[This is prerelease documentation and is subject to change in future releases. Blank topics are included as placeholders.]
The AppFabric Access Control service (AC) simplifies access control for Web service providers by lowering the cost and complexity of integrating with various customer identity technologies. Instead of having to address the different customer identity technologies, Web services can easily integrate with AC. Web services can also integrate with all identity models and technologies that AC supports through a simple provisioning process and through a REST-based management API. Subsequently, Web services can allow AC to serve as the point of integration for service consumers.
All application scenarios that involve AC consist of three service components:
- Service provider: The REST Web service.
- Service Consumer: The client application that accesses the Web service.
- Token issuer: The Access Control service itself.
Key Features
For this release, AppFabric Access Control focuses on authorization for REST Web services and the Azure Service Bus. The following is a summary of AC features:
-
Cross-platform support. AC is accessible from applications running on virtually any operating system or platform that can perform HTTPS operations.
-
Active Directory Federation Services (ADFS) version 2.0 integration, including the ability to parse and publish WS-Federation metadata.
-
Lightweight authentication and authorization using symmetric keys and HMACSHA256 signatures.
-
Configurable rules that allow mapping input claims to output claims.
-
Web Resource Authorization Protocol (WRAP) and Simple Web Token (SWT) support.
AppFabric Access Control Basic Components
Management Portal
The Windows Azure platform AppFabric portal provides a user interface that you can use to create a service namespace and manage AC resources for that service namespace. You can perform management operations through the portal such as retrieving your management keys and viewing the URIs associated with your service namespace. While you can accomplish these management tasks programmatically, the portal is useful for your initial service service namespace set-up and configuration activities.
Management Service
The AC management service is a set of REST API that allows service consumers to programmatically interact with AC resources. The management service uses the well-known REST protocol (HTTPS), methods (GET, PUT, POST, and DELETE), and their behaviors.
Token-Exchange Endpoint
AC exposes a single endpoint that issues tokens. It accepts plain text token requests, signed token requests, and SAML token requests and always returns a signed SWT.
SDK
AC code samples and a management sample are included in the .NET Services SDK.
See Also