I just published a step by step guide to publish and consume a Windows Azure WCF Data Service connected to an Azure SQL Database using Azure Access Control Service (ACS) claims-based authentication.
The content has several lessons about exposing an Azure SQL Database on Windows Azure as a WCF Data Service. You can download a sample Console app to learn how to use an ACS token to connect to a Windows Azure cloud service, and use the token to LINQ query a Windows Azure WCF Data Service. In addition, the sample application shows how to use EncryptString to save sensitive data (user name and password) on the client.
You can download the word document and sample app at Migrate a WCF Data Service to Windows Azure Lessons on our Windows Azure SQL CodePlex site.
Lesson 1 - Create a local WCF Data Service that connects to Azure SQL Database
How to deploy the sample AdventureWorksLT2012_Azure database to Azure SQL Database
In lesson 1, you learn how to deploy a SQL Server database to an Azure SQL Database account, and create a WCF Data Service on localhost that exposes a Product OData resource including a product image resource stream.
Restricting the SQL Server User
When creating an Azure WCF Data Service, you should create web user accounts on your Azure SQL Database. For more information about adding users to your Azure SQL Database, see Adding Users to Your SQL Azure Database.
How to create a Visual Studio 2012 Windows Azure Cloud Service on localhost
You use Visual Studio 2012 with the Windows Azure SDK installed to create a Windows Azure Cloud Service on localhost.
How to create a Named Resource class to stream an image
This section shows you how to you create a named resource class to expose ThumbnailPhoto as an Edm.Stream entity type.
How to encrypt a connection string for testing on localhost
This section shows you how to protect sensitive connection string data by encrypting the web.config connection string for testing on localhost.
Lesson 2 - Publish a local WCF Data Service to a Windows Azure Cloud Service
In this lesson, you publish the local WCF Data Service created in lesson 1 to a Windows Azure Cloud Service. Sign up for aWindows Azure 90 day free trial, and follow the Windows Azure Account setup instructions.
How to publish a Windows Azure Cloud Service
A step by step guide to publish a local WCF Data Service to a Windows Azure Cloud Service using Visual Studio 2012.
How to encrypt a connection string for Windows Azure
In this section, you encrypt a connection string by opening a Remote Desktop session into your Windows Azure Compute VM.
Lesson 3 - How to implement claims-based authentication using Windows Azure ACS 2.0
In lesson3, you learn how to implement Windows Azure claims-based authentication using the Azure Access Control Service 2.0 (ACS). ACS is a cloud-based service that provides an easy way of authenticating and authorizing users to gain access to your web applications and services while allowing the features of authentication and authorization to be factored out of your code.
How to configure a user name and password ACS Service Identity
In ACS, a service identity is a credential that is registered with an ACS namespace and is intended for use by autonomous applications or clients. In this section, you learn how to configure an ACS Service Identity. You also learn how to configure a Relying Party Application using the Windows Azure portal.
How to obtain service credentials for an HttpModule
In this section, you learn how to create a security module that implements IHttpModule to validate a Windows Azure ACS token to authenticate a WCF Data Service user.
How to configure web.config for a Windows Azure WCF Data Service
In this section, you configure the AdventureWorksLTWindowsAzureWebRole web.config file.
How to create an Azure custom error page
In this section, you create a custom error page that is displayed when access is denied due to invalid credentials.
Lesson 4 - How to configure a Windows Azure WCF Data Service client App for Claims-based authentication
The AzureODataConsoleApp sample console application displays a LoginForm where you enter your Windows Azure ACS user name and password. The sample then connects to your claims-based Windows Azure WCF Data Service using an SWT token retuned using your credentials. A token allows a user to enter their username and password in order to obtain a time limited key token which allows them to fetch a specific resource - without using their username and password. The AzureWebClient.GetTokenFromACS() method in the tutorial source code returns a Windows Azure ACS SWT token representing a service resource scope for a username and password.
The AzureODataConsoleApp demonstrates how to:
- Get an ACS SWT token using AzureWebClient.GetTokenFromACS().
- Get an OData stream using AzureWebClient.OpenRead() passing the SWT token.
- Create a LINQ query to project the OData stream to a List<List<EntityProperty>>.
- Save a bitmap from a web response when querying a named resource stream.
- Use a Login Form to get user name and password
- Use EncryptString to save sensitive data on the client.