How does a client WPF application authenticate with a WCF service on Azure?

Asked 20/9, 2011 at 13:38 Answered 3/3, 2014 at 12:54

I'm currently considering creating an application to deploy to the azure cloud. The main reason for considering Azure over Amazon is the access control service. I want to accept as many different credential types as possible for my application, especially Facebook.

Some of the user's will be using the HTML based application, others a WPF client application. The question is, how do I authenticate the client using whichever provider they want and then communicate with the WCF service. I'm guessing I need to use the web-browser component in my application, or pop-up an external browser (ideally support both options for paranoid users), but I'm not clear how to then use that connection for the WCF service.

Edwards answered 20/9, 2011 at 13:38 Comment(4)

+1 Interesting question. I am not sure there is an easy answer, but I will be watching this one. – Accentuation 20/9, 2011 at 13:42

Just found msdn.microsoft.com/en-us/… which might turn out to be useful, I'm reading it now. – Edwards 20/9, 2011 at 14:3

Unfortunately the out of browser example uses username and password so wouldn't support facebook – Edwards 20/9, 2011 at 14:42

Check out Vittorio Bertocci's Blog (Otherwise known as Captain Identity). If you can do it it will be on there. There is a post showing you how to do this in metro. blogs.msdn.com/b/vbertocci – Accentuation 20/9, 2011 at 16:8

Consider separating the authentication of the user to the application from the authentication between application and WCF service.

To secure access to the WCF service, you can use the ACS to implement authentication using a Simple Web Token (SWT). There are several examples of this available through your search engine of choice.

Sorry I can't give you a more concrete example at the moment. I'm mobile with an i-device and thus have limited access to tools.

Leede answered 20/9, 2011 at 15:27 Comment(1)

The WCF service needs to know who the user is, and be able to guarantee it's authenticity, I'm not entirely clear on how your solution is meant to provide that. Does the SWT authenticate the app or the user? – Edwards 21/9, 2011 at 9:1

I think your intend is some how Authenticate/Authorize users for this WCF service right? In this case you can look at the "Windows 7 phone application" sample: http://msdn.microsoft.com/en-us/library/gg983271.aspx. In here you will see that this sample is using "javascriptnotify" protocol.

For WPF WebBrowser control there are many articles which describe how to get notifications from the javascript in the DOM.

This way you can get a token for your WPF application and then you will need to use the same token to authenticate to WCF service.

In the case of the Web Application you can get the token from WSFam module. One way to do this might be registering for SecurityTokenReceived event on WSFam.

This way for both scenario you can end up with a SAML token.

Then you can author your own custom SAML TokenProvider for the WCF and use the SAML token you got from ACS to talk to your server.

Antennule answered 20/9, 2011 at 21:17 Comment(0)

What you're looking for is called 'active federation'. See this question

Typically, your web clients will use the passive form, in which they are redirected to a login page owned by a Security Token Service. You can't redirect a wpf or winforms application, so your application needs to go through the motions that your browser does behind the scenes for you, including negotiating and caching the security token you receive from the STS and then presenting it on each request.

Misdeem answered 3/3, 2014 at 12:54 Comment(0)

Recommended topics

Hot tags