Windows Azure : Programming Access Control Service (part 1)

1. Creating an ACS solution Using SWT

In this example, you learn to use ACS to protect access to a REST web service. Consider an example in which you're exposing a web service named ACSMachineInfo that returns simple machine information to the clients. You want to offer this web service to as wide an audience as possible without worrying about maintaining authentication and authorization for each user. But because this service is part of an enterprise offering, you want the users accessing the service to be authenticated and authorized. ACS can abstract the authentication and authorization logic for your service by offering a generic claims-mapping engine between identity providers and your web service. Your web service is authentication provider agnostic and only accepts SWT tokens and claims issued by ACS to your web service. You web service is configured to trust tokens issued by ACS and only authorizes users adhering to the claims issued by ACS. Figure 1 illustrates the high-level architecture of the interaction between your web service, ACS, and the service consumer client.

Figure 1. ACS with SWT architecture

Figure 1 is common architecture for using ACS with web services.

Figure 2. ACS using SWT solution folder

In Figure 2, the service project represents the web service that is protected by ACS, the client project is the web service consumer, and the ACSAuthManager is a utility class library project with utility classes for validating tokens in WCF.

The operations supported by the web service and the roles that can access them are listed in Table 1.

Only Administrators are allowed to access EncodeString(). All other methods can be accessed by the User and Administrator roles. After you've designed the authorization scheme for your web service, you can proceed with the standard steps required to integrate your web service with ACS and make it available to consumer applications.