In this recipe, we will see how to secure the Windows Phone applications with ACS. We will use the Windows Azure Toolkit for Windows Phone.
If you don't have the toolkit installed, you can install it from http://watwp.codeplex.com/. You will need the Windows Phone SDK installed prior to installing the toolkit. The SDK can be downloaded from http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=27570.
To create an ACS-integrated Windows Phone application, perform the following steps:
- Create a new project from the new template installed under the Cloud project type:
- Select Windows Azure Storage on the next screen and click on Next.
- Provide your storage account information. If you don't have a Windows Azure account, select the Use Storage Emulator checkbox. Deselect the Use HTTPS checkbox and click on Next.
- Leave the default on the next screen and click on Next. On the last screen, select Use the Windows Azure Access Control Service and provide your ACS namespace and Management key.
- Click on OK in the last dialog box to configure ACS for your Windows Phone application.
Notice that the template has created three projects as follows:
- The WPCloudApp.Web web project, which contains the management portal for managing the authorization and the service that acts as a façade to various Windows Azure resources that will be used by the client application
- The WPCloudApp.Phone Windows Phone application project, which contains the actual application that will run on the user's Windows Phone devices
- The WPCloudApp Windows Azure Cloud project that will be used for deploying the portal on Windows Azure
This can be verified by looking at the following screenshot:
- Verify that port 443 is not being used in a local IIS for any site as it will be used by the portal (while running locally).
- Before you can run the Windows Phone application, the management portal should either be first deployed to Windows Azure and then run, or alternatively you can run it in the local Windows Azure simulator by running (Debug | Start new instance) the Cloud application first.
- Now, run the Windows Phone project and you should see the application running on the Windows Phone Emulator. Click on the Install Certificate link and install the certificate. This is necessary to run and authenticate it with the management portal.
- Once you have installed the certificate, click on your application and you will see the list of the identity providers configured under your namespace in ACS. You can click on any of those and log in to your application, as shown in the following screenshot:
You have your Windows Phone application successfully integrated with ACS and it is capable of authenticating the users when installed on any Windows Phone device.
The phone application pulls a list of the available authentication providers from the configured ACS namespace, and the users authenticate themselves with one of those providers. After that, Simple Web Token (SWT) provided by ACS is stored in the device and it is used to sign every HTTP request made to the services. Note that the services running as ASP.NET Web Role in the cloud act as a façade to the actual Windows Azure services. These services check the validity of the ACS token before authorizing a request to pass through to Windows Azure Storage or SQL Azure, as shown in the following diagram:
