CHAPTER 5 ■ AZURE .NET SERVICES—ACCESS CONTROL 138 // create and open the client channel IAccountFederationClientChannel channel = channelFactory.CreateChannel(); channel.Open(); Console.WriteLine(string.Format(" Please type message to ping service:{0}", Environment.NewLine)); string inputMessage = Console.ReadLine(); while (inputMessage != String.Empty) { try { Console.WriteLine(" Receive response from Server: {0}", channel.PingServer(inputMessage)); } catch (Exception e) { Console.WriteLine( string.Format(" Test Client:Program, exception caught :{0}", e.Message)); } inputMessage = Console.ReadLine(); } channel.Close(); channelFactory.Close(); } } } 6. Add App.config to the client application and input the binding information as Listing 5-6 shows. Listing 5-6. Configuration for Client Application <?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <services> <service name="AzureForDotNetDeveloper.DotNetService.ServiceBus« .WCFServiceLibrary.AccountFederationService"> <endpoint contract="AzureForDotNetDeveloper.DotNetService.ServiceBus« .WCFServiceLibrary.IAccountFederationService" binding="netTcpRelayBinding" /> </service> </services> </system.serviceModel> </configuration> To start the server application, we are going to enter the Azure solution name and password, which will be used to do the authentication by the .NET Access Control Service. When the .NET Access Control Service has finished authenticating the request, the server is running to listen for the message posted to the endpoint. CHAPTER 5 ■ AZURE .NET SERVICES—ACCESS CONTROL 139 One thing that needs to be clear is that the custom service we host is running from the local machine, but the access is controlled and established through the endpoints from remote Azure services. This can be verified by the atom feed automatically assigned to every service by Azure services from the Azure portal page. Go to the Azure portal at http://portal.ex.azure.microsoft.com/ and log on to the .NET Services Bus. Figure 5-3 shows how to access the feed, and Figure 5-4 shows our service as expected. Figure 5-3. The Atom feed for our service CHAPTER 5 ■ AZURE .NET SERVICES—ACCESS CONTROL 140 Figure 5-4. Verifying that the WCF service is leveraging .NET Access Control Service Start the client application and enter the solution name and password. Send a message from the client, and the server sends back acknowledgement information. Finally, close both client and server applications. Go back to the Azure portal. We can see that the endpoint is also removed from Azure as Figure 5-5 shows. Figure 5-5. The service endpoint has been removed from Azure when the service is closed CHAPTER 5 ■ AZURE .NET SERVICES—ACCESS CONTROL 141 This exercise demonstrates how to tremendously simplify authentication by using the .NET Access Control Service from the cloud; all you need to do is deal with the configuration. The .NET Access Control Service redirected the service call back to the local machine, where the service is also hosted; in so doing, it crossed the Internet and reached behind the local machine's firewall. The client application has not even noticed that it actually invoked a WCF service host. This is really a gift to all .NET developers. CardSpace .Net Access Control Services In the previous exercise we used the user name and password as security credentials. This is just an alternate approach to access security. In this exercise we explore the .NET Access Control Service with CardSpace security and learn how the token claim and STS work from the .NET Access Control Service. Be mentally prepared that there is heavy local and remote configuration involved to reach that goal. This exercise is divided into two sections. The first section is the fundamental step that needs to be done before we move to the second section. The source code for the first section is separated from that for the second section. The file name of the source code is Exercise 5 2 1.zip, which can be downloaded from the download site of the book. The source code for the second section is Exercise 5 2.zip, which can also be found in the same location as the previous one. In the first section we are going to create three projects: a WCF services project AzureForDotNetDeveloperWCFserviceLibrary, a service host project Service, and a client project Client. This is a typical WCF client-server solution without using the .NET Access Control Service and security access. AzureForDotNetDeveloperWCFserviceLibrary In this project we’ll define a simple WCF service contract interface. This interface has three methods declared: Ping(), RegisterUser(), and GetRegisteredUser(). The service is a simulation service to handle user registration to a site. The source code is shown in Listing 5-7, the implementation for this interface is shown Listing 5-8, and the configuration is shown in Listing 5-9. There is nothing special except that the decorated attribute parameter InstanceContextMode of ServiceBehavior is assigned a value of Single, which means using a singleton pattern for service calls because we need to share the service instance in order to return the information of the last registered user. The attribute values to the GetRegisteredUser() operation contract, Action and ReplayAction, are used by the WCF service to dispatch an input or output message to an appropriate handler method. In this example there is no output handler, so the reply attributes do not trigger any action and can be removed from the code. It won’t cause any trouble though if you leave it alone. For more information about Action and ReplayAction see http://msdn.microsoft.com/en-us/ library/system.servicemodel.operationcontractattribute.replyaction.aspx. Listing 5-7. Service Contact IAzureForDotNetDeveloper and Data Contract User using System; using System.Runtime.Serialization; using System.ServiceModel; using System.ServiceModel.Channels; namespace AzureForDotNetDeveloper.DotNetService.ServiceBus CHAPTER 5 ■ AZURE .NET SERVICES—ACCESS CONTROL 142 { [ServiceContract(Name = "UserRegisterService", Namespace = "http://AzureForDotNetDeveloper.DotNetService.ServiceBus")] public interface IAzureForDotNetDeveloperWCFservice { [OperationContract(Action = "Ping", ReplyAction = "PingResponse")] string Ping(); [OperationContract(Action = "RegisterUser", ReplyAction = "AddUserResponse")] void RegisterUser(string xmlString); [OperationContract(Action = "GetRegisteredUser", ReplyAction = "GetUserListResponse")] string GetRegisteredUser(); } [DataContract] public class User { [DataMember] public string FirstName; [DataMember] public string LastName; [DataMember] public DateTime TimeRegistered; [DataMember] public string Password; } } Listing 5-8. Implementations for IAzureForDotNetDeveloperWCFService using System; using System.Runtime.Serialization; using System.ServiceModel; using System.ServiceModel.Channels; using System.Collections.Generic; using System.IO; using System.Xml; using System.Xml.Serialization; using System.Text; namespace AzureForDotNetDeveloper.DotNetService.ServiceBus { [ServiceBehavior(InstanceContextMode = InstanceContextMode.Single)] public class AzureForDotNetDeveloperWCFservice : IAzureForDotNetDeveloperWCFservice {