You are designing a service that will use the Windows Azure AppFabric Service Bus.
You need to recommend an approach for controlling access to the service by using the Windows Azure AppFabric Access Control Service.
Which two actions should you recommend?
(Each correct answer presents part of the solution. Choose two.)
A.
Configure the service to not require authentication.
B.
Configure the service to require a relay access token.
C.
Specify message security for all communications between clients and the service.
D.
Specify transport security for all communications between clients and the service.
Explanation:
The Windows Azure Service Bus provides a hosted, secure, and widely available infrastructure for widespread communication, large-scale event distribution, naming, and service publishing. The Service Bus provides connectivity options for Windows Communication Foundation (WCF) and other service endpoints including REST endpoints — that would otherwise be difficult or impossible to reach. Endpoints can be located behind network address translation (NAT) boundaries, or bound to frequently-changing, dynamically-assigned IP addresses, or both.The Service Bus provides both relayed and brokered messaging capabilities. In the relayed messaging pattern, the relay service supports direct one-way messaging, request/response messaging, and peer-to-peer messaging. Brokered messaging provides durable, asynchronous messaging components such as Queues, Topics, and Subscriptions, with features that support publish-subscribe and temporal decoupling: senders and receivers do not have to be online at the same time; the messaging infrastructure reliably stores messages until the receiving party is ready to receive them.
—
Mode
Short for end-to-end security mode, this value defines the security across the message exchange through the Service Bus. The programmatic value depends on the specific relay binding; for example, the EndToEndSecurityMode type supports the NetTcpRelayBinding binding, and the EndToEndWebHttpSecurityMode value performs this service together with the WebHttpRelayBinding binding. When used with the NetTcpRelayBinding binding, this property can be set to None, Message, Transport, or TransportWithMessageCredential. The default is Transport, which means that the transport-specific security settings are enabled. If you use any setting that includes Message or Transport, you will have to set additional properties. In general, Mode value follows the standard WCF security programming model.Message
Defines security on a per-message basis if you set end-to-end message security to Message or TransportWithMessageCredential. Setting one of those values for the Mode property requires that this property also be set to specify the type of credentials that are used, and also to the algorithm that is used to help secure the credentials. As with Mode, the message security setting follows the WCF programming model.Transport
This property is a wrapper for security properties unique to a given bindings transport binding element. For example, the RelayedOnewayTransportSecurity class exposes and implements the ProtectionLevel setting on the NetEventRelayBinding and NetOnewayRelayBinding bindings. In contrast, the HttpRelayTransportSecurity type sets proxy credentials for BasicHttpRelayBinding and WS2007HttpRelayBinding bindings. As with the previous properties, Transport security generally follows the WCF security model.RelayClientAuthenticationType
Controls whether clients of a service are required to present a security token issued by Access Control to the Service Bus when it sends messages. Therefore, this security property is unique to the Service Bus, and is the focus of topics in this section of the documentation. Services are always required to authenticate with Access Control and present an authorization token to the Service Bus; otherwise they cannot register endpoints or create message buffers, each of which engages Service Bus resources. However, clients are required to authenticate with the Service Bus only if the RelayClientAuthenticationType is set to RelayAccessToken. Setting RelayClientAuthenticationType to None waives the requirement of a token. If you are providing your own authentication or if you do not need authentication, you may want to opt out of authentication on the client (sender) in the Service Bus leg of the communication. The default value is RelayAccessToken.