Export (0) Print
Expand All
2 out of 4 rated this helpful - Rate this topic

Securing Web Applications with ACS

Published: April 7, 2011

Updated: February 21, 2014

Applies To: Windows Azure

Scenario

In this scenario a web application needs to integrate with a third-party authentication identity management system.

ACS v2 Web Scenario

There are several challenges associated with the scenario:

  • How to redirect unauthenticated requests to the required identity provider?

  • How to validate the incoming token issued by the identity provider?

  • How to parse the incoming token?

  • How to implement authorization checks?

  • How to transform tokens by adding, removing, or changing the claims types and values?

  • How to do all of the above using configuration rather than coding?

Solution

Windows Azure Active Directory Access Control (also known as Access Control Service or ACS) provides a solution to the scenario as depicted in the following image.

ACS v2 Web Scenario and Solution


  • Windows Identity Foundation (WIF) is used to redirect unauthenticated requests to ACS. ACS redirects the requests to the configured identity provider.

  • Windows Identity Foundation (WIF) is used to validate incoming tokens.

  • Windows Identity Foundation (WIF) is used to parse the incoming tokens.

  • Windows Identity Foundation (WIF) is used to implement authorization checks.

  • The ACS rule engine is used to transform tokens.

  • Most of the work is done using the configuration either in the application’s web.config or/and through the ACS Management Portal.

Solution Summary

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.