问题
How can I secure a WCF service using Azure Active Directory:
My Status: - My WCF service that contains the business logic is hosted on Azure WebRole.
I want your help to do the following:
- Configure my WCF Service in Azure to federate the authentication process to Azure Active directory.
- Configure my WCF Client to get Tokens from Azure Active directory by providing his [username/password].
- Configure my WCF Service to verify the client's tokens.
My environment constraints:
- WCF 4.5 .
- WIF 4.5 .
- Visual Studio 2012 .
- It's a Proof of concept and I have to use Self Signed Certificates.
回答1:
Alexey's answer should get you started. But one thing I'd mention:
Using Azure ACS i have created a [username/password] for every user via [ACS Service identities].
In production you shouldn't do this. Service identities are meant to authorize services that are trusted subsystems, where the key itself is not exposed externally. Keep in mind that ACS is a federation provider, not an identity provider. It's pricnipally designed for linking existing identity systems together and not for storing user credentials. If your system grows using service identities as user credentials, you'll run into problems with scale and user account (password) management.
As a proof of concept, it's fine. But for something real you might rely on a on-prem AD, consumer identity providers like facebook and google, or check out http://www.windowsazure.com/en-us/manage/services/identity/
来源:https://stackoverflow.com/questions/15728174/azure-active-directory-and-wcf