SQL Data Services (SDS) went to public CTP recently.  Customers now have 2 ways to acquire credentials to access SDS.  Some of you might wonder what the differences are between the credential obtained through SDS Public CTP and the credential obtained through Azure Services Invitations.  (Yip, that's right!  Both SDS are the same!  The only differences are the credentials.)

Before we go into the differences, let me clarify how I am going to refer each credential in this blog to avoid confusion:

  • SDS Credential - the credential obtained through SDS Public CTP
  • AC Credential - the credential obtained through Azure Services Invitations.  AC refers to Access Control.

 

So, what are the differences?

The following table pretty much summarizes the difference between the two credentials.  I want to provide some additional information here:

 

SDS Credential

AC Credential

Registration Channel

SDS Public CTP

Azure Services Invitations

Services Scope

SDS

SDS, .NET Access Control Services, .NET Service Bus, .NET Workflow Services

Authentication

Basics Authentication

Token-based Authentication

Protocol

REST and SOAP

SOAP only

 

Let's look at different WCF endpoints SDS provided to access the service

Now, let's look at some code to clarify the differences further more.  Following this instruction in SDS primer, I can create a configuration file that allows me to see all the SOAP endpoints that SDS provided.  Note that to SDS Sprint 5 SOAP endpoint host address is https://data.database.windows.net/soap/v1.

  • <endpoint address="https://data.database.windows.net/soap/v1" binding="basicHttpBinding" bindingConfiguration="BasicAuthEndpoint" contract="SitkaSoapServiceS5.ISitkaSoapService" name="BasicAuthEndpoint" />
  • <endpoint address="https://data.database.windows.net/soap/v1/zurich" binding="customBinding" bindingConfiguration="UsernameTokenEndpoint" contract="SitkaSoapServiceS5.ISitkaSoapService"  ame="UsernameTokenEndpoint" />
  • <endpoint address="https://data.database.windows.net/soap/v1/zurich" binding="customBinding" bindingConfiguration="CertificateTokenEndpoint" contract="SitkaSoapServiceS5.ISitkaSoapService" name="CertificateTokenEndpoint" />
  • <endpoint address="https://data.database.windows.net/soap/v1/zurich" binding="customBinding" bindingConfiguration="CardSpaceTokenEndpoint" contract="SitkaSoapServiceS5.ISitkaSoapService" name="CardSpaceTokenEndpoint" />

It's very clear that SDS provides 4 different SOAP endpoints for users to access SDS resources. 

  1. BasicAuthEndpoint - This endpoint should only be used if you are providing SDS credential
  2. UsernameTokenEndpoint - This endpoint should only be used if you are providing AC credential
  3. CertificateTokenEndpoint - This endpoint should only be used if you are providing AC credential and if you have associated certificate to your credential (I will clarify this in the following section)
  4. CardSpaceTokenEndpoint - This endpoint should only be used if you are providing AC credential and if you have associated Windows Cardspace to your credential (I will clarify this in the following section)

With this, to access SDS resources in code (C#), it will look like this:

using SitkaSoapServiceS5;

static void CreateAuthority(string auth)

   using (SitkaSoapServiceClient proxy = new SitkaSoapServiceClient("[ENDPOINT_NAME]"))

   {

      // Set credential information here using proxy.ClientCredentials.  See http://msdn.microsoft.com/en-us/library/cc984294.aspx for more information

      Scope scope = new Scope();
      Authority newAuthority = new Authority;
      newAuthority.Id = auth;
      proxy.Create(scope, newAuthority);

   }
}

Again, make sure you use the right credential to access SDS for different SOAP endpoints.

 

So, why are there so many endpoints to access SDS using AC credential (token-based credentials)?

If you have already played with .NET Access Control Service, this might come obvious to you.  If not, let's take a brief look at the solution credential page at http://accesscontrol.ex.azure.microsoft.com/

Access Control Service provides three different identifications for a solution. 

  1. Solution Password - this is corresponding to the UsernameTokenEndpoint
  2. Windows CardSpace Information Card - this is correspoinding to the CardSpaceTokenEndpoint
  3. X.509 Certificates - this is corresponding to the CertificateTokenEndpoint

 

How do I use SDS SD Tools with AC credential or SDS credential?

The following table provides some samples of accessing SDS resources through SDS SDK Tools using different credentials:

 

SDS Credential

AC Credential

SDS Explorer

It should work!

Since SDS Explorer is using the REST interface (or at least I can't find a way to use the SOAP interface).  I don't think you can use AC credential to access SDS resources through SDS Explorer

SDS CMD Prompt

SOAP example
st create [AUTH_ID] /
user:[USERNAME] /password:[PASSWORD] /soap

REST example
st create [AUTH_ID] /user:[USERNAME] /password:[PASSWORD] /rest

SOAP example
st create [AUTH_ID] /user:[SOLUTION_NAME]@accesscontrol.windows.net /password:[SOLUTION_PASSWORD] /soap

Note that there is option to use information card or certificate, please execute st /? For more detail.

REST example
Not Supported in this CTP

This ends up being a long post, but hope this helps readers kick off some SDS coding with either authentications available.  :)