I’m struggling with securing IIS hosted svc WCF service hosted in Azure using WIF and ACS.
I found lot of how-tos here:
http://msdn.microsoft.com/en-us/library/gg185939.aspx
I’m particularly interested in those describing how create secure WCF service and authenticate using certificate or username/password.
Now the ACS definition part is pretty clear. But when it comes to securing the service itself I struggle. I’m using WebRole and SVC file to expose the service and the configuration in how-to is done in code and I guess it won’t work with azure webrole as well.
Any help on how to get this combination working would be much appreciated!
Just a small clarification: if you rely on ACS then the authentication (in whatever form: certs / username/password, etc) will happen in ACS, not in your app. Your WCF service will simply expect a token issued by ACS and will remain largely ignorant of the type of authentication used.
Also, the actual implementation depends on whether you are creating a SOAP service or a REST one. Typically you have different token formats and protocols involved (e.g. SAML vs SWT, etc.)
Besides the how-tos you mentioned, take a look at the samples in this guide. Especially these:
http://msdn.microsoft.com/en-us/library/hh446528.aspx
http://msdn.microsoft.com/en-us/library/hh446531.aspx
Hope it helps