martes, 29 de marzo de 2011 22:43
This is the same problem as encountered here (with no resolution). I'm running a WebServiceHost serving a ServiceBus URL (e.g. https://<name>.servicebus.windows.net) that is protected by ACS. I can configure new issuers/rules for Listen and Send through AcmBrowser and connect no problem. The problem is I can't get "custom" claims to be accessible on the server side host - operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets is always empty, even though I can see my custom claims in the client-side token from ACS that is used to connect to the servicebus service. Shouldn't those get passed through to my service implementation?
Todas las respuestas
domingo, 22 de mayo de 2011 8:25This seems to be by design. ServiceBus will not reveal the identity of the caller to the Service Host. If you need to authenticate the user at ServiceHost also then you need to sign the message with ClientCredentials and get it authenticated by the ServiceHost. So there will be two authentications one by ServiceBus and another done by your service.
viernes, 15 de julio de 2011 16:31Try using REST based call to ACS from the client and post the SWT to service, other than using passive call. That will solve your problem.