Angel \”Java\” Lopez on Blog

June 22, 2011

OAuth, OAuth2 and Azure Access Control Service (ACS): Links

Filed under: .NET, Azure, OAuth, OAuth2, Rest — ajlopez @ 9:37 am

The past two weeks I was working in a proof of concept application for a customer of mine, implementing OAuth2 using ACS (Azure Access Control Service). These are the principal links I used.

First, links about what is OAuth, its history, etc:

OAuth
http://en.wikipedia.org/wiki/OAuth
OAuth (Open Authorization) is an open standard for authorization. It allows users to share their private resources (e.g. photos, videos, contact lists) stored on one site with another site without having to hand out their credentials, typically username and password.

The Authoritative Guide to OAuth 1.0
http://hueniverse.com/oauth/guide/intro/
http://hueniverse.com/oauth/

http://oauth.net/core/1.0/

The new OAuth 2:

http://oauth.net/2/
http://hueniverse.com/2010/05/introducing-oauth-2-0/

OAuth in ACS and WCF:

Windows Azure AppFabric Access Control Service (ACS): WCF SWT/REST OAuth Scenario
http://blogs.msdn.com/b/alikl/archive/2011/06/02/windows-azure-appfabric-access-control-service-acs-wcf-swt-rest-oauth-scenario.aspx
Securing WCF Services with ACS
http://msdn.microsoft.com/en-us/library/gg185912.aspx

ACS (Azure Access Control Service) Added Support for OAuth 2.0 Protocol
http://www.ditii.com/2010/11/30/acs-azure-access-control-service-added-support-for-oauth-2-0-protocol/

This is the key web scenario example with code I studied [1]:
https://connect.microsoft.com/site1168/Downloads
It uses SWT (Simple Web Token) tokens to protect REST services. Read the setup to understand what it’s needed (Service Identity configuration) at Azure ACS.

The second key scenario example is desktop flow:

DataMarket OAuth Samples – Rich Client (2)
http://code.msdn.microsoft.com/DataMarket-OAuth-Samples-d7546d06
DataMarket OAuth Samples – Web Client
http://code.msdn.microsoft.com/DataMarket-OAuth-Samples-4c4e7c3a
Again, these examples uses SWT

I found these last two examples at:
http://code.msdn.microsoft.com/?f%5b0%5d.Type=SearchText&f%5b0%5d.Value=OAuth&x=0&y=0

I should review the code at:
Code Sample: OAuth 2.0 Certificate Authentication
http://msdn.microsoft.com/en-us/library/hh127795.aspx
contained in
Access Control Service Samples and Documentation
http://acs.codeplex.com/releases/view/57595

I could extend example [1] to support a WinForm client.

Keep tuned!

Angel “Java” Lopez
http://www.ajlopez.com
http://twitter.com/ajlopez

Create a free website or blog at WordPress.com.