Home/ Questions/Q 6244281
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T12:17:59+00:00

I’ve a wcf service deployed to the cloud. Could anyone guuide me through best

  • 0

I’ve a wcf service deployed to the cloud. Could anyone guuide me through best practices on how I can secure the end point in azure please?

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In my opinion, the easiest approach is to use the AppFabric Access Control Service (ACS) to generate a Secure Web Token (SWT) that you pass to the WCF service via an authorization HTTP header. In the service method, you can then read and validate the SWT from the header.

    It’s pretty straightforward, particularly if you create proxies dynamically rather than using Service References.

    This is how I get the SWT from ACS:

    private static string GetToken(string serviceNamespace, string issuerKey, string appliesto)
{
    WebClient client = new WebClient();

    client.BaseAddress = String.Format("https://{0}.accesscontrol.windows.net", serviceNamespace);
    client.UseDefaultCredentials = true;

    NameValueCollection values = new NameValueCollection();

    values.Add("wrap_name", serviceNamespace);
    values.Add("wrap_password", issuerKey);
    values.Add("wrap_scope", appliesto);

    byte[] responseBytes = client.UploadValues("WRAPv0.9", "POST", values);

    string response = System.Text.Encoding.UTF8.GetString(responseBytes);

    string token = response
                        .Split('&')
                        .Single(value => value.StartsWith("wrap_access_token=", StringComparison.OrdinalIgnoreCase))
                        .Split('=')[1];

    return token;
}

    issuerKey, as it was referred to in ACS v1 is now the Password from the Service Identity in ACS v2.

    To call the service:

    string accessToken = GetToken(serviceNamespace, issuerKey, appliesto);

string authHeaderValue = string.Format("WRAP access_token=\"{0}\"", HttpUtility.UrlDecode(accessToken));

// TInterface is the service interface
// endpointName refers to the endpoint in web.config
ChannelFactory channelFactory = new ChannelFactory<TInterface>(endpointName);

TInterface proxy = channelFactory.CreateChannel();

OperationContextScope scope = new OperationContextScope(proxy as IContextChannel);

WebOperationContext.Current.OutgoingRequest.Headers.Add(HttpRequestHeader.Authorization, authHeaderValue);

// Call your service
proxy.DoSomething();

    On the service-side, you extract the token from the header and validate it. I can find out the code for that, if this looks like the approach you want to take.

    Try this blog post by Alik Levin as a good starting point.

    • 0