.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal

Home >> Articles >> Azure >> Post New Resource Bookmark and Share   

 Subscribe to Articles

Windows Azure - AppFabric Access Control Service Programming : Azure Part 42

Posted By:Jean Paul       Posted Date: May 09, 2012    Points: 200    Category: Azure    URL: http://www.dotnetspark.com  

In this article we are going to experiment the Access Control feature using a Web Role. This article is a continuation of the Access Control feature in Azure AppFabric.

Windows Azure - AppFabric Access Control Service Programming
In this article we are going to experiment the Access Control feature using a Web Role.  This article is a continuation of the Access Control feature in Azure AppFabric. 
You can refer the previous articles here:
This article requires the following SDK and Runtime installations.
Now we are ready to proceed with creating the following:
  • New Namespace for Access Control Service
  • New Identity Provider
  • New Rule Group
We are performing the following activities in this article:
  • Create a Web Role
  • Register the Web Role in Relying Party Applications
  • Get the path of WS-Federation Metadata
  • Configure STS for the web role
  • Test the Application
Create a Web Role
Create a new Azure Project and add a web role into it.  Now run the application and copy the url from the browser.

It should be like:
Registering with the Relying Party Applications
Now we are ready with the url to register witht the Relying Party Applications.  For open the Access Control Service portal. 
Select the Relying Party Applications item from the left pane.  You will see the following screen.

Now click on the Add button to add the new relying party details.

Application Name: Web Role Application
Return Url:
Rule Groups: Check already created MyRuleGroup
You can leave the other options unchanged to default and click the Save button which is visible at the bottom of the page.
Get the path of WS-Federation Metadata
The WS-Federation Metadata contains information about the relying party.  It is a well configured schema xml according to the WS-Federation standards.  We can get the url of our metadata xml file from the portal. (we can also specify the content, but for our article the url is better)
Use the access control address (https://YourNameSpace.accesscontrol.windows.net) to open and sign in to it.  From the left side link under Development you can see an Application Integration item.

Click on it to open the screen and copy the XML path as highlighted.  We will be needing this path in the next step.

Configure STS for the web role
Now we need to configure the Secured Token Service of our web role.  Right click on the web role project and click the option Add STS Reference.  (Enabling this option requires the Pre-Requisites)

The following dialog will be appearing.

In the first text box enter the web.config file path of the web role.  In the second text box enter the url to Defaul.aspx. 
Click the Next button to continue and discard the appearing warning dialog by clicking Yes button.

In the next page of the wizard select the last option Use an Existing STS and paste the WS-Federation Metadata url obtained from the previous step.

After entering the xml path click the Next button to continue.  Leave the default options in the next three wizard pages and click the Finish button.  You will get the following message box.

Now the wizard added the necessary pages, xml files and configuration items.  Still we need to add one tag in the web.config file.
Add the following tag into the web.config file inside the system.web tag.
<httpRuntime requestValidationMode="2.0"/>
Make sure you are entering the tag in the outer system.web section.  There will be 2 system.web sections inside the configuration file.

Without this tag a cross site scripting error will be occurring while authentication.  Make sure you a
Test the Application
Now you are ready to test the application.  Before testing we can have some modification in the Default page to display the login information.
Add reference to the Microsoft.Identity.Model.dll from the Azure SDK folder (eg: C:\Program Files\Windows Azure SDK\v1.5\bin\devfabric)
Open the Default.aspx in design mode and remove the existing text controls. Place a label control and name it to InfoLabel.  In the Page load event add the following code.  The code converts the Identity object of current user into ClaimsIdentity.  We can iterate through the claims items and display the type and value as shown below.
protected void Page_Load(object sender, EventArgs e)
    InfoLabel.Text = string.Empty;

    if (HttpContext.Current.User.Identity != null)
        ClaimsIdentity identity = (ClaimsIdentity)HttpContext.Current.User.Identity;

        foreach(Claim claim in identity.Claims)
            InfoLabel.Text += claim.ClaimType + "=<b>" + claim.Value + "</b><br>";

Now place a button on the page, name it as LogoutButton and add the following code in the click event of it.

protected void LogoutButton_Click(object sender, EventArgs e)
    WSFederationAuthenticationModule fam = FederatedAuthentication.WSFederationAuthenticationModule;



Now we are ready with the application testing.  Press the F5 key for execution and you will be getting the following screen.

Click on the Google button to continue and you will be prompted with the login page of Google.
On successful login we will be returned to the following page.

Now the application is running fine with authentication.   You can try clicking the Logout button to delete the authentication cookies are return to the login page on refresh.
In this article we have seen to integrate a web role with the identity provider configured in the Access Control service.  Our web role is getting prompted with the identity providers automatically through the Access Control Service.  We can add or remove identity providers through the Access Control Service portal without changing the application.  The associated source code contains the web role we discussed.
You can find more information on Web Application integration with Access Control Service here
More information about Claims Aware Application can be referred here.

 Subscribe to Articles


Further Readings:


No response found. Be the first to respond this post

Post Comment

You must Sign In To post reply
Find More Articles on C#, ASP.Net, Vb.Net, SQL Server and more Here

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend