Following are characteristics of the scenario:
- WCF service that exposes its functionality via REST and requires an issued SWT token based on any type of credentials – username/password pair, symmetric key, or client certificate.
To solve this scenario, use ACS with the following configuration:
- In the app, use either custom Token Handler with WIF pipeline or parse the SWT token yourself.
- In ACS, use SWT token when configuring relying party (trust) for your WCF service.
- You can use any credential types – Password, Symmetric Key, or Client Certificates.
- Configure Service Identity depending on the credential you are using.
- Securing WCF Services with ACS
- How To: Add Service Identities with an X.509 Certificate, Password, or Symmetric Key
- Code Sample: OAuth 2.0 Certificate Authentication
- Code Sample: ASP.NET Web Service
- Code Sample: Windows Phone 7 Application
- Windows Identity Foundation (WIF) Configuration – Part V (<securityTokenHandlers>)
- Security Token Handler Collection Configuration
- Security Token Handler Configuration