1. Creating an ACS solution Using SWT
In this example, you learn
to use ACS to protect access to a REST web service. Consider an example
in which you're exposing a web service named ACSMachineInfo that
returns simple machine information to the clients. You want to offer
this web service to as wide an audience as possible without worrying
about maintaining authentication and authorization for each user. But
because this service is part of an enterprise offering, you want the
users accessing the service to be authenticated and authorized. ACS can
abstract the authentication and authorization logic for your service by
offering a generic claims-mapping engine between identity providers and
your web service. Your web service is authentication provider agnostic
and only accepts SWT tokens and claims issued by ACS to your web
service. You web service is configured to trust tokens issued by ACS
and only authorizes users adhering to the claims issued by ACS. Figure 1 illustrates the high-level architecture of the interaction between your web service, ACS, and the service consumer client.
Figure 1
is common architecture for using ACS with web services.
In Figure 2,
the service project represents the web service that is protected by
ACS, the client project is the web service consumer, and the
ACSAuthManager is a utility class library project with utility classes
for validating tokens in WCF.
The operations supported by the web service and the roles that can access them are listed in Table 1.
Table 1. Web Service Operations and Roles
Operation | Roles That Can Access the Operation |
---|
GetMachineName() | User, Administrator |
GetUserDomainName() | User, Administrator |
GetOSVersion() | User, Administrator |
EncodeString() | Administrator |
Only Administrators are
allowed to access EncodeString(). All other methods can be accessed by
the User and Administrator roles. After you've designed the
authorization scheme for your web service, you can proceed with the
standard steps required to integrate your web service with ACS and make
it available to consumer applications.