Azure Access Control Service (ACS) enables a service provider to work with multiple identity providers. An authentication broker provides a layer of abstraction between identity providers and relying parties. ACS acts as an authentication broker so:
- Hides protocol details working with different identity providers
- Service provider can simultaneously work with multiple identity providers
- Handles claims transformation where not supported out the box by identity provider
Azure ACS Concepts
- ACS namespaces form a trust circle for identity providers and relying parties
- Rule groups define how identity claims are transformed before passing to relying parties
- Claim rules define how claims from an identity provider are transformed
- Services identities can be used to authenticate directly with ACS
- Identity providers could be AD FS, Facebook, Microsoft, etc.
- Relying party applications for which ACS may be used for authentication
Azure ACS or alternative tooling can be used for identity:
- ACS can be used as an authentication broker for AD FS
- ACS supports popular social networks as identity providers e.g. Facebook
- Newer versions of ASP.NET use OWIN (Open Web Interface for .NET). OWIN decouples web applications and web servers, Katana is one implementation of OWIN.
- Azure Mobile Services also enable configure of identity providers using a similar method, connecting with an identifier and security key.