When working with Access Control Service provided by Windows Azure AppFabric there is one “invisible fact”, which you have to b aware of.
Following code snippet shows how to request the token by Access Control Service:
NameValueCollection values = new NameValueCollection();
values.Add("wrap_name", "gettingstarted");
values.Add("wrap_password", issuerKey);
values.Add("wrap_scope", http://localhost/ACSGettingStarted);
byte[] responseBytes = client.UploadValues("WRAPv0.9/", "POST", values);
string response = Encoding.UTF8.GetString(responseBytes);
Note that the code shown above use original issuer and scope as provided in the SDK sample.
When you execute this sample you will need to enter the namespace and the issuerKey to be able to send the request to ACS.
The issuer key is in this case not the management key which is usually provided by service bus in the AppFabric portal.
If you use that one the request (UploadValues) will fail with following error:
"The remote server returned an error: (401) Unauthorized."
If you dig in the fiddler for exact response you will find something like this:
“Error:Code:401:SubCode:T2001:Detail:The issuer does not exist, or the secret or signature is invalid.”
To fix this, open the Access Control Service Management Browser, which is installed with ACS samples. ?:\????\WindowsAzureAppFabricSDKSamples_V1.0-CS\AccessControl\ExploringFeatures\Management\AcmBrowser
When using this tool enter the service namespace (this is hopefully clear) and the Management Key. Then lick on toolbar icon open “Load from Cloud”. After that you will get something like shown at the picture below.
Note that is required to execute Setup.cmd provided by ACSGettingStarted sample (also contained in the same SDK). Setup.cmd will create the issuer, scope and policy shown at the picture.
The red frame show aht key has to be provided as issuerKey-parameter in the code above.
Posted
Dec 05 2010, 04:33 PM
by
Damir Dobric