Chapter 14

AppFabric: Access Control Service

What’s in this chapter?

• Using the Access Control Service to secure web applications with Windows Live ID and Google ID
• Integrating the Access Control Service log on page into your application
• Setting up single sign-on from the local network to the cloud

Security is one of the key aspects of cloud computing. Often, cloud applications run in the public space, so managing who has access is crucial. Also, business applications that run in the cloud should be as accessible as if they were running in the local network. The Access Control Service helps you with these scenarios.

What Is the Access Control Service?

In Chapter 9, “Identity in Azure,” you learned about identity federation with Windows Identity Foundation (WIF); you built your own Security Token Service (STS) to provide tokens for authentication and authorization with websites and web services with a trust relationship on that STS. Because of the importance of the STS, building your own STS may not be the best idea from a security perspective. Most of the time, you should rely on a battle-tested STS, such as Active Directory Federation Services (ADFS) 2.0. For Windows Azure the Access Control Service (ACS) is the STS of choice. Not just because it is part of the Windows Azure suite of services, but also because it supports several ways to authenticate and several protocols. In addition, ACS is a cloud-based solution, so new features are added more quickly than with traditional ...