0

I am exposing a WCF Data Services hosted on IIS through Service Bus Relay using webHttpRelayBinding. While I could find out how to authenticate the service identity using username/password or shared secret. However, I could not find a sample how to use a certificate based credential for the service identity. I googled a lot, but in vain. All of them are based on shared secret primarily.

Could anyone please provide a sample on how to use the certificate based authentication of service identity for a REST OData service.

Barett
  • 5,826
  • 6
  • 51
  • 55
Raj
  • 1
  • 2
  • To elaborate a bit. Your specific question is: `How can I get a security token from ACS authenticating with service identity and X.509 Certificate`. This is what you do with **ACS**, the rest of the question is `because I want to use the ACS provided token to authenticate against REST OData service`. If is this all correctly understood? – astaykov Apr 11 '13 at 08:40
  • Let me explain the scenario with some more details. I have used relayClientAuthenticationType="RelayAccessToken" while exposing my OData service to Relay. Now I want the service identity credentials used by client to authenticate should use a X509 certificate instead of the secret(256 bit symmetric) key or password. – Raj Apr 11 '13 at 09:49

1 Answers1

0

Currently, there are four options for authentication (according to the Service Bus docs):

SharedSecret, a slightly more complex but easy-to-use form of username/password authentication.

Saml, which can be used to interact with SAML 2.0 authentication systems.

SimpleWebToken, which uses the OAuth Web Resource Authorization Protocol (WRAP)and Simple Web Tokens (SWT).

Unauthenticated, which enables interaction with the service endpoint without any authentication behavior.

It does not look like you are able to authenticate using a certificate through Service Bus natively.

Community
  • 1
  • 1
TheDude
  • 3,796
  • 2
  • 28
  • 51
  • Yes, I know this. But my query was, when a client requests a SWT token from ACS to present to my OData service, the service identity must use X509 certificate as credential. Please refer **Credential Types** section at [http://msdn.microsoft.com/en-us/library/gg185945.aspx](http://msdn.microsoft.com/en-us/library/gg185945.aspx) – Raj Apr 16 '13 at 11:57
  • For service bus, you can access the ACS portal for your namespace in the dialog for the namespace's access key. There you can add a token-signing certificate. – TheDude Apr 16 '13 at 20:17
  • ACS uses token-signing certificates to sign tokens that are issued by ACS to RP. What I am looking for is, the certificate that will used to request ACS to issue that token. If you go to Edit Service Identity page in ACS portal, you could add credential type of Symmetric Key or Password or Certificate. Now, my question is, if I choose Certificate here, how to use that for my OData service. – Raj Apr 17 '13 at 09:25