Code Sample: ASP.NET Simple Forms
Updated: June 19, 2015
Applies To: Azure
This sample illustrates how to integrate ACS with an ASP.NET Web Forms application. The code for this sample is located in the ASPNETSimpleForms (C#\Websites/ASPNETSimpleForms) subdirectory of the Microsoft Azure Active Directory Access Control (ACS) Code Samples package.
To run this sample, you will need:
An account in the Azure portal and an Access Control namespace.
Visual Studio 2010 (any version)
Windows Identity Foundation SDK
Configuring the Sample
The ACS configuration required for this sample can be performed by using either the ACS Management Portal or the ACS Management Service. This topic describes both options.
Option 1: Configuring the sample using the ACS Management Portal
Option 2: Configuring the sample using the ACS Management Service
Option 1: Configuring the Sample Using the ACS Management Portal
To configure the sample using the ACS Management Portal
Go to the Microsoft Azure Management Portal (https://manage.WindowsAzure.com), sign in, and then click Active Directory. (Troubleshooting tip: "Active Directory" item is missing or not available)
To create an Access Control namespace, click New, click App Services, click Access Control, and then click Quick Create. (Or, click Access Control Namespaces before clicking New.)
To manage an Access Control namespace, select the namespace, and then click Manage. (Or, click Access Control Namespaces, select the namespace, and then click Manage.)
This action opens the Access Control Service management portal.
To establish relationships with the identity providers you would like the users of your website to use when logging in, click Identity providers, and add Yahoo! and Google. Then click Home to return to the main page.
To register your application with ACS, click Relying party applications, click Add, and then enter the following information in the form:
In the Name field, enter ASPNET Simple Forms Sample.
In the Realm field, enter http://localhost:62000/
In the Return URL field, enter http://localhost:62000/
Select SAML 2.0 from the Token format drop-down list box.
In the Identity providers section, select Google, Windows Live ID, and Yahoo!
In the Token signing field, select Use service namespace certificate (standard).
Leave the other fields at their default values.
Click Save and then navigate to the main page.
With your relying party application registered, it is now time to create the rules that determine the claims that ACS will issue to your application. In this sample, we will simply pass through all the claims issued by the identity provider. To create this rule, click Rule Groups and then click Default Rule Group for ASPNET Simple Forms Sample. At the bottom of the page, click the Generate link. Ensure that the three identity providers Yahoo!, Google, and are selected and click Generate. Finally, click Save and navigate back to the main page.
With ACS configured, open Visual Studio.
Option 2: Configuring the Sample Using the ACS Management Service
To configure the sample using the ACS Management Service
To configure the sample, open SamplesConfiguration.cs (acs\Management\ManagementService\Common). Replace the placeholders in the SamplesConfiguration class in the Common class library with information about your Access Control namespace. You can find the information in the ACS Management Portal.
To navigate to the ACS Management Portal: Go to the Microsoft Azure Management Portal (https://manage.WindowsAzure.com), sign in, and then click Active Directory. (Troubleshooting tip: "Active Directory" item is missing or not available) To manage an Access Control namespace, select the namespace, and then click Manage. (Or, click Access Control Namespaces, select the namespace, and then click Manage.)
ServiceNamespace - Enter the name of your Access Control namespace.
ManagementServiceIdentityName - Enter the name of an ACS management service account. The default is ManagementClient.
To find the management service account name, in the ACS Management Portal, click Management service. The accounts are listed by name under Management Service Accounts.
ManagementServiceIdentityKey - Enter the password for the management service account.
To find the management service account password, in the ACS Management Portal, click Management service. Click the name of a management service account, and then, under Credentials, click Password. The password appears in the Password field. To copy the password, click Show Password.
Run the ConfigureSample application in Visual Studio, which will configure ACS to run this sample.
Running the Sample
To run the sample
Open the sample located at Websites\ASPNETSimpleForms\ASPNETSimpleForms.sln in Visual Studio.
Press F5 to start the application.
Close the browser to stop the application.
Right-click the project and select Add STS Reference from the context menu.
In the dialog box, enter the root of the web application into the Application URI field and click Next. For this sample, this value is http://localhost:62000/
The trailing slash is important as it lines up with the values you entered in ACS for your relying party. The wizard will issue a warning that your site is not using SSL. Accept this warning by clicking the Yes button, but remember that a production website should almost always use SSL for these types of scenarios.
In the next window, select the Use Existing STS radio button and enter the URI of the WS-Federation metadata published by your Access Control namespace. That URI can be found in the portal under Application Integration. If your Access Control namespace is acssamples, the URI is https://acssamples. accesscontrol.windows.net/FederationMetadata/2007-06/FederationMetadata.xml. After you enter the value, click Next.
Since your website does not require encrypted tokens, click Next on the remaining dialog boxes, and then click Finish.
Both ACS and your application are now configured. Press F5 in Visual Studio to run the application. Your browser will be taken to the ACS hosted Home Realm Discovery page.
Click Yahoo! or Google and your browser will be taken to that identity provider.
Once your browser is at the identity provider, enter credentials for a test account, and accept the user consent form.
Your browser should return to http://localhost:62000/. Notice that the name of your test identity appears in the upper-right section of the page. This data was issued by the identity provider, and was returned to your application through ACS.