TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Microsoft Edge
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Skype for Business
See all products »
Resources
Channel 9 Video
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Windows Update
Trials
Windows Server 2016
System Center 2016
Windows 10 Enterprise
SQL Server 2016
See all trials »
Related Sites
Microsoft Download Center
Microsoft Evaluation Center
Drivers
Windows Sysinternals
TechNet Gallery
Training
Expert-led, virtual classes
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
Microsoft Official Courses On-Demand
Certifications
Certification overview
Special offers
MCSE Cloud Platform and Infrastructure
MCSE: Mobility
MCSE: Data Management and Analytics
MCSE Productivity
Other resources
Microsoft Events
Exam Replay
Born To Learn blog
Find technical communities in your area
Azure training
Official Practice Tests
Support options
For business
For developers
For IT professionals
For technical support
Support offerings
More support
Microsoft Premier Online
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sign in
Home
Library
Wiki
Learn
Gallery
Downloads
Support
Forums
Blogs
Resources For IT Professionals
United States (English)
Россия (Pусский)
中国(简体中文)
Brasil (Português)
Skip to locale bar
Post an article
Translate this page
Powered by
Microsoft® Translator
Wikis - Page Details
First published by
Todd Foust
(Microsoft)
When:
4 Feb 2012 10:20 PM
Last revision by
João Eduardo Sousa
(MVP, Microsoft Community Contributor)
When:
8 Jun 2014 5:34 PM
Revisions:
15
Comments:
4
Options
Subscribe to Article (RSS)
Share this
Engage!
Wiki Ninjas Blog
(
Announcements
)
Wiki Ninjas on Twitter
TechNet Wiki Discussion Forum
Can You Improve This Article?
Positively!
Click Sign In to add the tip, solution, correction or comment that will help other users.
Report inappropriate content using
these instructions
.
Wiki
>
TechNet Articles
>
ASP.NET Relying Party to WCF (SOAP) Relying Party Delegation With Windows Live ID
ASP.NET Relying Party to WCF (SOAP) Relying Party Delegation With Windows Live ID
Article
History
ASP.NET Relying Party to WCF (SOAP) Relying Party Delegation With Windows Live ID
Back to
Windows Azure Active Directory Solutions For Developers
Table of Contents
Scenario
Solution Approach
Analysis
How To's
Code Samples
Resources
Scenario
In this scenario you are developing a distributed application that includes front end ASP.NET web app and the downstream WCF (SOAP) web service. The identities are managed using Live ID. To access the front end ASP.NET web app users need to authenticate using their Live ID credentials. End user context generated based on Live ID authentication needs to flow all the way down to the down stream WCF service.
Distributed application - front end ASP.NET web app and downstream WCF (SOAP) Service
Identities managed using Live ID
End user identity needs to flow to the down stream WCF service
Solution Approach
ACS and WIF are used to solve this scenario. In order to accomplish this task you need to develop Custom STS for both ASP.NET web app (passive) and the WCF service (active) using Windows Identity Foundation (WIF). Custom STS is federated with Windows Azure Access Control Service (ACS) and performs token transformation tasks.
Analysis
This solution requires development of custom code - Custom STS. Review below the data flow below performed during the sign in process and how the security context in form of the token is flown through the tiers to the downstream WCF service.
Message Flow
Client browser sends a HTTP GET request to a claims aware ASP.NET web application at https://localhost/ClaimsAwareASPX/default.aspx
WIF intercepts that request and detects that the request does not have the proper security token so WIF redirects the user to the configured issuer, CustomSTS, at https://localhost/CustomSTS/default.aspx
The CustomSTS federates with Windows Azure ACS so the user is redirected to Windows Azure
Windows Azure has a relying party trust for the CustomSTS, with Windows Live ID as the identity provider so the user is redirected to Windows Live to login for authentication
The user has been authenticated with Live ID and now has security token with a set of claims added by Windows Live ID. For step five here it’s actually not a direct call from Live ID to Azure, that implementation actually goes back to the client browser and the immediately redirected back to Azure
Azure accepted the security token from LiveID, performs its authorization, adds or manipulates claims if configured and then redirects the browser back to the CustomSTS passive endpoint.
The browser presented a valid security token to our CustomSTS passive endpoint, so the CustomSTS performs any authorization and also has an opportunity to add more or manipulate the set of claims and then redirects the client browser back to the ASPX relying party application but this time with an issued and trusted security token
In this step the code inside default.aspx of our ASPX relying party begins to run. Inside the Page_Load event we attempt to call to the backend claims aware WCF service. The WIF and WCF configurations require the ASPX client to make a WS-Trust call to the active endpoint of our CustomSTS to get a required security token before talking with the backend WCF service. The ASPX page passes in the bootstrap token in that call to the CustomSTS active endpoint
The CustomSTS Active endpoint (ActAsIssuer.svc) authenticates the caller using ws2007httpbinding, does any desired authorization, and then issues a security token with a set of claims for the bootstrap token user. Our sample adds two more claims to this list and returns the security token back to the ASPX client
The ASPX client now has the required security token to call our backend WCF Service. The call is made.
The WCF service method executes, it simply enumerates the set of incoming claims that are populated by WIF using the incoming security token on the IClaimsIdentity object and returns the set of claims as a generic list
The ASPX relying party app now gets the set of claims returned from our WCF service method and then dumps out the set of claims it received from the CustomSTS passive endpoint and then also dumps out the set of claims it received from the WCF service method all and displays it on the page to the browser client.
How To's
Federating LiveID Walkthrough
Code Samples
Federate Windows Live ID - ASP.NET RP to WCF RP identity delegation with LiveID
Resources
ACS How To's
ACS Code Samples Index
ASP.NET Portal