Quickly Testing Access Control Service

A colleague was having trouble getting Access Control Service to work correctly, so I put together a simple test to see what was being returned.

 

This code will work from a web project, or you can just put it directly into an IIS folder. I have the realm set to localhost/default.aspx, so adjust the instructions as necessary to point to the correct URL. All you need is the WebForm page and the code-behind file. The code doesn't use Geneva, so it will work on a normal ASP.NET 3.5 install.

 

Step 1 - create a web project and delete everything from default.aspx except the first line. Add a ValidateRequest="false" attribute to the Page directive. It should look similar to this

 

<%@ Page ValidateRequest="false" Language="C#" CodeFile="Default.aspx.cs" Inherits="_Default" %>

 

Step 2 - Paste the following code into the Page_Load event

 

if (Request["wresult"] == null)

{

    Response.Redirect("https://{{Account}}.accesscontrol.windows.net/passivests/LiveFederation.aspx?wa=wsignin1.0&wtrealm=http://localhost/default.aspx&whr=http://login.live.com");

}

else

{

    Response.Write(Request["wresult"]);

    Response.ContentType = "text/xml";

}

 

Make sure to replace {{Account}} with your ACS account name.

 

This code will automatically redirect you to the Live Federation page where you can login with your Live ID. Once you successfully login, the code pulls the SAML out of the wresult form variable and displays it as XML. This allows you to quickly test changes to ACS.

 

If you would like to control the output, you can replace the two lines of code that display the SAML with the following code:

 

XmlDocument d = new XmlDocument();

d.LoadXml(Request["wresult"]);

Response.Write("<table border=1>\n<tr><td>AttributeName</td><td>Value</td></tr>\n");

foreach (XmlNode node in d.GetElementsByTagName("saml:Attribute"))

{

    if (node.Attributes.GetNamedItem("AttributeName") != null)

    {

        Response.Write(string.Format("<tr><td>{0}</td><td>{1}</td></tr>\n", node.Attributes.GetNamedItem("AttributeName").Value, node.InnerText));

    }

}

Response.Write("</table>\n");

 

 

In my case, the display looks like this:

AttributeName

Value

role

Admin

emailaddress

user@foo.com

name

user@foo.com

 

 

This is NOT a secure implementation - for that, use Geneva. However, this will help you quickly validate if you're getting what you expect from the Live ID Federation page.