I have a solution using service bus who works fine. The client side (by a browser for example) makes a request about a file, and the service side gives the file to the client. This works putting in a browser : 'http://XXX.servicebus.windows.net/Image/GetFile/file.pdf'
and you obtain the file.
Now, I want to add authentication and authorization using Acces Control, so I change the App.config at the service, adding the next:
<security relayClientAuthenticationType="RelayAccessToken"/> in the <webHttpRelayBinding> tag, so now, when you try to get a file, the browser shows you the next message:
<Code>401</Code><Detail>The request contains no authorization header.</Detail>
My problem is next. I added code lines at the client side to obtain a Token using a pair Name/Password, unwrapp the token, and send the token in the header. The code is basically the next:
string returnToken = tf.GetACSToken(name, password, "https://XXX.servicebus.windows.net/Image"); // this URL is the wrap_scope of the authentication
My Access Control Settings are Relying Party Applications with 'https://XXX.servicebus.windows.net/Image' at Realm and Return Url, Token Format as SAML2.0, and a Default Rule Group with a Rule with 'Pass Through'.
I know the error maybe is in use https instead http in the settings, but I tried many changes and I don't find the solution.
I`m using the same TokenFactory, the same sample, but the XXX-sb.accesscontrol.windows.net doesn't work for me. It returns an 'Error 401 Unathorized' when I try to send it the token request. So I use XXX.accesscontrol.windows.net to get te token, and this
address works well.
The only difference is that I`m working with Username/Password so I don't use the 'CreateRequestToken' method, I just use the next code below:
And this code returns us a correct token. When I try to send a client request to my service (with the token in the authorization header) via Service Bus (the
client.DownloadData) is when I receive an Error 401 Invalid Token Signature, so I think It's something wrong in the token, but I don't know what.
I try with Simetric Key instead Password, and get the same error, with SAML instead SWT, and nothing. I don't know how to get a solution.
> the XXX-sb.accesscontrol.windows.net doesn't work for me. It returns an 'Error 401 Unathorized'.
By using the code provided in my post, may I ask you to double check if issuerName, issuerKey, serviceAddress are correct? If it still does not work, may I ask for a sample code you use? This will be very helpful in case if there is a typo in your code or
You must have figured out the solution by now. Which access control service are you using? For this solution to work, you have to use service bus access control service. The page which appears after selecting the "Service Bus" option in left pane,
selecting the namespace and then clicking the "Access Control Service" button. The one which is opened after selecting the "Access Control" option is different than this one. It gave me hard time to figure this out. So thought of posting it.