Web Services and Identity for Visual Studio 2010 Developers Version: 1.1.0 Description This lab introduces you to the use of Windows Identity Foundation for securing WCF services. The claim object model offered by WIF is more integrated with the .NET identity object model than the one originally featured in WCF: the first exercise will help absolute beginners and WCF experts alike to familiarize with the new programming model. In the second exercise you will experience directly how easy it is to take advantage of existing identity providers for externalizing the authentication logic for your web service. The third exercise shows you how WIF addresses delegation. You will learn how to take advantage of Windows Identity Foundation for flowing the identity of your users across multiple services and application tiers, ensuring that the access privileges are always referring to the actual user access levels. Overview Security and identity management are among the most critical aspects of any SOA and distributed systems in general. Since its introduction in version 3.0 of the .NET Framework, WCF provided the necessary expressive power for taking advantage of WS-Security, WS-Trust and all the standard mechanisms which help you to develop and consume web services in interoperable manner. Today Windows Identity Foundation (WIF), formerly known as Geneva, brings the approach further, abstracting away most of the complexity for application developer and providing a clear extensibility model for security developers. By introducing a unified approach to claims-based identity which applies both to WCF and ASP.NET, Windows Identity Foundation makes claims a first-class citizen in the .NET framework; furthermore, the enhancements to Visual Studio integration guarantee that the use of advanced identity capabilities will easily blend within the familiar development practices of Visual Studio users. During this Hands-on lab you will learn how to take advantage of the new model, classes and tools that constitute Windows Identity Foundation. Some tasks will show how to solve problems you are already familiar with, demonstrating the improvements in respect to the WCF-only model; some other task will show how to easily solve problems that in the past required very complex solutions, and that are now within reach of any developer. More specifically, you will learn how to: Use the Windows Identity Foundation object model to authenticate and authorize web service calls Take advantage of production STSes for externalizing authentication and obtaining claims about the user Authorize access to services by imposing conditions on incoming claims [Optional] Leverage the .NET Access Control Service for handling claim transformations Handle delegation scenarios Windows Identity Foundation can do much more than what we cover in this lab: we hope that the skills you will learn here will help you in your further explorations of identity development. Objectives In this Hands-On Lab, you will learn how to: Authenticate and authorize web service calls Trust tokens from a production STS Authorize access to services by imposing conditions on incoming claims Obtain delegated tokens and authorize calls protected by delegated tokens System Requirements You must have the following items to complete this lab: Microsoft® Windows® Vista SP2 (32-bits or 64-bits) , Microsoft® Windows Server 2008 SP2 (32-bit or 64-bit), Microsoft® Windows Server 2008 R2, Microsoft® Windows® 7 RTM (32-bits or 64-bits) Microsoft® Internet Information Services (IIS) 7.0 Windows Feature WCF HTTP Activation Microsoft® .NET Framework 4.0 Microsoft® Visual Studio 2010 Microsoft® Windows Identity Foundation Runtime Microsoft® Windows Identity Foundation SDK 4.0 Setup For convenience, much of the code used in this hands-on lab is available as Visual Studio code snippets. To check the prerequisites of the lab and install the code snippets: Open a Windows Explorer window and browse to the lab’s Source\Setup folder. Double-click the Dependencies.dep file in this folder to launch the Dependency Checker tool and install any missing prerequisites and the Visual Studio code snippets. If the User Account Control dialog is shown, confirm the action to proceed. Note: This process may require elevation. The .dep extension is associated with the Dependency Checker tool during its installation. For additional information about the setup procedure and how to install the Dependency Checker tool, refer to the Setup.docx document in the Assets folder of the training kit. After the code snippets installation completes, the setup script will proceed with the certificates installation. Press Y if you want to continue with the required certificates installation. Note: Next, the setup script will proceed by replacing any existing localhost certificate with a new one. If you already have a "localhost" certificate needed by another application, ensure to make a backup copy before proceeding with the lab's certificates installation. Figure 1 Certificates installation finished Note:  If you are running Windows 7 or Windows 2008 R2 you might not see this window. When finished, press any key to close the setup console. Note: In addition to the setup script inside the %YourInstallationFolder%\Labs\WebServicesAndIdentity\Source\Setup folder, there is a Cleanup.cmd file you can use to uninstall all the code snippets installed by the SetupLab.cmd script. Exercises The following exercises make up this Hands-On Lab: Using Windows Identity Foundation to Handle Authentication and Authorization in a WCF Service Accepting Tokens from an Active Directory Federation Services (ADFS) STS Invoking a WCF Service on the Backend via Delegated Access Note: Each exercise is accompanied by a starting solution. These solutions are missing some code sections that are completed during each exercise and therefore will not work if executed directly. Inside each exercise folder, you will also find an end folder with the solution that you should obtain after completing the exercise. You can use it as a guide if you need additional help working through the exercises. Using the Code Snippets With code snippets, you have all the code you need at your fingertips. The lab document will tell you exactly when you can use them. For example, Paste the following snippet at the end of the GetForecast method to return the image from the service. (Code Snippet – Web Services and Identity Lab - Ex03 Returning the Satellite Image) C# return new WeatherResult FakePre-2555176df0554763a300ff61390741ad-f4c1485e1ac84cdda217e38ee1e81286FakePre-3020269c40734ce78d3efec80dbb0b67-3742e3ab24a54975ab3d39f15a8b473c SatelliteImage = imageFakePre-0fa8ef9be7f24e76a61360905bd04cdf-b3ad9a9ab5944cf9b8ed07b7408414f7 To add this code snippet in Visual Studio, you simply place the cursor where you would like the code to be inserted, start typing the snippet name, in this case WebServicesAndIdentityLabEx03ReturningTheSatelliteImage, watch as Intellisense picks up the snippet name, and hit the TAB key twice once the snippet you want is selected. The code will be inserted at the cursor location. To insert a code snippet using the mouse rather than the keyboard (i.e. for Web.config file or any other XML document), right-click where you want the code snippet to be inserted, select Insert Snippet followed by My Code Snippets and then select the relevant snippet. To learn more about Visual Studio IntelliSense Code Snippets, including how to create your own, please see https://msdn.microsoft.com/en-us/library/ms165392.aspx. Estimated time to complete this lab: 60 minutes. next >

Downloads Download The Offline Training Kit Download Hands-on Lab Document (DOCX) Download Hands-on Lab Source Files Contents Overview Exercise 1: Using Windows Identity Foundation to Handle Authentication and Authorization in a WCF Service Exercise 2: Accepting Tokens from an Active Directory Federation Services (ADFS) STS Exercise 3: Invoking a WCF Service on the Backend via Delegated Access Summary