Web Services and Identity in Windows Azure Version: 2.0 Description This lab is a step by step guide that will help you to use claims-based identity for handling authentication and access management for your WCF services hosted in Windows Azure; it will show you how you can still take advantage of local identities for authenticating your users, despite the fact that your services are now hosted in the cloud. The lab will walk you through all the practicalities of taking advantage of the unique characteristics of the Windows Azure environment from your Windows Identity Foundation settings. Overview Windows Identity Foundation can simplify access to your Windows Communication Foundation (WCF) services, by providing the usual claims-based identity arsenal of good practices: authentication externalization, location independence, decoupling from credential types and many others. There is no reason for you not to enjoy the same advantages when you host your WCF services in Windows Azure: there are few practicalities that are intrinsic to the hosting platform, but the steps you need to follow are largely the same whether you are deploying your services on-premises or in the cloud. If you want to be fully aware of the differences between the two cases, you can optionally go through the lab “Web Services and Identity” and learn about how to use WCF and WIF on-premises before starting the current lab: please note that it is entirely optional, as this HOL is self-contained and independent. This lab is a step by step guide that will help you to use claims-based identity for handling authentication and access management for your WCF services hosted in Windows Azure; it will show you how you can still take advantage of local identities for authenticating your users, despite the fact that your services are now hosted in the cloud. The lab will walk you through all the practicalities of taking advantage of the unique characteristics of the Windows Azure environment from your Windows Identity Foundation settings. More precisely, you will learn how to: Use Windows Identity Foundation with WCF services hosted in Windows Azure Trusting an on-premise STS from a WCF service hosted in Windows Azure Using WIF & WCF tracing for a WCF service hosted in Windows Azure, taking advantage of blob storage for the traces Configure a WCF service to use load balancing Deploy a WCF service secured via WIF to the Windows Azure cloud Windows Identity Foundation can do much more than what we cover in this lab: we hope that the skills you will learn here will help you in your further explorations of identity development. The first lab will show you the process to configure a weather service to trust an on-premises development STS, and run the entire solution in the Compute Emulator. The second lab will add diagnostics and load balancing features to the WCF service implemented in the first lab. Finally, the third lab will walk you through the steps for running the solution to Windows Azure, which trusts an on-premises STS, generates diagnostic logs, and provides load balancing facilities. As shown on the figure below, an already provided client will be used to consume the WCF service running on the Compute emulator and afterwards in Windows Azure. Figure 1 A visual summary of what you will build in this lab Objectives In this hands-on lab, you will learn how to: Use Windows Identity Foundation for handling access to a WCF service hosted in the Windows Azure DevFabric by reusing on-premises identities Add STS references on a WCF service hosted in Windows Azure Add service references to a client which points to a WCF service hosted in Windows Azure Configure a WCF service to emit WIF and WCF traces in blob storage, and retrieve traces for offline analysis Provide custom SecurityTokenHandler and ServiceBehavior classes for enabling a WCF service to take advantage of load balancers Deploy to the Windows Azure staging and production evnironments a WCF service secured via WIF System Requirements You must have the following items to complete this lab: Microsoft® Windows® Vista SP2 (32-bits or 64-bits) or Microsoft® Windows Server 2008 SP2 (32-bit or 64-bit) with KB971842 (https://support.microsoft.com/kb/971842), or Microsoft® Windows® 7 (32-bits or 64-bits) or Microsoft® Windows Server 2008 R2 (64-bits) with KB977420 (https://support.microsoft.com/kb/977420). Microsoft® Internet Information Services (IIS) 7.0 (with ASP.NET component, Static Content Support, and a Localhost SSL certificate installed) Microsoft® .NET Framework 4.0 Microsoft® Visual Studio 2010 Windows Azure Tools for Microsoft Visual Studio 1.4 Microsoft® Windows Identity Foundation Runtime Microsoft® Windows Identity Foundation SDK 4.0 Setup You must perform the following steps to prepare your computer for this lab. Open a Windows Explorer window and browse to the lab’s Source\Setup folder. Double-click the Dependencies.dep file in this folder to launch the Dependency Checker tool and install any missing prerequisites. This will also install some code snippets that will be used across the lab and the localhost certificate used in the second exercise by the local STS. Note: This process may require elevation. The .dep extension is associated with the Dependency Checker tool during its installation. For additional information about the setup procedure and how to install the Dependency Checker tool, refer to the Setup.docx document in the Assets folder of the training kit. Once closed the code snippets installer, the setup script will proceed with the certificates installation. Press Y if you want to continue with the required certificates installation. Note: If you already have a "localhost" certificate needed by another application, ensure to make a backup copy of it before continue with the lab's certificates installation. Figure 2 Certificates installation finished Note: If you are running Windows 7 or Windows 2008 R2 you might not see this window. When finished press any key to close the setup console. Note: In addition to the setup script, inside the Source\Setup folder of this lab, there is a Cleanup.cmd file you can use to uninstall all the code snippets installed by setup scripts. Using the Code Snippets Throughout the lab document, you will be instructed to insert code blocks. For your convenience, most of that code is provided as Visual Studio Code Snippets, which you can use from within Visual Studio 2010 to avoid having to add it manually. If you are not familiar with the Visual Studio Code Snippets, and want to learn how to use them, you can refer to the Setup.docx document in the Assets folder of the training kit, which contains a section describing how to use them. Exercises The following exercises make up this hands-on lab: Using the Windows Identity Foundation with a WCF Service in Windows Azure Adding Diagnostics and Load Balancing Deploying the WCF Service to Windows Azure Note: Inside each exercise you will find an end folder where you find the resulting solution you should obtain after completing the exercises. You can use this solution as a guide if you need additional help working through the exercises. Estimated time to complete this lab: 60 minutes Note: When you first start Visual Studio, you must select one of the predefined settings collections. Every predefined collection is designed to match a particular development style and determines window layouts, editor behavior, IntelliSense code snippets, and dialog box options. The procedures in this lab describe the actions necessary to accomplish a given task in Visual Studio when using the General Development Settings collection. If you choose a different settings collection for your development environment, there may be differences in these procedures that you need to take into account. next >

Downloads Download The Offline Training Kit Download Hands-on Lab Document (DOCX) Download Hands-on Lab Source Files Contents Getting Started: Setting up the Certificates and Local STS Exercise 1: Using Windows Identity Foundation with a WCF Service in Windows Azure Exercise 2: Adding Diagnostics and Load Balancing Exercise 3: Deploying the WCF Service to Windows Azure Summary