Identity Management in Active Directory

The information on this site is designed to help developers understand the claims-based identity model and Microsoft’s vision and solution for an interoperable federated identity platform. This platform is comprised of the following key components:

Windows Azure Authentication Library

The Windows Azure Authentication Library (AAL) enables client application developers to easily authenticate users to Windows Azure Active Directory (AAD) or other identity providers, and then obtain access tokens for securing API calls. AAL also enables service developers to secure their resources by providing validation logic for incoming tokens. More…

Windows Azure Active Directory Graph

Windows Azure AD Graph provides programmatic access to Windows Azure Active Directory (AD) through REST API endpoints. Using Windows Azure AD Graph, developers can execute create, read, update, and delete operations on Windows Azure AD objects such as user or group. More…

Windows Azure Access Control Service

Windows Azure Access Control Service (ACS) is a cloud-based service that provides an easy way of authenticating and authorizing users to gain access to your web applications and services while allowing the features of authentication and authorization to be factored out of your code. More…

Windows Identity Foundation

Windows Identity Foundation (WIF) enables .NET developers to externalize identity logic from their application, improving developer productivity, enhancing application security, and enabling interoperability. WIF is now a part of the .NET Framework, and has been updated for .NET 4.5. More…

Active Directory Federation Services

Active Directory Federation Services (ADFS) enables you to use single sign-on to authenticate users to multiple, related Web applications over the life of a single online session. More…

Getting Started

Identity Management Blogs

Most Recent Blog Posts

Additional Tools & Documentation

Channel 9 Videos

Whitepapers

WIF Webcast Series

WIF Articles from MSDN Magazine

Getting Started

Windows Identity Foundation Download
Begin your evaluation of Microsoft Windows Identity Foundation today!
Get up to Speed on WIF
Now you can go through the recordings of a 2-day long workshop that will bring you from the basics of claims-based identity to the deep details of WIF processing pipeline, delegation, Windows Azure integration and more.
Active Directory Federation Services 2.0 Download
Begin your evaluation of ADFS 2.0 today!
Developer Training Kit
The Identity Developer Training Kit offers a comprehensive set of technical content including hands-on labs and references that are designed to help you learn how to use Microsoft's identity products and services.
Claims based access platform Forum
Find a Web forum that addresses your questions on Microsoft Windows Identity Foundation.
Step by Step Guides and Virtual Machines
These guides walk you through setup of a small test lab environment that you can use to evaluate the next generation of Microsoft federated identity technologies.
Overview of the Claims Based Architecture
Learn about Microsoft's new claims based access platform.
Microsoft Windows Identity Foundation (WIF) Whitepaper for Developers
Get started building claims-aware applications using Microsoft Windows Identity Foundation.
AD FS 2.0 Design and Deployment Guides
Learn how to set up and deploy ADFS 2.0 with these deploy and design guides from our TechNet Library.
Patterns and Practices
Claims Based Identity and Access Control Guide for Developers

Identity Management Technologies

Digital Identity for .NET Applications: A Technology Overview

This overview provides a broad introduction to digital identity for .NET architects and developers. After describing a few fundamental concepts, it walks through the major Windows identity technologies and how they can be applied. The goal is to help anyone who works in the .NET world understand and make better decisions about digital identity in their applications. By David Chappell.

System.DirectoryServices Namespace

Introduction to System.DirectoryServices.ActiveDirectory
This whitepaper introduces you to using S.DS.AD, in the .NET Framework 2.0, to perform Active Directory and AD LDS (formerly ADAM) management tasks.
Introduction to System.DirectoryServices.Protocols
S.DS.P, in the .NET Framework 2.0, provides raw LDAP access, meaning that it is designed specifically to reach beyond Active Directory and AD LDS (formerly ADAM) to other LDAP compliant directories. Therefore, if you plan to use .NET managed code against other LDAP directories, a great place to focus is on S.DS.P. A code sample accompanies the paper.
System.DirectoryServices.AccountManagement Namespace Overview
System.DirectoryServices.AccountManagement is a namespace in the Microsoft .NET Framework 3.5 that provides uniform access and manipulation of security principals across multiple principal stores. S.DS.AM manages directory objects independent of the System.DirectoryServices namespace.
Managing Directory Services Principals in the .NET Framework 3.5
In this MSDN Magazine article learn how to use the new System.DirectoryServices.AccountManagement namespace designed specifically for managing security principals. A code sample accompanies the article.
System.DirectoryServices Namespace
A drill-down into the DirectoryEntry and DirectorySearcher classes, their properties and methods. These allow you to work with AD, ADAM, and diverse directories on a network using a single interface.

Active Directory Federation Services

Active Directory Federation Services on Microsoft TechNet
Based on WS-* specifications, ADFS provides Web single-sign-on technologies and a federated identity management solution for securely sharing digital identity and entitlement rights across security and enterprise boundaries.
Step-by-Step Guide for AD FS
Learn how to set up AD FS in a test lab environment. This guide walks you through set-up of a claims-aware application and a Windows NT token–based application on an AD FS-enabled Web server.
AD FS SDK
Visit the SDK to learn about the AD FS API namespaces.

WCF Security

Improving Web Services Security
Learn how to design and implement authentication and authorization in WCF through end-to-end application scenarios. Improve the security of your WCF services through prescriptive guidance including guidelines, Q&A, practices at a glance, and step-by-step how to guides.