Using Access Control Service for Identity Federation

The Windows Azure Platform is full of goodies. Some are at the heart of the conversation – Web Roles, Worker Roles, SQL Azure, the fabric controller – these form a part of pretty much every conversation. Some are often mentioned, but usually in very little detail – the Marketplace, for example, or the Service Bus or the Caching capabilities.

Another topic I find that I often end up glossing over in conversations is the Access Control Service, not because it’s not useful or important, it is, simply because the platform is so big, and there’s only so much one can discuss in any one conversation, but federated identity is something I’m quite passionate about, and I just love the Windows Identity Foundation, so the Access Control Service is bound to be something close to my heart.

The Access Control Service is seemingly a fairly simple offering – on it’s own, in most circumstances, it does not really do much per-se, but, coupled with the Windows Identity Foundation and the .net framework, it enables federated identity scenarios (think single-sign on within, as well as across, organizations) easily, reliably and securely.

Using ACS, you can take any web application and, in just a few clicks, allow users to authenticate to it using all the major public identity providers (Windows Live ID, Yahoo, Google and Facebook) as well as, if you have ADFS, your corporate identity, or – if you need to – any other custom Secure Token Service that supports industry standards.

Want a proof? take a look at this walk through that shows how to enable a web site to use Google ID.

As a developer, ACS takes away the need to build authentication mechanism, store passwords, build password reset capabilities and all of that, you can simply leverage other identity providers. all that’s left for you to do is to enhance the given with your own profile information (as some of these provider will only give you a GUID for that user, no personal information is shared, which is a good thing!)

So – using the ACS can be a great relief for anyone building a public web site as it saves you a lot of work and your users the need to remember yet another set of credentials, but the support for ADFS means you can also protect your web assets with your corporate identity, no matter where they are deployed (your data centre, someone else’s data centre or the public cloud) and also – considering the Consumerization of IT trend – allowing users access to enterprise applications using external identities in a managed way may not be a bad thing.

About these ads

About Yossi Dahan
I work as a principal consultant in the CTO office of Solidsoft - a Microsoft partner in the UK with a strong focus on cloud, hybrid and integration based solutions. I spend my days working with both our customers and our project teams, helping them explore the possibilities that technology enables and how to derive value from them.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 28 other followers

%d bloggers like this: