Access Control Service 2.0

Published: April 7, 2011

Updated: December 9, 2011

Applies To: Windows Azure

Windows Azure Access Control Service (ACS) is a cloud-based service that provides an easy way of authenticating and authorizing users to gain access to your web applications and services while allowing the features of authentication and authorization to be factored out of your code. Instead of implementing an authentication system with user accounts that are specific to your application, you can let ACS orchestrate the authentication and much of the authorization of your users. ACS integrates with standards-based identity providers, including enterprise directories such as Active Directory, and web identities such as Windows Live ID, Google, Yahoo!, and Facebook.

Get Started with ACS

• Sign up for ACS through the Windows Azure Management Portal (http://go.microsoft.com/fwlink/?LinkID=129428) which has the production release of ACS and a service license agreement. After signing up, ACS namespaces can be created using the Service Bus, Access Control & Caching section of the portal.
  
  
• Try using ACS by following the steps in How To: Create My First Claims-Aware ASP.NET Application Using ACS and thus integrate your web application with ACS. For a list of ACS requirements, see ACS Prerequisites.
  
  
• Watch this Channel 9 video (http://go.microsoft.com/fwlink/?LinkID=236353) and learn what role ACS plays in managing identity and access control for applications running on the Windows platform.
  
  
• Download the latest Code Samples (http://go.microsoft.com/fwlink/?LinkId=213167) that demonstrate how to integrate ACS with web services, ASP.NET web sites (Web Forms and MVC), and how to interact with the ACS Management Service. See ACS Code Samples Index for additional information about using these code samples.
  
  

Key Features of ACS

ACS is compatible with most popular programming and runtime environments, and supports many protocols including Open Authorization (OAuth), OpenID, WS-Federation, and WS-Trust. ACS is compatible with virtually any modern web platform, including .NET, PHP, Python, Java, and Ruby.

The following are the key features of ACS:

• Integration with Windows Identity Foundation (WIF)
  
  
• Out-of-the-box support for popular web identity providers including Windows Live ID, Google, Yahoo, and Facebook
  
  
• Out-of-the-box support for Active Directory Federation Services (AD FS) 2.0
  
  
• Support for OAuth 2.0 (draft 10), WS-Trust, and WS-Federation protocols
  
  
• Support for the SAML 1.1, SAML 2.0, and Simple Web Token (SWT) token formats
  
  
• Integrated and customizable Home Realm Discovery that allows users to choose their identity provider
  
  
• An Open Data Protocol (OData)-based management service that provides programmatic access to the ACS configuration
  
  
• A browser-based management portal that allows administrative access to the ACS configuration
  
  

More Resources

You can use the following resources to learn more about ACS:

• Release Notes
  
  
• Identity Developer Training Kit
  
  
• Chanel 9 Videos
  
  
• Windows Azure Security Forum
  
  

MSDN Content

• ACS FAQ
  
  
• Differences between Access Control Service 1.0 and Access Control Service 2.0
  
  
• Getting Started with ACS
  
  
• ACS 2.0 Components
  
  
• Scenarios and Solutions Using ACS
  
  
• ACS Functionality
  
  
• ACS Guidelines Index
  
  
• Troubleshooting ACS
  
  
• ACS How To's
  
  
• ACS Code Samples Index
  
  
• ACS Management Service API Reference
  
  
• Appendix A: Feedback and Community Information