CHAPTER 5 ■ AZURE .NET SERVICES—ACCESS CONTROL 133 Console.WriteLine(results); Trace.WriteLine(results); return message; } #region Console Utilities static public string ProcessPassword() { StringBuilder password = new StringBuilder(); ConsoleKeyInfo info = Console.ReadKey(true); while (info.Key != ConsoleKey.Enter) { if (info.Key == ConsoleKey.Backspace) { if (password.Length != 0) { password.Remove(password.Length - 1, 1); Console.Write("\b \b"); } } else if (info.KeyChar >= ' ') { password.Append(info.KeyChar); Console.Write("*"); } info = Console.ReadKey(true); } Console.WriteLine(); Console.Write( string.Format( " Please sit back and wait for your account to be authenticated from .Net access service {0}{0} {0}", Environment.NewLine ) ); return password.ToString(); } #endregion } } 2. Define a client communication channel interface IAccountFederationClientChannel derived from the interface System.ServiceModel.IClientChannel in order to do the duplex communication. The code is shown in Listing 5-2. This listing is for the implementation of the Main() function of the host application. CHAPTER 5 ■ AZURE .NET SERVICES—ACCESS CONTROL 134 Listing 5-2. WCF Client Channel Service Contract Definition using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.ServiceModel; namespace AzureForDotNetDeveloper.DotNetService.ServiceBus.WCFServiceLibrary { public interface IAccountFederationClientChannel : IAccountFederationService, IClientChannel { } } 3. Next, we are going to build a console application to host the WCF service. As Listing 5-3 shows, we need to do the following steps to the initialization on the server side. 1. Create a endpoint URI. The URI address for the .NET Access Control Service is sb://servicebus.windows.net/services/AzureForDotNetDeveloper/[SolutionName]. 2. Define a TransportClientEndpointBehavior instance. This instance takes the user credential information. Currently the .NET Access Control Service accepts three types of credential: Solution Password, Windows CardSpace Information Card, and X.509 Certificates. In this example we use the user name and password for credential information. The user name is the solution name used to create a solution in the cloud via the portal. The password is the password to the solution. Follow the steps shown in Listing 5-3 to construct the transport client endpoint behavior instances. 3. Construct a host instance. The host instance takes the WCF service implementation class type for instantiation. The syntax is as follows and is also shown in Listing 5-3. ServiceHost host = new ServiceHost(typeof(AccountFederationService), address); 4. Add the authentication token, username, and password to the endpoint. Once the host instance has been instantiated, the endpoint needs to be bound to the service behavior. 5. Start services. When the user credential information has been sent to the .NET Access Control Service for authentication, the process we saw illustrated in Figure 5-1 runs its course. Note that in order to use the URI of the .NET Access Control Service, two namespace declarations—Microsoft.ServiceBus and Microsoft.ServiceBus.Description—must be inserted into the using clause section to distinguish the URI from the WCF System.ServiceModel namespace. References to the assembly Microsoft.ServiceBus.dll must also be added to the project. This assembly can be found in the Microsoft .NET Services SDK Assemblies folder. You call host.Open() to start services and host.Close() to close up the service when the user presses the key to stop the service. CHAPTER 5 ■ AZURE .NET SERVICES—ACCESS CONTROL 135 Listing 5-3. A Console Application Server Host Implementation Used to Host the Authentication WCF Services using System; using System.ServiceModel; using System.ServiceModel.Description; using Microsoft.ServiceBus; using Microsoft.ServiceBus.Description; using System.Text; namespace AzureForDotNetDeveloper.DotNetService.ServiceBus { using AzureForDotNetDeveloper.DotNetService.ServiceBus.WCFServiceLibrary; class Program { static void Main(string[] args) { Console.Write( string.Format( " WCF Service local host {0} Please enter your Azure Solution Name:{0}", Environment.NewLine ) ); string solutionName = Console.ReadLine(); Console.Write(string.Format(" Solution Password: {0}", Environment.NewLine)); string solutionPassword = AccountFederationService.ProcessPassword(); Uri address = new Uri(String.Format("sb://{0}/services/{1}/AuthenticationService/", ServiceBusEnvironment.DefaultRelayHostName, solutionName)); TransportClientEndpointBehavior userNamePasswordServiceBusCredential = new TransportClientEndpointBehavior(); userNamePasswordServiceBusCredential.CredentialType = TransportClientCredentialType.UserNamePassword; userNamePasswordServiceBusCredential.Credentials.UserName.UserName = solutionName; userNamePasswordServiceBusCredential.Credentials.UserName.Password = solutionPassword; ServiceHost host = new ServiceHost(typeof(AccountFederationService), address); //add the Service Bus credentials to all endpoints specified in configuration foreach (ServiceEndpoint endpoint in host.Description.Endpoints) { endpoint.Behaviors.Add(userNamePasswordServiceBusCredential); } host.Open(); CHAPTER 5 ■ AZURE .NET SERVICES—ACCESS CONTROL 136 Console.WriteLine( string.Format( " Authentication success from .Net access service.{1}Service address: {1}{0}{1}", address, Environment.NewLine ) ); Console.WriteLine( string.Format( " Ready to receive message {0} Press <Enter> to terminate server ", Environment.NewLine ) ); Console.ReadLine(); host.Close(); } } } 4. Add a configuration file to the project and insert configuration information as Listing 5-4 shows. Listing 5-4. Configuration for Service Host <?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <services> <service name="AzureForDotNetDeveloper.DotNetService.ServiceBus« .WCFServiceLibrary.AccountFederationService"> <endpoint contract="AzureForDotNetDeveloper.DotNetService.ServiceBus« .WCFServiceLibrary.IAccountFederationService" binding="netTcpRelayBinding" /> </service> </services> </system.serviceModel> <configuration> 5. Create a new Windows console application to be a test client as Listing 5-5 shows. The implementation URI for the client is the same as the server. We use the ChannelFactory class provided by System.ServiceModel to instantiate a client channel WCF service instance used to send an acknowledgement message back to the server. As we did for the server host program, the namespace Microsoft.ServiceBus and the reference to assembly Microsoft.ServiceBus.dll need to be added to the project as well. Note that when creating the client channel factory, the relay CHAPTER 5 ■ AZURE .NET SERVICES—ACCESS CONTROL 137 endpoint needs to be specified because the authentication for the client application to use the WCF service endpoint is through the relay from the server endpoint. Listing 5-5. Implementation for Client Application using System; using System.ServiceModel; using Microsoft.ServiceBus; namespace AzureForDotNetDeveloper.DotNetService.ServiceBus { using AzureForDotNetDeveloper.DotNetService.ServiceBus.WCFServiceLibrary; class Program { static void Main(string[] args) { Console.Write( string.Format( " Test Client {0} Please enter your Azure Solution Name:{0} ", Environment.NewLine ) ); string solutionName = Console.ReadLine(); Console.Write(string.Format(" Solution Password: {0}", Environment.NewLine)); string solutionPassword = AccountFederationService.ProcessPassword(); // create the service URI based on the solution name Uri serviceUri = new Uri(String.Format("sb://{0}/services/{1}/AuthenticationService/", ServiceBusEnvironment.DefaultRelayHostName, solutionName)); TransportClientEndpointBehavior userNamePasswordServiceBusCredential = new TransportClientEndpointBehavior(); userNamePasswordServiceBusCredential.CredentialType = TransportClientCredentialType.UserNamePassword; userNamePasswordServiceBusCredential.Credentials.UserName.UserName = solutionName; userNamePasswordServiceBusCredential.Credentials.UserName.Password = solutionPassword; //create the channel factory loading the configuration ChannelFactory<IAccountFederationClientChannel> channelFactory = new ChannelFactory<IAccountFederationClientChannel> ("RelayEndpoint", new EndpointAddress(serviceUri)); //apply the Service Bus credentials channelFactory.Endpoint.Behaviors.Add(userNamePasswordServiceBusCredential); . Create a endpoint URI. The URI address for the .NET Access Control Service is sb://servicebus .windows. net/services/AzureForDotNetDeveloper/[SolutionName]. 2. Define a TransportClientEndpointBehavior. Currently the .NET Access Control Service accepts three types of credential: Solution Password, Windows CardSpace Information Card, and X.509 Certificates. In this example we use the user name. </service> </services> </system.serviceModel> <configuration> 5. Create a new Windows console application to be a test client as Listing 5-5 shows. The implementation URI for