Securing Windows Azure Distributed Application Using AppFabric Access Control Service (ACS) v2 – Scenario and Solution Approach

Artikel
03/16/2011

This post is a continuation of How To: Configure Windows Azure Web Role ASP.NET Web application for Federation with Access Control Service (ACS) v2

Scenario

Consider the following canonical scenario for distributed applications deployed to Windows Azure:

Windows Azure Application Scenario

Key characteristics:

End users access the the ASP.NET web app via browser.
ASP.NET web app is deployed to Windows Azure Web Role.
WCF Service is deployed to another Windows Azure Web Role.
ASP.NET web access the WCF service as a downstream service.

Challenges:

How to authenticate end users to ASP.NET web app?
How to implement authorization access checks at the ASP.NET web app?
How to authenticate web app’s calls to WCF service?
How to implement authorization access checks at the WCF service?
How to manage identities and their credentials outside the application?

Solution

Solution summary:

Use ACSv2 to implement federated authentication for end users – reusing existing authentication and identity management mechanisms
Use ACSv2 to manage identities for accessing WCF service
Use Windows Identity Foundation (WIF) to implement authorization access checks at ASP.NET web application
Use Windows Identity Foundation (WIF) to implement authorization access checks at WCF service

Authenticaiton and Authorization w/ACSv2 in Azure apps