Secure Web Service On Windows Azure

Question

I have deployed one web service in windows azure as a web role.

I have five client which are going to access this web server, what i need is,

1> Nobody can access this web service except this five client.

2> Mechanism through which i can implement authentication by virtue of which client can use service only from his machine, not from other machine some type of domain based authentication or certificate base?

Answer 1

Hi Rajesh,

I think you can use Windows Azure Access Control. More at http://www.microsoft.com/windowsazure/features/accesscontrol/

There you can directly add service identity for those five clients. More at http://msdn.microsoft.com/en-us/library/gg185945.aspx

You can use for those five client X.509 certificate based verification.

You have to try it, if it is enought for you and your application :-)

---

Windows Azure Teamleader Cloudikka blog

Answer 2

You can go with Forms based authentication. But the right way to do is through WS-Federation for more flexibility. You can go with Forms based +ACS for this OR you can implement WIF to generate Claims and use it as authentication mechanism. Following links would help you a lot in this.

http://social.msdn.microsoft.com/Forums/en/netservices/thread/1096810f-331c-4d83-b472-7424143f07b1

http://msdn.microsoft.com/en-us/library/ff359102.aspx

http://msdn.microsoft.com/en-us/library/ff359110.aspx

Read the whitepapers from here:

http://www.microsoft.com/download/en/details.aspx?id=2576

WIF framework and sample:

http://www.microsoft.com/download/en/details.aspx?id=14347

Thanks

Seetha

-------------------------------------------------------------------------------------------

'Vote As Helpful' if this reply helps you and 'Mark as answer' if this answers your query

Answer 3

Hi Petr,

Access control allows either thru Active Directory® or web identities such as Windows Live ID, Google, Yahoo! and Facebook.

I can't go with web identities as customer can distribute their credential to use my services. It seem like Active Directory will work for me.

Can you tell me how you achieve this thing using X.509 certificate as mentioned in your apply as azure will allow only one certificate upload?

---

Rajesh Khunt

Answer 4

You can add for each user own certificate. Take a look at ACS management portal section service identities as I wrote :-) Click add and there you select type of identity authentication. Username/password, symmetric key or certificate ;-)

---

Windows Azure Teamleader Cloudikka blog

Answer 5

I would like to have a small survey under the Windows Live developers. The test is for a thesis where I study how a web service can be more accessible for developers. Give me 4 minutes of your precious time and join the survey here: https://docs.google.com/a/sense-os.nl/spreadsheet/viewform?formkey=dHZIOFhybURrMExMb3B1MjFzWXFVU1E6MQ