Web Services and Identity in Windows Azure

This article is a step by step guide that will help you to use claims-based identity for handling authentication and access management for your WCF services hosted in Windows Azure; it will show you how you can still take advantage of local identities for authenticating your users, despite the fact that your services are now hosted in the cloud. The lab will walk you through all the practicalities of taking advantage of the unique characteristics of the Windows Azure environment from your Windows Identity Foundation settings.

Overview

Windows Identity Foundation can simplify access to your Windows Communication Foundation (WCF) services, by providing the usual claims-based identity arsenal of good practices: authentication externalization, location independence, decoupling from credential types and many others. There is no reason for you not to enjoy the same advantages when you host your WCF services in Windows Azure: there are few practicalities that are intrinsic to the hosting platform, but the steps you need to follow are largely the same whether you are deploying your services on-premises or in the cloud. If you want to be fully aware of the differences between the two cases, you can optionally go through the lab “Web Services and Identity” and learn about how to use WCF and WIF on-premises before starting the current lab: please note that it is entirely optional, as this HOL is self-contained and independent.

This lab is a step by step guide that will help you to use claims-based identity for handling authentication and access management for your WCF services hosted in Windows Azure; it will show you how you can still take advantage of local identities for authenticating your users, despite the fact that your services are now hosted in the cloud. The lab will walk you through all the practicalities of taking advantage of the unique characteristics of the Windows Azure environment from your Windows Identity Foundation settings.

More precisely, you will learn how to:

  • Use Windows Identity Foundation with WCF services hosted in Windows Azure
  • Trusting an on-premises STS from a WCF service hosted in Windows Azure
  • Using WIF & WCF tracing for a WCF service hosted in Windows Azure, taking advantage of blob storage for the traces
  • Configure a WCF service to use load balancing
  • Deploy a WCF service secured via WIF to the Windows Azure cloud

Windows Identity Foundation can do much more than what we cover in this lab: we hope that the skills you will learn here will help you in your further explorations of identity development.

The first lab will show you the process to configure a weather service to trust an on-premises development STS, and run the entire solution in the Compute Emulator. The second lab will add diagnostics and load balancing features to the WCF service implemented in the first lab. Finally, the third lab will walk you through the steps for running the solution to Windows Azure, which trusts an on-premises STS, generates diagnostic logs, and provides load balancing facilities. As shown on the figure below, an already provided client will be used to consume the WCF service running on the Compute emulator and afterwards in Windows Azure.
WebServicesAndIdentityInTheCloudFigure 1A visual summary of what you will build in this lab

Objectives

In this lab, you will learn how to:

  • Use Windows Identity Foundation for handling access to a WCF service hosted in the Windows Azure DevFabric by reusing on-premises identities
  • Add STS references on a WCF service hosted in Windows Azure
  • Add service references to a client which points to a WCF service hosted in Windows Azure
  • Configure a WCF service to emit WIF and WCF traces in blob storage, and retrieve traces for offline analysis
  • Provide custom SecurityTokenHandler and ServiceBehavior classes for enabling a WCF service to take advantage of load balancers
  • Deploy to the Windows Azure staging and production evnironments a WCF service secured via WIF

Exercises

The following exercises make up this hands-on lab:

  1. Using the Windows Identity Foundation with a WCF Service in Windows Azure
  2. Adding Diagnostics and Load Balancing
  3. Deploying the WCF Service to Windows Azure
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s