programming4us
           
 
 
Windows

Windows Azure : Programming Access Control Service (part 2)

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
12/4/2010 11:42:31 AM
1.1. Provisioning Your ACS Account

To use ACS, you have to first create an ACS account from the AppFabric developer portal at http://netservices.azure.com. The provisioning process has changed over the past year from limited early adopter access through tokens to direct commercial access. The AppFabric developer portal directs you appropriately to create new accounts. For the purpose of this exercise, I'm using my own account; but for you to use ACS, you must create your own ACS account. During the provisioning process, you may be asked to create a new project in your account.

1.2. Creating a Service Namespace

In the new ACS account, you can create a new service namespace. In the following examples, I use a namespace named proazure-1 that I created at the beginning of the article. You must create your own service namespace and modify the code accordingly to make it work with your ACS account. Figure 3 shows the service namespace page for the proazure-1 service namespace.

Figure 3. Proazure-1 service namespace
1.3. Designing the Relying Party Claims

When you design a claims-based identity model, one of the important design tasks you must complete is designing claims for the relying party. The relying party is the web service or web application that you want to protect using a claims-based identity model. Most web services and web applications already have some kind of role-based authorization model that defines privileges for end users. In most cases, the role-based authorization model can be easily transformed into a claims-based model by converting the roles to claims; you can keep the privileges the same as in the role-based authorization model. One advantage of moving to the claims-based identity model is that you can remove the end user authentication from your web application. Your web service or web application processes the tokens issued by ACS and validates the claims issued by ACS regardless of the authentication method used to authenticate the end user.

For the ACSMachineInfo web service, Table 7-1 defined the claims expected in the token when an end user accesses the web service. Only two roles are defined: User and Administrator. The Administrator can access all the methods, whereas the User can access only three out of four methods. The web service should not allow any User role to access the EncodeString() method.

NOTE

In the interest of keeping the example conceptual to ACS, it's very simple. You can enhance this example to provide more complex web service scenarios.

1.4. Designing ACS Rules to Map Input Claims to Output Claims

After you design the claims for your web service, you need to design the input and output claims for ACS. In this example, I use only one input token issuer, so the design of the mapping is simple; complex scenarios can mave multiple input claims from multiple issuers that need to be mapped to a single set of output claims expected by the relying party. This example maps the input claim type group to the output claim type action. Table 2 lists the input claim types and values with their corresponding output claim types and values.

Table 2. Claims Mapping
Input Claim TypeInput Claim ValueOutput Claim TypeOutput Claim Value
groupuseractiongetmachinename
groupuseractiongetuserdomainname
groupuseractiongetosversion
groupadminactionencodestring

If you're using multiple input token issuers, you have one table for each provider that maps input claims to output claims.

1.5. Creating ACS Resources (Token Policy, Scope, Issuer, and Rules)

After you've identified the claims, you can create the ACS objects using the ACS Management service. You can either use Acm.exe or the AC Management browser tool. To use Acm.exe, first configure the Acm.exe.config file to point to your service namespace. If you don't do that, then you must specify the service namespace and the management key for every Acm.exe execution.

Open Acm.exe.config, and configure the service namespace and management key as shown in Listing 1.

Example 1. Acm.exe.config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <appSettings>
    <add key="host" value="accesscontrol.windows.net"/>
    <add key="service" value="{Enter your service namespace name here}"/>
    <add key="mgmtkey" value="{Enter your management key here}"/>
  </appSettings>
</configuration>
After configuring Acm.exe, you can use it to create ACS resources. When you configure ACS resources for the first time, you must create the resources in the following order because of their dependencies on each other: token policy, scope, issuer(s), rules.
Other -----------------
- Windows 7 : Working with Registry Entries (part 3)
- Windows 7 : Working with Registry Entries (part 2)
- Windows 7 : Working with Registry Entries (part 1) - Changing the Value of a Registry Entry
- Windows 7 : Keeping the Registry Safe
- Windows 7 : Getting to Know the Registry (part 2)
- Windows 7 : Getting to Know the Registry (part 1) - Understanding Registry Settings
- Windows 7 : Firing Up the Registry Editor
- Windows Azure : Managing Access Control Service Resources (part 2)
- Windows Azure : Managing Access Control Service Resources (part 1)
- Windows Azure : Access Control Service Management Portal
- Windows 7 : Reset a Broken Service
- Windows 7 : Make Windows Shut Down Services Faster
- Windows 7 : Disable Services for Faster Performance
- Windows 7 : Controlling Services with a Script
- Windows 7 : Controlling Services at the Command Prompt
- Windows 7 : Controlling Services with the Services Snap-In
- Windows Azure : Access Control Service Usage Scenarios (part 3)
- Windows Azure : Access Control Service Usage Scenarios (part 2)
- Windows Azure : Access Control Service Usage Scenarios (part 1)
- Windows Azure : Access Control Service - Claims-Based Identity Model
 
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us