Use a managed card for identity authentication on the Azure Platform

In the previous article, we introduced how to use the "Create personal card" method to verify permissions on the AZURE platform. Of course
The AZURE platform also provides managed cards for third-party authentication. Third-party authentication services may be provided by banks.
Financial institutions or other companies. Of course, Microsoft also provides a website to help us generate
And Management hosting card, link to the site: https://ipsts.federatedidentity.net/MgmtConsole/Default.aspx

Next we will demonstrate how to create a new account on the site, fill in the card information step by step, and download the card. And
Finally, configure the authentication link and its parameters for mutual access control with the AZURE platform.

1. Open https://ipsts.federatedidentity.net/mgmtconsole/default.aspxand click the lower-right corner of the webpage.
Corner Sign up button:

2. Fill in the corresponding user information on the current jump page, and click "submit:

3. At this time, the system will prompt you to configure the declaration, which will be obtained when a third party responds to the request for the corresponding
Display and logical judgment.

Enter relevant information and click "continue. The registration process is complete, and the system will guide you to account management.
The page is as follows:

Click the "Edit Profile Information" link to Edit other Information of the Account, for example:

In the Group edit box, enter Domain Users to identify all groups of the current user account.
Used to bind user group information on the AZURE platform. After editing, click "Save" and the system will jump back to management.
Page, click the icon next to the "Download your username/password card" link on the Management page, for example:

At this time, the system will prompt you to download the current card to the local machine. We can select the corresponding local path to download and save it.

Well, the above just completed the creation of a third-party authentication service hosting card.

========================================================== ==========================================================

Next, let's take a look at how to configure the corresponding card (just created) authentication information binding on the AZURE platform.

1. Open https://accesscontrol.ex.azure.microsoft.com/login.aspx? Name = <YourSolutionName>
Note (YourSolutionName is the name of the solution I mentioned in the previous article), and then click "Advanced"
Button. For example:

 

2. In the "Solution Name" drop-down box on the current page, select "ServiceBus" and click "Manage" below"
Links, such:

3. Click the "Identity Issuers" link on the current page, as shown below:


4. On the current "Identity Issuers" page, click: Add Issuers and Add the following content,

Display Name: https://ipsts.federatedidentity.net
Issuer URI: https://ipsts.federatedidentity.net/MgmtConsole/
Certificate: https://ipsts.federatedidentity.net/MgmtConsole/

For example:

Click "Save" to Save the current settings.

5. When configuring the current. NET Access Control Service, a new Claim Type will be identified. This Type table
The information we want to obtain from Federatedidentity.net. The Claim Type will be configured below.
Click the "Claim Type" link in the "Scope Management" toolbar, for example:

6. Click "Add Claim Types button" on the current page to jump to, for example:

7. Configure the following node information on the current page:
Display Name: Group
Claim Type: http://ipsts.federatedidentity.net/group
For example:

Click "Save.

8. Then we need to edit relevant information binding Rules. In the Scope Management toolbar, click "Rules"
Links, such:

9. Click the "Add Rules" button on the current page to bind the following information to the "Add Rules" Page:

Input Claim (s) defines request declarations:
Type: Group
Value: Domain Users
Issuer: https://ipsts.federatedidentity.net

Output Claim defines the issued statement:
Type: Action
Value: Send

After the configuration is complete:

Click "Save" to add the corresponding rule. Then, we can add the rule to the existing rule list.
We can see the rule we just created, for example:

========================================================== ========================================================== =====

After creating a security token service (STS) Policy for the Federatedidentity.net site
The Federatedidentity.net site completes the creation of some response policies.

1. Open a new IE window and enter the following link in the address bar:
Https://ipsts.federatedidentity.net/MgmtConsole/UserProfile.aspx

Click "Manage Relying Party Policies", and then click "Add a New Policy" on the current page,
For example:

2. Fill in the following content in the Create a New Policy form:

Relying Party Name: accesscontrol.windows.net
Relying Party URL: http://accesscontrol.windows.net
Upload Certificate for token encryption (Note: This setting currently uses the Certificate in the Development Kit ):
C: "AzureServicesKit" Labs "IntroAccessControlService" Assets "accesscontrol.windows.net. cer

Select claims to release: Leave the Site ID checked and also check the Group checkbox

For example:

After entering the information, click "Save". The system displays the policy information you have created:

========================================================== ========================================================== ====================

After completing the above three settings, we will use a ready-made DEMO in the SDK (the DEMO is located:
C: "AzureServicesKit" lables "IntroAccessControlService" Ex01-FederatedIdentity "end ")
Check whether our configuration is valid.

1. Use two VS2008 to open the solution, one of which uses "Service" as the startup project and the other
Use "Client" as the startup project.

2. First run the Service project, such:

 

3. Run the Client project, such:

 

4. After you enter "solution name" and press enter to confirm, the "Window CardSpace" Window will pop up,
Ask us to select the corresponding authentication card (assuming we have completed adding the previously created managed card to the current system
), And then the managed card we just created, such:
 

5. After clicking send, the system will prompt us to enter the card password, for example:

 

6. The following information is displayed after the corresponding serivce and client command line window is opened:

Well, today's content will come here first.

 

Link: http://www.cnblogs.com/daizhj/archive/2008/12/18/1357460.html

Author: daizhj, Dai zhenjun

URL: http://daizhj.cnblogs.com/