Answered by:
Secure Web Service On Windows Azure

Question
-
I have deployed one web service in windows azure as a web role.
I have five client which are going to access this web server, what i need is,
1> Nobody can access this web service except this five client.
2> Mechanism through which i can implement authentication by virtue of which client can use service only from his machine, not from other machine some type of domain based authentication or certificate base?
Monday, July 25, 2011 6:08 AM
Answers
-
You can go with Forms based authentication. But the right way to do is through WS-Federation for more flexibility. You can go with Forms based +ACS for this OR you can implement WIF to generate Claims and use it as authentication mechanism. Following links would help you a lot in this.
http://social.msdn.microsoft.com/Forums/en/netservices/thread/1096810f-331c-4d83-b472-7424143f07b1
http://msdn.microsoft.com/en-us/library/ff359102.aspx
http://msdn.microsoft.com/en-us/library/ff359110.aspx
Read the whitepapers from here:
http://www.microsoft.com/download/en/details.aspx?id=2576
WIF framework and sample:
http://www.microsoft.com/download/en/details.aspx?id=14347
Thanks
Seetha
-------------------------------------------------------------------------------------------
'Vote As Helpful' if this reply helps you and 'Mark as answer' if this answers your query
- Marked as answer by Wenchao Zeng Monday, August 1, 2011 3:22 AM
Monday, July 25, 2011 2:13 PM
All replies
-
Hi Rajesh,
I think you can use Windows Azure Access Control. More at http://www.microsoft.com/windowsazure/features/accesscontrol/
There you can directly add service identity for those five clients. More at http://msdn.microsoft.com/en-us/library/gg185945.aspx
You can use for those five client X.509 certificate based verification.
You have to try it, if it is enought for you and your application :-)
Windows Azure Teamleader Cloudikka blogMonday, July 25, 2011 12:33 PM -
You can go with Forms based authentication. But the right way to do is through WS-Federation for more flexibility. You can go with Forms based +ACS for this OR you can implement WIF to generate Claims and use it as authentication mechanism. Following links would help you a lot in this.
http://social.msdn.microsoft.com/Forums/en/netservices/thread/1096810f-331c-4d83-b472-7424143f07b1
http://msdn.microsoft.com/en-us/library/ff359102.aspx
http://msdn.microsoft.com/en-us/library/ff359110.aspx
Read the whitepapers from here:
http://www.microsoft.com/download/en/details.aspx?id=2576
WIF framework and sample:
http://www.microsoft.com/download/en/details.aspx?id=14347
Thanks
Seetha
-------------------------------------------------------------------------------------------
'Vote As Helpful' if this reply helps you and 'Mark as answer' if this answers your query
- Marked as answer by Wenchao Zeng Monday, August 1, 2011 3:22 AM
Monday, July 25, 2011 2:13 PM -
Hi Petr,
Access control allows either thru Active Directory® or web identities such as Windows Live ID, Google, Yahoo! and Facebook.
I can't go with web identities as customer can distribute their credential to use my services. It seem like Active Directory will work for me.
Can you tell me how you achieve this thing using X.509 certificate as mentioned in your apply as azure will allow only one certificate upload?
Rajesh Khunt
Tuesday, August 2, 2011 11:25 AM -
You can add for each user own certificate. Take a look at ACS management portal section service identities as I wrote :-) Click add and there you select type of identity authentication. Username/password, symmetric key or certificate ;-)
Windows Azure Teamleader Cloudikka blogThursday, August 4, 2011 11:19 AM -
I would like to have a small survey under the Windows Live developers. The test is for a thesis where I study how a web service can be more accessible for developers. Give me 4 minutes of your precious time and join the survey here: https://docs.google.com/a/sense-os.nl/spreadsheet/viewform?formkey=dHZIOFhybURrMExMb3B1MjFzWXFVU1E6MQThursday, March 1, 2012 12:54 PM