How to develop user-authenticated REST service with Azure ACS

Question

I\'m developing a REST service that uses MS Azure Access Control Service for authentication. If the examples are any indication, the typical way to secure a REST service this wa

Answer 1

You should look into the ACS Windows Phone sample:

http://msdn.microsoft.com/en-us/library/gg983271.aspx

Here instead of using Silverlight you will be using WPF. Most of the code should be re-usable. Note that since you are using WPF you will need to register your own object for scripting e.g:

[ComVisibleAttribute(true)]
public class NotifyHandler
{
    public void Notify(string notifyString)
    {
        // Here I have the token.
    }
}

this.webBrowser1.ObjectForScripting = new NotifyHandler();

Update:

The sample above uses OAuth Wrap to contact the secured service. If you would like to use OAuth2 you should change the way the "Authorization" header set:

OAuth WRAP case:

 WebClient client = new WebClient();
 client.Headers["Authorization"] = "OAuth " + _rstrStore.SecurityToken;

OAuth2 case:

 WebClient client = new WebClient();
 client.Headers["Authorization"] = string.Format("OAuth2 access_token=\"{0}\"", token);

You can use the "Simple Service" sample as a guide to implement your token validation in your REST service:

http://msdn.microsoft.com/en-us/library/gg185911.aspx

Yet if you would like to implement a more complete sample you can look at how CustomerInformationService is protected in the CTP version 1.4:

https://connect.microsoft.com/site1168/Downloads/DownloadDetails.aspx?DownloadID=35417

Answer 2

Take a look at this one:

WPF Application With Live ID, Facebook, Google, Yahoo!, Open ID http://social.technet.microsoft.com/wiki/contents/articles/4656.aspx