This is first part of the overall scenario that should answer the following question:

How I can flow security context of end user through tiers between ASP.NET web app and the downstream REST WCF service?

Uploaded sample code to MSDN Code Gallery that shows how to use SWT token issued by Windows Azure Access Control Service (ACS). The bits are here:

• ASP.NET Security: SWT With Windows Azure ACS and WIF Custom Token Handler

The plan is next to add another Visual Studio Project to the solution based on the following walkthrough:

• How To: Authenticate to a REST WCF Service Deployed to Windows Azure Using ACS

The idea is simple – create one relying party in Windows Azure ACS and share the issued SWT token between the ASP.NET app and REST service. The challenge here is that WIF does not come with ready to use SWT token implementation and SWT token handler. To solve this scenario the code sample implements custom token handler, cannibalized from the following sample:

• Code Sample: Windows Phone 7 Application

Related

• Identity Flow Through Physical Tiers - ActAs Delegaton
• Calling REST Service On Behalf Of End User - OAuth 2.0 Delegation
• ASP.NET Relying Party to WCF (SOAP) Relying Party Delegation With Windows Live ID

This is second part following the first part, ASP.NET: Authentication With SWT Token Using Windows Azure ACS and WIF Custom Token Handler, of the overall scenario that should answer the following question:

How I can flow security context of end user through tiers between ASP.NET web app and the downstream REST WCF service?

Just published code sample on MSDN Code Gallery for the REST WCF part. Bits are here:

• REST WCF With SWT Token Issued By Windows Azure Access Control Service (ACS)

It largely follows the instructions available here:

• How To: Authenticate to a REST WCF Service Deployed to Windows Azure Using ACS

Next is to connect both parts and enable the scenario of flowing the security context of end user through the tier. The challenge will be to make the original SWT token that was issued for the front end ASP.NET web app available to the backend REST WCF service. Will outline in the third and final part of these series of blog posts.

Related

• Identity Flow Through Physical Tiers - ActAs Delegaton
• Calling REST Service On Behalf Of End User - OAuth 2.0 Delegation
• ASP.NET Relying Party to WCF (SOAP) Relying Party Delegation With Windows Live ID

Just published the article for the following scenario:

• ASP.NET Web App To REST WCF Service Delegation Using Shared SWT Token

Scenario:

In this scenario you are developing distributed application that includes front end ASP.NET web app and the backend REST WCF service. You are interested to use public identity providers, such as Live ID, Google, Facebook, Yahoo!, and OpenID 2.0, to authenticate users. You are also interested to flow the original identity of the end users down to the backend REST WCF service for authentication and authorization purposes at the backend.

Solution Approach:

Windows Identity Foundation (WIF) and Windows Azure Access Control Service (ACS) is used to solve this scenario. The approach is to have one relying party configured in ACS that issues SWT token. This SWT token is used with both front end ASP.NET web app and downstream REST WCF service. The signing keys shared with all three - ACS, ASP.NET RP, REST WCF RP.

Resources:

• Code Sample: ASP.NET Web App To REST WCF Service Delegation Using Shared SWT Token
• Visio Diagrams: ASP.NET to WCF (REST) Delegation With Live ID, Google, Facebook Using SWT.vsd