Enterprise/Non-Enterprise users having BYOD (Bring your own device)machines outside of corporate enterprise domain need to authenticate themselves while running Store apps to get data from a secured data repository as an example, a web service hosted on Azure Cloud Service with a backend of SQL Azure…Well lets see the overall picture in the diagram below and understand the stake holders here ..

Windows Azure Active Direct Access Control

In my scenario, I have used the following :

  • Relying party application—WCF Data Services hosted on Azure Cloud Service
  • Client—Windows Store Application running on tablets/laptops outside corp domain
  • ACS —The partition of ACS that is dedicated to your relying party application, we will be using Service Identities (username/pwd) credentials
  • SQL Azure – Database Store for the application

So lets get started creating the solution….first things first ….lets create a WCF Data Service binding data from SQL Azure and publish on Cloud Service

-Set up SQL Azure database testdb with a table PersonInfo and add test data

image

-Add a WCF Service Web Role to create a cloud service to host our WCF Data Service

image

-Lets add an Entity Framework Model to create schema from the SQL Azure db, named it as MySampleDBEntities

image

-Add a new WCF DataService file, name it as MyWcfDataService , now we need to initialize the same with EF data model and set access rules for our table

public class MyWcfDataService : DataService<MySampleDBEntities>
   {
       // This method is called only once to initialize service-wide policies.
       public static void InitializeService(DataServiceConfiguration config)
       {
           config.SetEntitySetAccessRule("PersonInfoes", EntitySetRights.All);
           config.DataServiceBehavior.MaxProtocolVersion = DataServiceProtocolVersion.V3;
           config.UseVerboseErrors = true;
       }
   }

-Publish the Web Role to Cloud Service using your Azure Subscription

image

- Go to Windows Azure Portal and click the Site Url under the cloud service created

image

-Check if the feed data is pulled from SQL Azure

image


OK.. so far .. we have created a new service, connected with SQL Azure and hosted on cloud service. Now lets secure this cloud service with ACS using service identities and authenticate the client…Continue the discussion on my second post in the series