Securing WCF Services with ACS

Updated: June 19, 2015

Applies To: Azure


In this scenario a WCF SOAP Service needs to integrate a third-party authentication and an identity management system

ACS v2 WCF Scenario

There are several challenges associated with the scenario:

  • How to configure WCF bindings to request a token from ACS?

  • How to validate the incoming token issued by the identity provider?

  • How to parse the incoming token?

  • How to implement authorization checks?

  • How to transform tokens by adding, removing, or changing the claims types and values?

  • How to do all of the above using configuration rather than coding?


ACS provides a solution to the scenario as depicted in the following image.

ACS v2 WCF Scenario and Solution

  • The UserNameWSTrustBinding, CertificateWSTrustBinding, and IssuedTokenWSTrustBinding classes are available as part of the Windows Identity Foundation’s (WIF) Microsoft.IdentityModel.Protocols.WSTrust.Bindings namespace and they are used to request a token from ACS.

  • Windows Identity Foundation (WIF) is used to validate incoming tokens.

  • Windows Identity Foundation (WIF) is used to parse the incoming tokens.

  • Windows Identity Foundation (WIF) is used to implement authorization checks.

  • The ACS rule engine is used to transform tokens.

  • Most of the work is done using the configuration either in the application’s web.config or/and through the ACS Management Portal.

Solution Summary

Category Topics






Token flow and transformation



Trust management


Code Sample

See Also


Scenarios and Solutions Using ACS