Using Windows Azure Access Control Services for Windows Live Authentication using Live Id SDK – Part 2

Before proceeding further make sure that you have gone through the PART 1.
Ok, in part 1, we saw how ADFS authentication gives us profile information in the forms of claims which we don’t receive in case of using Live ID authentication.
To receive profile information we need to use Windows Live SDK. First we need to create an application on Live ID connect API’s portal. Browse to the following link, https://manage.dev.live.com/, login with your Live ID credentials and then create an application as shown below –
Click on Create Application link. Then provide application name [samplewebrole in my case] and language as English. Then under API settings specify, redirect URL.



This is the URL to which access token will be sent by Live ID. Then we will use this access token to receive profile information in Callback.aspx. Here in Redirect URL I am specifying the URL which will be online when application will be deployed to cloud. You can specify any other URL like – www.litware.com or anything of your choice.
Right now my redirect URL – http://--.cloudapp.net/ does not exists. However, live ID sends token only to this URL as it has been configured as Redirect URL on live SDK portal. So we need to redirect this URL to our localhost cloud URL which is – http://127.0.0.1/ so that token can be received by my application. To do this open host file from location C:\Windows\System32\drivers\etc\ and specify following information –



Now we will use SDK REST API to login to windows Live and to receive profile information. I will have to make these REST API calls on “windows Live ID” button click of ACS login page. However I don’t have login page of ACS. So I need to create a custom login page along with my button of Live Id. On click on my live id button we will make these REST calls. Also the code of ACS will be required so that ADFS button and other ACS stuff will work without any problem.
On ACS Azure portal, under Application Integration system tab in left hand panel, you can download ACS login page. This page is in HTML so I will convert to aspx page and add my own custom button named as “Live ID”. And click on this button I will make Live ID REST API calls.



Copy complete <HTML></HTML> of ACS HTML page and paste in <HTML> section of your login page. I have named it as Login.aspx. Then add your button under <div id="IdentityProvidersList"></div> as shown below –



Now we need to make our custom login page as startup page of the application. If you make your custom login page as startup page by right clicking on solution explorer and run the application; you will be still redirected to ACS login page and not your custom login page. To overcome on this problem we will need to specify “Forms Authentication” tag in web config of web role. So our application will become combination of Federated authentication (using ADFS) and Forms authentication (using Live ID connect).
By default federated authentication makes <authentication mode="None" />
Therefore comment above line from web config file and add following lines under <system.web> tag –
<httpRuntime maxRequestLength="1048576" executionTimeout="120" requestValidationMode="2.0" />
<authentication mode="Forms"><forms loginUrl="Login.aspx" defaultUrl="~/Callback.aspx" timeout="10" /></authentication>
Then add following tag parallel to <system.web> tag and not inside it; that is following tag will go under <configuration> tag –
<location path="Login.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="Callback.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>


Add following keys in ServiceConfiguration.local.cscfg file –
<Setting name="LiveIdClientID" value="your Cline ID received from application created in live id SDK portal" />
      <Setting name="LiveIdRedirectURL" value="http://Your redirect URL/Callback.aspx" />
      <Setting name="LiveIdClientSecret" value="your client secret" />
      <Setting name="LiveIdOAuthURL" value="https://oauth.live.com/token" />

Add following code in code behind of custom login page –
protected void Page_Load(object sender, EventArgs e)
        {
            //if return url is not null means user coming from windows live ID else coming from ADFS
            if (Request.QueryS07ing["ReturnUrl"] != null)
            {
                if (Session["EmailAddress"] != null)
                {
                    IClaimsIdentity identity = User.Identity as ClaimsIdentity;
                    ClaimCollection collection = identity.Claims;

                    s07ing emailAddress = Convert.ToS07ing(Session["EmailAddress"]);
                    //re07ieve name without domain
                    s07ing userName = emailAddress.Split(new char[] { '@' })[0];
                    FormsAuthentication.RedirectFromLoginPage(userName, 07ue);
                }
            }
        }

        protected void btnLiveIDLogin_Click(object sender, EventArgs e)
        {
            s07ing LiveConnectAuthUri = "https://oauth.live.com/authorize?client_id=<clientId>&scope=wl.signin%20wl.basic%20wl.emails&response_type=code&redirect_uri=<redirect_uri>";

            //read client id and redirection url from config file
            s07ing clientID = RoleEnvironment.GetConfigurationSettingValue("LiveIdClientID");
            s07ing redirectionURL = RoleEnvironment.GetConfigurationSettingValue("LiveIdRedirectURL");

            //create url
            s07ing authorizedRestCall = LiveConnectAuthUri.Replace("<clientId>", clientID).Replace("<redirect_uri>", redirectionURL);

            //redirect to login page
            Response.Redirect(authorizedRestCall);
        }


Now we need to add callback.aspx page to handle the tokens and receive profile information in it. The complete code for Callback.aspx is here – Callback.aspx.
My final project s07ucture is as follows –



Now run the application, your login page will appear as follows –



Click on out custom Live Id button. You will be redirected to login page of windows Live. After successful login, you may be asked for allowing access to the profile information. Click YES. Then code in Callback.aspx will be executed and email ID will be re07ieved. This email ID I am adding to the session which is then populated on Default.aspx as shown –



Hope it helps.
Cheers…
Happy Programming!!!

Comments

Post a Comment

Popular posts from this blog

The request has both SAS authentication scheme and 'Bearer' authorization scheme. Only one scheme should be used

Image
While doing testing after doing a POC on Securing Logic App with Azure Active Directory authentication , where I have put logic app behind APIM and before passing the request to logic app, apim does validation of the token.  I was encountered with an error "The request has both SAS authentication scheme and 'Bearer' authorization  scheme.  Only one scheme should be used." Why it happened After validating the token which is part of the header i.e. Authorization, APIM forwards the request as it is to backend. As  Logic app is configured as  back end , it's url already consist of SAS signature plus the request also has Authorization section and this is the problem. By default every request endpoint on a logic app has a Shared Access Signature (SAS) in the endpoint's URL, which follows this format: https://<request-endpoint-URI>sp=<permissions>sv...
Read more

Getting Started with Logic Apps - AS2

Image
What is AS2? Every enterprise requires some kind of product, service or counselling from another enterprises thus there happens a B2B(business to business) communications, some of the communication is unique whereas most of the communications are common for most of the enterprises e.g., Purchase Order. But every enterprise has there own way(format) of sending the messages, leading to difficult management when number of partners increased.  Considering this the Enterprise leaders decided to have some standards/rules defined across the communication leading to B2B protocol standards which provide guidelines for trading partners to follow when conducting business between enterprises. EDI X12, EDIFACT, TRADACOM etc. AS2 stands for Applicability Statement 2 and is a B2B messaging protocol used to transmit Electronic Data Interchange (EDI)/Business documents from one organization to another. So EDI standards define how to format data and AS2 specifies how to securely transport...
Read more

How to Debug and Trace request in Azure APIM - Portal, Postman, RequestBin

Image
Introduction  APIM is a great option to expose API's with out of box features for applying restrictions, preprocessing, postprocessing etc. You can leverage existing API's,  by importing it and it gets added as a new API with all the operations associated with it. And based on the requirements you  apply policies at the stage/level (Inbound,Backend/Outbound) and you are ready to use the API. Before it is shared, we do some testing to make sure everything is working as per the expectation and this is where Debugging and Tracing request becomes important. APIM does provide a way to Trace a call with the help of  Ocp-Apim-Trace http header. So whichever request/call is to be traced, it needs to include this in header  with the value set to true and it has dependency on another header, so that also needs to be passed i.e.  Ocp-Apim-Subscription-Key Note: The api on which Tracing is to applied , it requires the subscription key to be en...
Read more