Secure Resources with Identity Providers

Azure Access Control Service (ACS) enables a service provider to work with multiple identity providers. An authentication broker provides a layer of abstraction between identity providers and relying parties. ACS acts as an authentication broker so:

  • Hides protocol details working with different identity providers
  • Service provider can simultaneously work with multiple identity providers
  • Handles claims transformation where not supported out the box by identity provider

Azure ACS Concepts

  • ACS namespaces form a trust circle for identity providers and relying parties
  • Rule groups define how identity claims are transformed before passing to relying parties
  • Claim rules define how claims from an identity provider are transformed
  • Services identities can be used to authenticate directly with ACS
  • Identity providers could be AD FS, Facebook, Microsoft, etc.
  • Relying party applications for which ACS may be used for authentication

Azure ACS or alternative tooling can be used for identity:

  • ACS can be used as an authentication broker for AD FS
  • ACS supports popular social networks as identity providers e.g. Facebook
  • Newer versions of ASP.NET use OWIN (Open Web Interface for .NET). OWIN decouples web applications and web servers, Katana is one implementation of OWIN.
  • Azure Mobile Services also enable configure of identity providers using a similar method, connecting with an identifier and security key.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s