TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Microsoft Edge
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Skype for Business
See all products »
Resources
Channel 9 Video
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Windows Update
Trials
Windows Server 2016
System Center 2016
Windows 10 Enterprise
SQL Server 2016
See all trials »
Related Sites
Microsoft Download Center
Microsoft Evaluation Center
Drivers
Windows Sysinternals
TechNet Gallery
Training
Expert-led, virtual classes
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
Microsoft Official Courses On-Demand
Certifications
Certification overview
Special offers
MCSE Cloud Platform and Infrastructure
MCSE: Mobility
MCSE: Data Management and Analytics
MCSE Productivity
Other resources
Microsoft Events
Exam Replay
Born To Learn blog
Find technical communities in your area
Azure training
Official Practice Tests
Support options
For business
For developers
For IT professionals
For technical support
Support offerings
More support
Microsoft Premier Online
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sign in
Home
Library
Wiki
Learn
Gallery
Downloads
Support
Forums
Blogs
Resources For IT Professionals
United States (English)
Россия (Pусский)
中国(简体中文)
Brasil (Português)
Skip to locale bar
Post an article
Translate this page
Powered by
Microsoft® Translator
Wikis - Page Details
First published by
Alik Levin
When:
12 Sep 2011 12:29 PM
Last revision by
Richard Mueller
(MVP, Microsoft Community Contributor)
When:
30 Oct 2013 8:42 PM
Revisions:
12
Comments:
3
Options
Subscribe to Article (RSS)
Share this
Engage!
Wiki Ninjas Blog
(
Announcements
)
Wiki Ninjas on Twitter
TechNet Wiki Discussion Forum
Can You Improve This Article?
Positively!
Click Sign In to add the tip, solution, correction or comment that will help other users.
Report inappropriate content using
these instructions
.
Wiki
>
TechNet Articles
>
Calling REST Service On Behalf Of End User - OAuth 2.0 Delegation
Calling REST Service On Behalf Of End User - OAuth 2.0 Delegation
Article
History
Calling REST Service On Behalf Of End User - OAuth 2.0 Delegation
Back to
Windows Azure Active Directory Solutions For Developers
Table of Contents
Scenario
Solution Approach
Analysis
How To's
Code Samples
Resources
Scenario
In this scenario you are developing an application where the end user consumes a web site which needs to access services that require authentication for the end user and in turn apply authorization logic for authenticated users.
Internet facing web applications.
Heterogeneous browsers running on heterogeneous client machines possessed by end users.
Each application manages identities independently.
Each application developed using different development technologies (.Net, Java, PHP, etc.).
Each service exposes its functionality via RESTful web services endpoints.
Aggregator solution is a web application developed using Microsoft’s .Net technology.
There are significant challenges (technological or legal) to synchronize identities between the applications.
The aggregator application needs to reuse current identification and authentication processes without compromising it.
Solution Approach
Microsoft Windows Identity Foundation OAuth Helper Components offer implementation of building blocks to enable end user delegated authorization for RESTful architectures. It follows OAuth 2.0 protocol recommendations.
OAuth client
. OAuth client resides on 3rd party aggregating web site requesting to work on behalf of the end user. Responsible for requesting an OAuth token from Authorization Server and submitting the token to Protected Resource along with actual request for data.
Authorization Service
. Authorization Service is responsible for accepting requests from the OAuth 2.0 clients for authorization and refresh tokens. From OAuth 2.0 specification: “A server capable of issuing tokens after successfully authenticating the resource owner and obtaining authorization. The authorization server may be the same server as the resource server, or a separate entity.” ACS plays the role of Authorization Service.
Resource protection component
. Resource protection component resides on Protected Resource side and responsible for parsing incoming tokens. The outcome of the parsing the token is either denying or granting access to the Protected Resource requested by the aggregator application on behalf of the end user.
UI consent pages.
UI consent pages is responsible for accepting end user’s credentials for submitting it to original identity management system, and for asking user’s consent for using his or her information from the original system.
Analysis
Refer to the whitepaper available as part of the available download in resources section.
How To's
How To: Authenticate to a REST WCF Service Deployed to Windows Azure Using ACS
Code Samples
Code Sample: OAuth 2.0 Delegation
Resources
Windows Identity Foundation Extension for OAuth CTP Version 1-4 for production