Tell me more ×
Programmers Stack Exchange is a question and answer site for professional programmers interested in conceptual questions about software development. It's 100% free, no registration required.
up vote 0 down vote favorite
1

Currently, all of our web applications (and the WCF services they interact with) are run internally. Nothing is exposed to the web. We want to open up our web applications to the Internet and will need to secure access to the services.

We have several existing "RESTful" WCF services. We want to secure these services using Windows Azure Access Control Service (ACS) and several possible Identity Providers (Google and one or more Active Directory Federation Services). I want to use JWT as the token format (I know it's in beta in Azure). I'm hoping someone could offer some advice or point me in the direction of good tutorials...everything I read is using ASP.NET WebAPI...and we don't want to use that.

We want to be able to support any client that can parse JSON. Currently, our web apps are just HTML/jquery.

Some guidance would be great. Thanks!

share|improve this question
This would probably best be suited for StackOverflow. But I can provide some guidance here. – Mike Brown May 7 at 13:08
add comment (requires an account with 50 reputation)

1 Answer

up vote 0 down vote

To secure your WCF service using Azure ACS (or Azure Active Directory Services as it's now called), you need to use Windows Identity Foundation (WIF). If you're using .NET 4.5, look at this tutorial here, which walks you through building a WCF service secured by WIF.

Otherwise, look at this tutorial on the Azure Portal, on how to use WIF with .NET 3.5 SP1

Update: the first tutorial has a broken link, here's the actual walkthrough

share|improve this answer
Thanks for your response, but unfortunately, the link you provided doesn't offer any help. It has a link "To build your first claims-aware WCF service using WIF...", but it's a dead link. I've searched all over the last few days and have seen most of the MSDN material out there. There doesn't appear to be a tutorial using WCF, only ASP.NET – Ryan May 7 at 13:27
Thanks, I'll take a look at that link. One thing I know I'll still have to figure out is how to validate a JWT at the service since it isn't built into WIF (only SAML and SWT are). – Ryan May 7 at 13:35
add comment (requires an account with 50 reputation)

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.