SalesBuy
1-855-856-7678
Technical SupportSupport
Free Trial
*Internet Service Required
Can Azure WCF services discriminate between different ACS service-identities?
Can Azure WCF services discriminate between different ACS service-identities?
-
Thursday, June 07, 2012 9:46 PM
Hi,
I have two different Azure WCF services secured using ACS username/password service-identities.
One service is a software-licensing service which is accessible using a single "general" well-known username/password shipped with the client software.
The 2nd service is protected by a number of username/password service-identities: one is given to each service customer.
My question is: is it possible to prevent the 2nd service from being accessed by clients using the "general" username/password reserved for the software-licensing WCF service?
I have tried implementing a custom username-password-validator that acts to filter out the clients that use the "general" username/password service-identity but this does not seem to work in the Azure environment.
My second idea was to try get the 2nd service to access the username from the security token, but I don't think this information is accessible.
Has anyone got any suggestions as to how to implement an Azure WCF service that is able to differentiate & discriminate between different ACS service-identities?
Many thanks,
All Replies
-
Friday, June 08, 2012 8:28 AMModerator
Hi,
Do you mean the 1st WCF Service not use the ACS as the authentication way but the 2nd WCF use username/password service identity method? If you dont like password, you can consider certificate or symmetroc key as service credential. I think different service can use different service identities, just add different service identities for different WCF service, and each service can set differnt credential types in ACS portal.
Refer to:
http://blog.elastacloud.com/2012/04/21/service-bus-acs-and-multiple-service-identities/Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework
-
Friday, June 08, 2012 8:37 AM
Hi,
I would like to secure the 1st WCF Service using ACS with username/password service-identity but restrict access to it for one user in the user-pool (e.g. User-A)
With the 2nd WCF service I would also like to secure it using ACS username/password service-identities but allow access from all other users in the user pool (except User-A) (e.g. User-B, User-C, User-D, etc.)
Do you know if this requirement is possible to achieve?
-
Monday, June 11, 2012 7:46 PM
Hi,
To help out anyone else with a similar issue, I've achieved what I wanted (to prevent a named user from accessing a service) by incorporating the following code into the service's webmethod.
ClaimsIdentity identity = Thread.CurrentPrincipal.Identity as ClaimsIdentity;
if (identity.Claims.Exists( c => c.ClaimType == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" && c.Issuer == "https://<my-acs-domain-name>.accesscontrol.windows.net/" && c.Value == "<my-user-id>" )){
throw new FaultException<ServerFault>( new ServerFault( new SecurityException( "Access is denied." ) ) );
}
- Marked As Answer by captn barnacles Monday, June 11, 2012 7:46 PM
|
