes SOAP endpoint. It needs to authenticate requests based on issued SAML tokens. Identities and their credentaitlas are managed in corporate Active Directory (AD).

  • WCF Services exposes SOAP endpoint.
  • Authenticates requests based on issued tokens.
  • Tokens are of SAML format.
  • Identities are in corporate Active Directory (AD)

Solution Approach

Windows Azure AppFabrice Access Control Service (ACS) and ADFS are  used to solve this scenario.  

  • ACS does not manages Service Identities (SI) and its credentials
  • Authentication is accomplished via ADFS
  • WIF is used on the agent (WCF client) end to request the token from ACS and send it to the WCF service.
  • WIF is used on the WCF service end to validate and parse the token issued by ACS

Analysis

In this solution an agent (WCF client) uses WIF to send request directly to ACS requesting a SAML token based on the credentials which which are managed in corporate Active Directory. The identities are available through AD FS. Credentials type is controlled by AD FS which returns valid SAML token upon successful authentication.  For more details on tokens read Token Formats Supported in ACSACS issues the SAML token upon successful validation of the SAML token issued by AD FS. The agent sends the token to the WCF service where it is validated and parsed using WIF. For more info read Web Services and ACS. ACS does not manage service identities and their credentials using Service Identities entities.

How-To's

Code Samples

Resources

Leave a Comment
  • Please add 2 and 8 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Carsten Siemens edited Revision 11. Comment: fixed typo

Page 1 of 1 (1 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Carsten Siemens edited Revision 11. Comment: fixed typo

Page 1 of 1 (1 items)