Total votes: 0
Print: Print Article
Please login to rate or to leave a comment.
Published: 18 Aug 2011
In this article we are going to see how to use the reporting services to run report on the cloud by deploying in the Windows Azure Management Portal.
In this article we are going to see how to make use of the Access Control Service in Windows Azure to create an Authentication Mechanism using Google credentials for our ASP.Net Azure Web Application using Visual Studio 2010 and Windows Azure Management Portal.
Access Control Service in Windows Azure is a simplified process of providing Federated Authentication based on some rules for the application or on providing Claim based Authentication for WCF Rest Services. Microsoft Provides Access Control System with Windows Azure Appfabric with authentication and authorization for variety of applications like Web Applications and Web Services. The difference is that in a Web application we have a user interface login page where authentication can be done, and in web service we will not have a login page. As of now Microsoft Windows Azure provides Identity Providers like Google, Facebook, Windows Live ID and Yahoo to authenticate the users with their respective credentials.
In this sample we will create an application from scratch with some modifications and then activate the Access Control Services in Windows Azure to make a Google credentials authentication. Let us see the step by step process on how to do these tasks one by one and get a final Access Control Service Google Authentication enabled by providing our credentials.
Login to Visual Studio 2010 as administrator and select File -> New Project and give valid details as shown in the screen below
- Select Cloud Template under Visual Basic or Visual C# as per the requirement.
- Double check if .NET Framework 4 is selected in the Framework Selector dropdown
- Select Windows Azure Project
- Provide a user friendly name to identify the project in future( Eg - AzureIdentitySample)
- Select on Which Location the project need to be saved and a valid Solution name as shown below
- Click on OK when done with the above changes to proceed further
Now we can see a window pop up with the different roles available in the Azure framework like Web Role, Worker Role and VM Role. Since in our sample we are going to create an authentication for a simple web application we will go ahead and select the ASP.NET Web Role and Click on the > button to move the role to the solution and click on OK button as shown in the screen below.
Clicking on OK button will open the solution with default files for Azure application and ASP.NET application as shown in the screen below
- Azure Application with .csdef and .ckcfg files
- ASP.Net web application with default folders and files with Defualt.aspx as start-up page
- Default.aspx page designer view where we are going to do some modifications
Once we modify our changes Press F5 from our keyboard (Function 5 key) to build and start the project and we can see the result in an IE browser with the modification we did as shown in the screen below.
Now Login to the management portal using the below link
We can see a screen like below. Now select the Sign into Management portal at the top right corner of the window as shown in the screen below
After selecting Sign into Management portal we will be asked for the Username and Password to authenticate the process as shown in the below screen.
After successful authentication we can see the Windows Azure management portal as shown in the screen below. Select Service Bus, Access Control & Caching tab as highlighted in the screen below.
Now we can see a screen with options to create a new Access control, Service Bus and Cache and with some basic documentation like the Service URLs for each namespaces which we are going to create etc. as shown in the screen below.
- Select Service Bus, Access Control & Caching tab
- Under Appfabric we can see the option for Access Control, Service Bus and Cache
- Different Service URL's for each namespace provided for example
- New option to create a new Namespace
Now select Access Control and Select New button to create a new namespace as shown in the screen below.
Now we can see a window pop up with some options to be filled by the user to create a new service namespace as shown in the screen below.
Now we need to enter the options as shown in the screen below
- Select Access Control option check box under the Available Services in the left panel
- Enter a user friendly namespace (Here F5DebugGoogle) to identify easily for future use.
- Click on Check Availability to see if the Namespace is available
- Select the region on which the namespace need to be created
- Select the subscription under which the namespace need to be created
- Service properties are enabled by default and we don't have much control over that so we can leave it as such as shown in the screen below.
- Finally click on Create Namespace to complete the process
Now we can see the process is initiated and the f5DebugGoogle namespace is getting activated as shown in the screen below.
Once the Namespace is created we can see the status of the namespace as shown in the screen below
- Name of the namespace which we created (User Friendly Name)
- Status of the Namespace if its active or inactive
- Version of the Access Control Service (Presently its Version 2)
We can see the Access Control Service ribbon button at the top enabled and ready to use as shown in the screen below.
Clicking on the Access Control Service button will navigate to a new page as shown in the screen below.
- Access Control Management Portal with the URL specified with our namespace as we have seen an example in the Azure management portal.
- Menu with different options for managing the Access Control Service like Identity providers, Service Identities etc.
- Windows Azure Portal, if we want to navigate back to the Azure Management Portal we can use this link and get back to the portal.
Now click on the Application Integration Menu on the left side as shown in the screen below.
We can see the list of Endpoint References which we can use it for our authentication process. Since in our sample we are going to use the Google Credentials as the authentication mechanism we need to have the WS-federation Metadata so copy and have it in a local notepad as shown in the screen below.
Now go back to Visual Studio 2010 project (AzureIdentitySample) and Press F5 to build and execute the project. We can see the output in IE as shown in the screen below. Now copy the URL from the IE as shown in the screen below
Keep both the URL's (FederationMetadata.xml and the Project local url) into a notepad since it will be useful for our configuration as shown in the screen below.
Now we are done with the basic steps to configure the application, in order to proceed further we need to download Windows Identity Foundation (WIF) from the below link and a patch for the WIF using the below link. If we are going to use WIF 4.0(Latest version) then we no need to install the patch.
Once we download the setups from the above 2 links to a folder, we can see our folder look like below screen with 5 different setups.
Since we are going to install the WIF 4.0 we can double click the exe WindowsIdentityFoundation-SDK-4.0 and start the installation process as shown in the screen below.
Once the installation is completed we not go back to the Visual Studio 2010 Project (AzureIdentitySample) and click on the Azure project and we can see an option like Add STS reference as shown in the screen below. We will get this reference only after we installed the Windows Identity Foundation on to our development machine.
Selecting the Add STS reference will open a wizard to do a manual configuration for the WS-Federation setup. Now in the Wizard we can see 2 options as shown in the screen below
- Application configuration location is the location of the Web.Config file of the WebRole1 project
- Application URL is the one which we copied and kept in our notepad(http://127.0.01.:81/)
Click on the next button once we are done with the above 2 configuration.
Clicking on Next button will pop up a message "The application is not hosted on a secure https connection, Do you wish to continue". Just we can ignore this exception as click on Yes to proceed further as shown in the screen below.
Now the wizard will move further and we can see Security Token Service option as shown in the screen below. Select Use an existing STS radio button and paste the FederationMetadata.xml path which we copied from the Azure Management Portal and kept in the notepad as shown in the screen below and click on Next button to proceed further.
Now we can see STS Certification Validation page, just click on the Disable Certificate Chain Validation radio button and click on the Next button as shown in the screen below.
Now we can see the Security token encryption page, select No encryption as shown in the screen below and click on Next button to proceed further.
Now we can see the list of claims offered for the application. By default we can leave it as such and click on Next button as shown in the screen below.
Now we can see the summary of the configurations made as shown in the screen below. Now click on Finish to complete the process.
We can see a message indicating that the Federation Utility completed successfully as shown in the screen below which indicates that the configuration is done without any errors.
Now open Web.Config file of the WebRole1 Asp.Net application and copy the below code to the System.web path as shown in the screen below.
Now go back to the Appfabric Azure Management Portal and click on the Identity Provider menu as shown in the scree below.
- Identity Providers lists the available providers used to authenticate into our application.
- List provides the default Identity Provider (Windows Live ID)
- We can use this ADD or DELETE option to add or delete a new or an existing Provider for managing the application online using the portal.
Clicking on ADD identity provider will navigate to a new page with the list of available providers as shown in the screen below. Since in our sample we are going to use Google Credentials we can select Google from the list and click on next button as shown in the screen below.
Now we can see a new page with the Google Identity Provider setting, provide a user-friendly Login link text (Eg – Google, Googleid etc) and click on Save button as shown in the screen below.
Now we can see the newly created identity provider Google listed and available for authentication purpose as shown in the screen below.
Now we need to proceed to an important step of creating a linkage between our application and to the ACS WS-Federation service by creating a Relying Party setup. In the left menu of the Appfabric Azure portal select the Relying Party Application and click on ADD as shown in the screen below.
Now we can see the list of configuration options for the Relying Party application. Enter a valid name (eg GoogleSample) and select Import WS-Federation Metadata as shown in the screen below. Since we selected the Import WS-Federation Metadata we need to provide the FederationMetadata.XML which we can download from the URL which we saved in our notepad for future use in our earlier steps. Click on SAVE once we are done with the above steps.
We can see the Relying Party Applications which we added (GoogleSample) is now listed as shown in the screen below.
Clicking on the relying party application name we can see the option to edit the configuration manually if any changes required in future use as shown in the screen below.
Now we need to scroll down to the page and we can see the status of the Token Sign Certificate is Valid (primary) which indicated that our Relying party setup is completed and successful as shown in the screen below.
Now go back to the identity provider and we can see the list of identity providers available as shown in the screen below.
Now go back to the Visual Studio 2010 project (AzureIdentitySample) and press F5 (Function 5) key for the IDE to build and execute our application. We can see the Authentication Process of the Access Control Service shown as shown in the screen below with the 2 registered services (Windows Live ID & Google).
We can use any of the available 2 authentication providers, since in our sample we are going to use the Google Authentication click on the Google button as shown in the screen below.
We can now see the traditional Google authentication page as shown in the screen below. Provide the valid Google credentials and click on Sign in button.
Once we provided with valid credentials and clicking on the Sign in button will navigate to an intermediate page asking for this access control is trying to access some of the resources. Just click on Allow button to proceed further as shown in the screen below.
Finally we can see our application page available after authenticating using the Google Credentials with the User Name (Karthikeyan) without writing any code for this authentication procedure as shown in the screen below.
So in this article we have seen on the step by step procedure of how to configure Access Control Services and installing Windows Identity Foundation to do an authentication procedure for an ASP.Net application using Google Credentials without writing a single line of code. In our next article we will see on how to host the application on to the cloud along with different identity provider's configuration and usage.
Sorry, no bio is available
This author has published 6 articles on DotNetSlackers. View other articles or the complete profile here.
Please login to rate or to leave a comment.