Windows Azure Web Role ASP.NET Application and Access Control Service (ACS) V2 – Quick Checklist

Programming Windows Azure - Programming the Microsoft CloudThis post outlines a quick checklist what’s needed to make the web app run on Windows Azure Compute Emulator locally on my machine when integrating with ACS v2.

Check the following to get your Web Role app run when integrating with ACS v2:

 void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
    //
    // Use the <serviceCertificate> to protect the cookies that are
    // sent to the client.
    //
    List<CookieTransform> sessionTransforms =
      new List<CookieTransform>(new CookieTransform[] {
new DeflateCookieTransform(), 
new RsaEncryptionCookieTransform(e.ServiceConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(e.ServiceConfiguration.ServiceCertificate)  });
    SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
    e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}

void Application_Start(object sender, EventArgs e)
{
    FederatedAuthentication.ServiceConfigurationCreated += OnServiceConfigurationCreated;
}
  • For Compute Emulator – run the app with ctrl+F5 or F5 vs. just right click –> browse – so it will run in the Compute Emulator vs. cassini [cassini is a built in web server with Visual Studio. If you run with cassini you will get just access denied].
  • For Compute Emulator - figure out unused ports, otherwise Compute Emulator assign random ports (read more on it in Overview of the Windows Azure Compute Emulator – look for “In the compute emulator, it is not possible to allocate a unique IP address.”). With dynamic IP’s and ports it will casue exceptions from ACS side (Error ACS50011, more ACS Error Codes). A workaround I am using is running netstat –a –n | findstr 127.0.0.1 to find out all taken ports and then configuring your WebRole’s endpoint’s port with one that’s not taken so it won’t generate a random one. You then assign this IP and port in ACS portal as Return URL when configuring your relying party.