How I can flow security context of end user through tiers between ASP.NET web app and the downstream REST WCF service?
Uploaded sample code to MSDN Code Gallery that shows how to use SWT token issued by Windows Azure Access Control Service (ACS). The bits are here:
The plan is next to add another Visual Studio Project to the solution based on the following walkthrough:
The idea is simple – create one relying party in Windows Azure ACS and share the issued SWT token between the ASP.NET app and REST service. The challenge here is that WIF does not come with ready to use SWT token implementation and SWT token handler. To solve this scenario the code sample implements custom token handler, cannibalized from the following sample: