locked
Authenticating Windows 8 App

    Question

  • Hi,

    Can anyone please help me, how to authenticate windows 8 app to use ACS?

    Thanks in advance.

    Prashant

    Monday, February 11, 2013 12:44 PM

Answers

  • Hi Prashant,

    Are you going to access a Windows Azure hosted WCF service (protected via ACS) from windows store app? If so, how do you use ACS to secure the service?

    For Windows Store app, it provides a built-in web authentication broker component which can help you perform authentication against services secured by web authententication protocols like OAuth, OpenID.


    #Web authentication broker (Windows Store apps) (Windows)
    http://msdn.microsoft.com/en-us/library/windows/apps/Hh750287.aspx

    #Access Online Services with the Windows Runtime and OAuth
    http://msdn.microsoft.com/en-us/magazine/jj883954.aspx


    Also, if the web authentication broker is not enough for you, you can also consider building your own window runtime library ( by using C# or VB.NET ) to encapsulate the service access and authentication/authorization code logic (against your ACS secured azure services). The implementation would be quite similar to how you implement the ACS client for standard .NET application


    #How to: Authenticate to a REST WCF Service Deployed to Windows Azure Using ACS
    http://msdn.microsoft.com/en-us/library/windowsazure/hh289317.aspx

    #Code Sample: OAuth 2.0 Certificate Authentication
    http://msdn.microsoft.com/en-us/library/windowsazure/hh127795.aspx


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Marked as answer by Song Tian Monday, February 18, 2013 5:41 AM
    Tuesday, February 12, 2013 6:36 AM
    Moderator

All replies

  • Hi Prashant,

    Are you going to access a Windows Azure hosted WCF service (protected via ACS) from windows store app? If so, how do you use ACS to secure the service?

    For Windows Store app, it provides a built-in web authentication broker component which can help you perform authentication against services secured by web authententication protocols like OAuth, OpenID.


    #Web authentication broker (Windows Store apps) (Windows)
    http://msdn.microsoft.com/en-us/library/windows/apps/Hh750287.aspx

    #Access Online Services with the Windows Runtime and OAuth
    http://msdn.microsoft.com/en-us/magazine/jj883954.aspx


    Also, if the web authentication broker is not enough for you, you can also consider building your own window runtime library ( by using C# or VB.NET ) to encapsulate the service access and authentication/authorization code logic (against your ACS secured azure services). The implementation would be quite similar to how you implement the ACS client for standard .NET application


    #How to: Authenticate to a REST WCF Service Deployed to Windows Azure Using ACS
    http://msdn.microsoft.com/en-us/library/windowsazure/hh289317.aspx

    #Code Sample: OAuth 2.0 Certificate Authentication
    http://msdn.microsoft.com/en-us/library/windowsazure/hh127795.aspx


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Marked as answer by Song Tian Monday, February 18, 2013 5:41 AM
    Tuesday, February 12, 2013 6:36 AM
    Moderator
  • Hi Prashant,

    Just some further information about the ACS specific web authentication integration.The ACS's integration login page is exposed at the following address:


    https://[name of your acs namespace].accesscontrol.windows.net:443/v2/wsfederation?wa=wsignin1.0&wtrealm=[realm of your RP application]


    and when you invoke it via browser, it will prompt the user to select the identity provider (windows live, google, etc...) and after the login finishes (at the provider side and return back to windows azure acs side), the acs integration endpoint will return a wsfederation token (different from OAuth or OpenID) which is included in the response body of the HTTP message (rather than embeded in url as querystring parameter). While the web authentication broker can only help you find the exact url (which will be navigated during the web authentication process) and give you the chance to extract certain querystring parameter(such as access token) from the url.


    #How web authentication broker works (Windows Store apps) (Windows)
    http://msdn.microsoft.com/en-us/library/windows/apps/Hh750286.aspx


    Therefore, for ACS integrated web authentication, you might need to setup a custom web page (in the replying party web application) which will help extract the ACS generated wsfederation token from the request body (as a HTTP POST parameter) and send it to a further url via querystring. Then, your web authentication broker might be able to intercept that page to extract the token. Here are some threads discussing on this:


    #WebAuthenticationBroker authenticate with LiveID returns Success status but no Security Token
    http://stackoverflow.com/questions/12455692/webauthenticationbroker-authenticate-with-liveid-returns-success-status-but-no-s

    #Does the WebAuthenticationBroker work in Windows 8 Metro App post Release Candidate
    http://stackoverflow.com/questions/12485665/does-the-webauthenticationbroker-work-in-windows-8-metro-app-post-release-candid


    Also, for ACS specific integration scenario, you might consider implementing your own authentication client (by creating a windows runtime library with .NET code) instead of using the web authentiation broker.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.


    Thursday, February 14, 2013 6:06 AM
    Moderator