How does a client WPF application authenticate with a WCF service on Azure?

Question

I'm currently considering creating an application to deploy to the azure cloud. The main reason for considering Azure over Amazon is the access control service. I want to accept as many different credential types as possible for my application, especially Facebook.

Some of the user's will be using the HTML based application, others a WPF client application. The question is, how do I authenticate the client using whichever provider they want and then communicate with the WCF service. I'm guessing I need to use the web-browser component in my application, or pop-up an external browser (ideally support both options for paranoid users), but I'm not clear how to then use that connection for the WCF service.

Answer 1

What you're looking for is called 'active federation'. See this question

Typically, your web clients will use the passive form, in which they are redirected to a login page owned by a Security Token Service. You can't redirect a wpf or winforms application, so your application needs to go through the motions that your browser does behind the scenes for you, including negotiating and caching the security token you receive from the STS and then presenting it on each request.

Answer 2

Consider separating the authentication of the user to the application from the authentication between application and WCF service.

To secure access to the WCF service, you can use the ACS to implement authentication using a Simple Web Token (SWT). There are several examples of this available through your search engine of choice.

Sorry I can't give you a more concrete example at the moment. I'm mobile with an i-device and thus have limited access to tools.

Answer 3

I think your intend is some how Authenticate/Authorize users for this WCF service right? In this case you can look at the "Windows 7 phone application" sample: http://msdn.microsoft.com/en-us/library/gg983271.aspx . In here you will see that this sample is using "javascriptnotify" protocol.

For WPF WebBrowser control there are many articles which describe how to get notifications from the javascript in the DOM.

This way you can get a token for your WPF application and then you will need to use the same token to authenticate to WCF service.

In the case of the Web Application you can get the token from WSFam module. One way to do this might be registering for SecurityTokenReceived event on WSFam.

This way for both scenario you can end up with a SAML token.

Then you can author your own custom SAML TokenProvider for the WCF and use the SAML token you got from ACS to talk to your server.