Before we move forward to discuss the Access Control Service using X.509 and CardSpace authentication, we have to do some configuration in the local development environment.. Authenticat
Trang 1148
Figure 5-8 Run the client; we have the echo from the server, and a user has been registered successfully
The Access Control Service can provide authentication interactively using CardSpace This
approach will be covered at the end of this exercise Alternatively, the authentication can be done using X.509 certification Both approaches require that the client application preregister client-side information in the Azure cloud environment Before we move forward to discuss the Access Control Service using X.509 and CardSpace authentication, we have to do some configuration in the local development environment
Authentication Using X.509 Certification or CardSpace in NET Access Control Service
Let’s start the process by installing the X.509 certificate
Installing the X.509 Certificate
The source code of this exercise (Exercise 5 2) contains a generated certificate file called localhost.cer, which can be found in the subfolder Certificate after unzipping the source code
as Figure 5-9 shows
Trang 2149
■ Note To generate a new certificate you need to use the certificate enrollment service Since Windows
Vista/7 and Windows Server 2008 are designed as high-security operating systems, by default this service
is disabled from Windows Vista/7 and Windows Server 2008 If the operating system from your local
development is either Windows Vista/7 or Windows Server 2008, the easiest workaround to this issue is to request a new certificate from another computer that runs Window XP or Windows Server 2003 (You can
reference the following article from The Code Project to request a new certificate using Windows XP or
Windows 2003: http://69.10.233.10/kb/wcf/wcf certificates.aspx For troubleshooting the
certificate enrollment, see http://blogs.msdn.com/windowsvistanow/archive/2008/04/08/
troubleshooting-certificate-enrollment.aspx.)
Figure 5-9 Locate the certificate file that will be associated with the scope of an Azure solution in NET
Access Control Service
Find that file, right-click it, and select Install Certificate Follow the steps shown in Figure 5-10 to
install the certificate in the Trusted Root Certificate Authorities/Local Computer/Certificates store The results are shown in Figure 5-11
Trang 3150
Figure 5-10 Import certificate using certmgr.exe
Click the Windows Start button and type “mmc” in the search bar to find the utility program mmc.exe, and bring up the snap-in management console From the File menu, select the certmgr.msc certificate management snap-in
Trang 4151
Figure 5-11 Start certmgr.msc Windows snap-in certificate management tool
Figure 5-12 shows the results after the certificate has been installed successfully Follow the arrow to get the detailed information of the Thumbprint and copy the data to the “<behavior>” section of the
Service project configuration file App.config as shown in the boldface lines in Listing 5-12
Figure 5-12 Certificate has been installed to Trust Root Certificate Authorities, Local Computer store
Listing 5-12 Insert the Data of the Installed Certificate Thumbprint Information in the Configuration File App.config of the Service Project
Trang 5152
<behavior name="UserRegisterServiceBehavior">
<serviceMetadata httpGetEnabled="True"
httpGetUrl="http://localhost/AzureForDotNetDeveloperWCFservice/wsdl" /> <serviceDebug includeExceptionDetailInFaults="True" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="True" />
</clientCertificate>
<serviceCertificate storeLocation='LocalMachine'
storeName='My'
x509FindType='FindByThumbprint'
findValue='01 20 90 8a 7e 12 52 45 9b 37 4b 92 64 14 18 e8 0d 12 63 fc' /> </serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
Associating the Certificate to the Azure Application URL
To associate an installed X.509 on a client-side machine to the Azure cloud you use the registration process The installed certification can be exported into a file of the pfx format via the certificate management snap-in tool we used above The file exported with the extension pfx contains the certificate information and a corresponding private key (for CA-issued certification of a self-signed certificate) This exercise’s code also provides the exported pfx certificate file, which can be found in the same folder as the localhost.cer file In the next section I am going to walk you through this procedure step by step
To associate a certificate with an Azure application:
1 Sign in to the Azure portal and navigate to X.509 Certificates in NET Access
Control and select the Basic configuration as Figure 5-13 shows
2 On the X.509 Certificates setup page, enter the endpoint address of the WCF
services
3 Uncheck the box labeled “Retrieve certificate from URL (http or https)” and
select Browse