7

I'm currently considering creating an application to deploy to the azure cloud. The main reason for considering Azure over Amazon is the access control service. I want to accept as many different credential types as possible for my application, especially Facebook.

Some of the user's will be using the HTML based application, others a WPF client application. The question is, how do I authenticate the client using whichever provider they want and then communicate with the WCF service. I'm guessing I need to use the web-browser component in my application, or pop-up an external browser (ideally support both options for paranoid users), but I'm not clear how to then use that connection for the WCF service.

ForbesLindesay
  • 10,482
  • 3
  • 47
  • 74
  • 1
    +1 Interesting question. I am not sure there is an easy answer, but I will be watching this one. – David Steele Sep 20 '11 at 13:42
  • 1
    Just found http://msdn.microsoft.com/en-us/IdentityTrainingCourse_SilverligthAndIdentity2010 which might turn out to be useful, I'm reading it now. – ForbesLindesay Sep 20 '11 at 14:03
  • Unfortunately the out of browser example uses username and password so wouldn't support facebook – ForbesLindesay Sep 20 '11 at 14:42
  • Check out Vittorio Bertocci's Blog (Otherwise known as Captain Identity). If you can do it it will be on there. There is a post showing you how to do this in metro. http://blogs.msdn.com/b/vbertocci/ – David Steele Sep 20 '11 at 16:08

3 Answers3

0

What you're looking for is called 'active federation'. See this question

Typically, your web clients will use the passive form, in which they are redirected to a login page owned by a Security Token Service. You can't redirect a wpf or winforms application, so your application needs to go through the motions that your browser does behind the scenes for you, including negotiating and caching the security token you receive from the STS and then presenting it on each request.

Community
  • 1
  • 1
stombeur
  • 2,704
  • 22
  • 45
0

Consider separating the authentication of the user to the application from the authentication between application and WCF service.

To secure access to the WCF service, you can use the ACS to implement authentication using a Simple Web Token (SWT). There are several examples of this available through your search engine of choice.

Sorry I can't give you a more concrete example at the moment. I'm mobile with an i-device and thus have limited access to tools.

Steve Morgan
  • 12,978
  • 2
  • 40
  • 49
  • The WCF service needs to know who the user is, and be able to guarantee it's authenticity, I'm not entirely clear on how your solution is meant to provide that. Does the SWT authenticate the app or the user? – ForbesLindesay Sep 21 '11 at 09:01
0

I think your intend is some how Authenticate/Authorize users for this WCF service right? In this case you can look at the "Windows 7 phone application" sample: http://msdn.microsoft.com/en-us/library/gg983271.aspx. In here you will see that this sample is using "javascriptnotify" protocol.

For WPF WebBrowser control there are many articles which describe how to get notifications from the javascript in the DOM.

This way you can get a token for your WPF application and then you will need to use the same token to authenticate to WCF service.

In the case of the Web Application you can get the token from WSFam module. One way to do this might be registering for SecurityTokenReceived event on WSFam.

This way for both scenario you can end up with a SAML token.

Then you can author your own custom SAML TokenProvider for the WCF and use the SAML token you got from ACS to talk to your server.

Atacan
  • 948
  • 9
  • 10