<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d8211560\x26blogName\x3dTech+Tips,+Tricks+%26+Trivia\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttp://mvark.blogspot.com/search\x26blogLocale\x3den\x26v\x3d2\x26homepageUrl\x3dhttp://mvark.blogspot.com/\x26vt\x3d-5147029996388199615', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>

Tech Tips, Tricks & Trivia

by 'Anil' Radhakrishna
An architect's notes, experiments, discoveries and annotated bookmarks.

Search from over a hundred HOW TO articles, Tips and Tricks


An overview of ACS, ADFS, WIF


Notes from the TechNet Windows Azure AppFabric Access Control Service (ACS) Academy video series -
  • ACS or Access Control Service is a cloud service that abstracts authentication & lets you focus on app development rather than on plumbing
  • ACS is part of Windows Azure Platform - a service within AppFabric 
  • ACS offers federation with Internet identity providers (like Windows Live ID, Facebook, Yahoo, Google) & corporate identity providers (via ADFS v2.0) 
  • Federation means you can outsource authentication to industry mature identity management systems
  • ACS implements federation and trust for web apps using industry standards protocols.
  • ACS can use WS-Federation, WS-Trust, OpenID, OAuth 2.0, OAuth WRAP and SAML 1.1 and 2.0, SWT token formats
  • ACS works for Web and Web services architectures
  • The core functionality of Access Control Service (ACS) & Active Directory Federation Services or ADFS is STS or Security Token Service
  • Both Access Control Service (ACS) & Active Directory Federation Services (ADFS) can be used to implement SSO or single sign-on
  • ADFS is an on-premises STS & is part of the AD in Windows Server.
  • ADFS is both an on-premises Identity & Federation provider. ACS does not manage identities 
  • ADFS relies on Active Directory for identity management but it can federate with non-MS enterprise identity providers like Oracle Identity Federation, CA Federation Manager & more
  • ACS & ADFS integrate seamlessly
  • ACS can serve Private Cloud, PaaS Cloud (not just limited to Windows Azure Platform due to its implementation on open standards) and SaaS Cloud needs
  • ACS is not limited to consumption by Windows Azure deployed apps; any modern app platform hosted on PaaS cloud providers can consume ACS
  • ACS can serve cloud deployed apps, on-premises apps, mobile device apps
  • WIF or Windows Identity Foundation is a .NET runtime that runs as part of your web application or service.
  • WIF is available as a free download
  • ACS & WIF perform protocol & token heavy lifting so that you can focus on your authorization logic
  • ACS does heavy lifting for handling protocols like WS-Federation, WS-Trust, OpenID, OAuth 2.0, OAuth WRAP, Facebook Graph
  • ACS can issue normalized SAML & SWT tokens 
  • You can control authorization access via the ACS Rules Engine & WIF
  • WIF parses incoming tokens & exposes a convenient .NET API
  • WIF provides design time tooling via FedUtil wizard tool
  • WIF offers extensibility through configuration sections, custom toke handlers
  • Using Rules Engine, you can control what claims get into the token & which Identity providers can provide authorization
  • Windows Identity Foundation (WIF) offers Role-based access control (RBAC) & Claims-based authorization
  • 2 ways to Administer ACS - via Management Portal & Management Service
  • Management Portal - accessed through Windows Azure portal
  • Management Service is a service that exposes OData endpoint & offers additional functionality not available via Management Portal
  • ACS can be managed manually and programmatically
  • 4 Key components of ACS:
    • Security Token Service (STS) - it issues tokens for clients that they use to present to the application in order to be authenticated
    • Management Portal - UI for administering ACS
    • Management Service - API/endpoint that is used for management automation. Everything you can do with the Management Portal, you can automate via the Management Service
    • Token Transformation Rule Engine - allows configuration based token transformation 
Related: HOW TO implement Authentication & Authorization using OAuth 2.0 Providers with ASP.NET WebForms

Labels: ,

Tweet this | Google+ it | Share on FB

« Home | Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »

»

Post a Comment