Code Sample: ASP.NET Simple MVC 2

  • Article

Updated: June 19, 2015

Applies To: Azure

This sample illustrates how to integrate Microsoft Azure Active Directory Access Control (also known as Access Control Service or ACS) with an ASP.NET MVC application. The code for this sample is located in the ASPNETSimpleMVC (C#\Websites\ASPNETSimpleMVC) subdirectory of the Microsoft Azure Active Directory Access Control (ACS) Code Samples package.

Prerequisites

To run this sample, you will need:

  1. An account at the Azure homepage and an Access Control namespace. This sample assumes that the name of the Go to the Microsoft Azure Management Portal (https://manage.WindowsAzure.com), sign in, and then click Active Directory. (Troubleshooting tip: "Active Directory" item is missing or not available) is acssamples, even though your Access Control namespace name will be different.

  2. Visual Studio 2010 (any version)

  3. Windows Identity Foundation SDK

For more details, see ACS Prerequisites (https://go.microsoft.com/fwlink/?LinkId=221065).

Configuring the Sample

The ACS configuration required for this sample can be performed using either the ACS Management Portal or the ACS Management Service. This topic describes both options.

  1. Option 1: Configuring the sample using the ACS Management Portal

  2. Option 2: Configuring the sample using the ACS Management Service

Option 1: Configuring the Sample Using the ACS Management Portal

To configure the sample using the ACS Management Portal

  1. Go to the Microsoft Azure Management Portal (https://manage.WindowsAzure.com), sign in, and then click Active Directory. (Troubleshooting tip: "Active Directory" item is missing or not available)

  2. To create an Access Control namespace, click New, click App Services, click Access Control, and then click Quick Create. (Or, click Access Control Namespaces before clicking New.)

  3. To manage an Access Control namespace, select the namespace, and then click Manage. (Or, click Access Control Namespaces, select the namespace, and then click Manage.)

    This action opens the Access Control Service management portal.

  4. To establish relationships with the identity providers you would like the users of your website to use when logging in, click Identity providers and add Yahoo! and Google. To return to the main page, click Home.

  5. To register your application with ACS, on the home page of the Access Control Service management portal, click Relying party applications, click Add, and then enter the following information in the form:

    • In the Name field, enter ASPNET Simple MVC Sample.

    • In the Realm field, enter https://localhost:63000/

    • In the Return URL field, enter https://localhost:63000/

    • In the Error URL field, enter https://localhost:63000/Error

    • In the Token format field, select SAML 2.0.

    • In the Token signing field, select Use service namespace certificate (standard).

  6. Click Save and then click Home to return the home page.

  7. With your relying party registered, it is now time to create the rules that determine the claims that ACS will issue to your application. In this sample, we will simply pass through all the claims issued by the identity provider. To create this rule, click Rule Groups and click Default Rule Group for ASPNET Simple MVC Sample. Near the bottom of the page, click the Generate link. Ensure that the three identity providers Yahoo!, Google, and Windows Live ID (Microsoft account) are selected and click Generate.

  8. Click Save and navigate back to the main page.

  9. With ACS configured, open Visual Studio.

Option 2: Configuring the Sample Using the ACS Management Service

The Visual Studio sample solution has a console application called ConfigureSample which uses the ACS Management Service and the common helpers defined in the Common class library. This application can be used to configure your Access Control namespace for use with this sample.

To configure the sample using the ACS Management Service

  1. To configure the sample, open SamplesConfiguration.cs (acs\Management\ManagementService\Common). Replace the placeholders in the SamplesConfiguration class in the Common class library with information about your Access Control namespace. You can find the information in the ACS Management Portal.

    To navigate to the ACS Management Portal: Go to the Microsoft Azure Management Portal (https://manage.WindowsAzure.com), sign in, and then click Active Directory. (Troubleshooting tip: "Active Directory" item is missing or not available) To manage an Access Control namespace, select the namespace, and then click Manage. (Or, click Access Control Namespaces, select the namespace, and then click Manage.)

    • ServiceNamespace - Enter the name of your Access Control namespace.

    • ManagementServiceIdentityName - Enter the name of an ACS management service account. The default is ManagementClient.

      To find the management service account name, in the ACS Management Portal, click Management service. The accounts are listed by name under Management Service Accounts.

    • ManagementServiceIdentityKey - Enter the password for the management service account.

      To find the management service account password, in the ACS Management Portal, click Management service. Click the name of a management service account, and then, under Credentials, click Password. The password appears in the Password field. To copy the password, click Show Password.

  2. Run the ConfigureSample application in Visual Studio, which will configure ACS to run this sample.

Running the Sample

To run the sample

  1. Open the sample located at Websites\ASPNETSimpleMVC\ASPNETSimpleMVC.sln in Visual Studio

  2. Press F5 to start the application.

  3. Close the browser to stop the application and proceed with configuring ACS.

  4. Right-click the project and select Add STS Reference from the context menu.

  5. In the dialog box, enter the root of the web application into the Application URI field and click Next. For this sample, this value is https://localhost:63000/

    Note

    The trailing slash is important as it lines up with the values you entered in ACS for your relying party. The wizard will issue a warning that your site is not using SSL. Accept this warning by clicking the Yes button, but remember that a production website should almost always use SSL for these scenarios.

  6. In the next window, select the Use Existing STS radio button, and enter the URI of the WS-Federation metadata published by your Access Control namespace. To find the URI, in the ACS portal, click Application Integration. If the name of your Access Control namespace is acssamples, the URI is https://acssamples.accesscontrol.windows.net/FederationMetadata/2007-06/FederationMetadata.xml. After you enter this value, click Next.

  7. Since your website does not require encrypted tokens, click Next and click Finish.

  8. ACS and your application are now configured. Press F5 in Visual Studio to run the application. Your browser will be directed to the ACS hosted Home Realm Discovery page.

  9. Click Google. Your browser will be redirected to a Google sign-in page.

  10. Enter credentials for a Google account and decline the user consent form.

  11. Your browser should return to https://localhost:63000/Error and display a custom error string indicating that login to the site was canceled.

  12. To try again, click the link and then click an identity provider.

  13. When your browser is at the identity provider, enter credentials for a test account, but, this time, accept the user consent form.

  14. Your browser should return to https://localhost:63000/. Notice that the name of your test identity appears in the top right section of the page. This data was issued by the identity provider and was returned to your application through ACS.