APSanjay12 on Wed, 05 Feb 2014 20:28:22
I have a WCF service endpoint exposed through a worker role. I want to configure the security for the endpoint as Windows, just like how i do it in normal WCF service on-premise.
Is there a way I can specify to my worker role that this WAAD is the AD for you and when I configure the WCF service endpoint to Windows authentication, the worker role figures it out that it has to go to the configured WAAD for authentication for the service request.
I found this Note in the document here : http://msdn.microsoft.com/en-us/library/ff803371.aspx but don't really know how to configure it.
In a future release, Windows Azure Access Control will be renamed to Windows Azure Active Directory (WAAD), and will expose functionality to support Windows Authentication in cloud-hosted applications. This would simplify implementation of authentication for Adatum.
Steve Syfuhs on Wed, 05 Feb 2014 21:04:50
Short answer is that you can't.
Azure Active Directory does not support Windows Authentication. Windows Active Directory supports Windows Auth, and Azure Active Directory supports a synchronized and federated relationship with Windows Active Directory. This unfortunately has no bearing on Windows Auth and Azure Active Directory. Windows Auth still relies on Kerberos or NTLM, and Azure Active Directory does not support either of those protocols.
What you can do is protect the WCF service with WS-Trust, which would be federated to Azure AD, or to ADFS on premise, and use SAML tokens generated by ADFS or Azure AD to authenticate callers.
APSanjay12 on Thu, 06 Feb 2014 22:43:29
Thank you for reply Steve. I will look into how can I protect my WCF service with WS-Trust which would be federated to Azure AD. I might have to use ACS in Azure to use Azure AD for federation.
Let me know if you can suggest me some articles on this topic.