Access Control Services Sample v2

In a previous post, I wrote about a very simple Access Control Service example that I assembled during our investigation of ACS and the cloud in general.  The sample uses the Application_AuthenticateRequest event in global.asax to validate the security using the Geneva framework.

Geneva also enhances the standard ASP.NET authorization capabilities available via web.config.  To use this example, follow the instructions for the previous post and, once it is running, do the following:

Use web.config to prevent anonymous access to the entire site.  To do this, uncomment the authorization block at lines 60 - 62 so that it looks like this:

<

authorization>
<deny users="?"/>
</authorization>

Also in web.config, just before the configuration close tag on the last line, insert the following configuration information:

<

location path="default.aspx">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>

<location path="images">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>

These config params override the main authorization config and allow anonymous access to default.aspx and everything in the images folder.

Lastly, comment all of the code in global.asax.cs.

Press F5 and the default page will display.  When you click on the Page 2 link, you will be redirected to the Live login page.

Unfortunately, there is a bug in the CTP and you will get a 400 error.  Simply add the line below to the end of the url in the address bar and press enter, and you will be correctly redirected to the login page.

&whr=https://login.live.com

In a future post, I will explain a few different ways to integrate role support to the web application via ACS.