Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All


This book marks a milestone in a journey I started in the winter of 2007. At that time, I was offered the opportunity to enter a completely new domain: the world of software delivered as a service. Offerings such as Microsoft Azure™ technology platform were far from being realized, and "the cloud" was still to be defined and fully understood. My work focused mainly on uncovering the specific challenges that companies would face with this new way of delivering software.

It was immediately obvious that managing identity and access control was a major obstacle for developers. Identity and access control were fundamental. They were prerequisites for everything else. If you didn't get authentication and authorization right, you would be building your application on a foundation of sand.

Thus began my journey into the world of claims-based identity. I was very lucky to initiate this journey with none other than a claims Jedi, Vittorio Bertocci. He turned me into a convert.

Initially, I was puzzled that so few people were deploying what seemed, at first glance, to be simple principles. Then I understood why. In my discussions with colleagues and customers, I frequently found myself having to think twice about many of the concepts and about the mechanics needed to put them into practice. In fact, even after longer exposure to the subject, I found myself having to carefully retrace the interactions among implementation components. The principles may have been simple, but translating them into running code was a different matter. Translating them into the right running code was even harder.

Around this time, Microsoft announced Windows Identity Foundation (WIF), Active Directory® Federation Services (ADFS) 2.0, and Microsoft Azure AppFabric Access Control Service (ACS). Once I understood how to apply those technologies, and how they dramatically simplified claims-based development, I realized that the moment had come to create a guide like the one you are now reading.

Even after I had spent a significant amount of time on the subject, I realized that providing prescriptive guidance required greater proficiency than my own, and I was lucky to be able to recruit for my quest some very bright and experienced experts. I have thoroughly enjoyed working with them on this project and would be honored to work with this fine team again. I was also fortunate to have skilled software developers, software testers, technical writers, and others as project contributors.

I want to start by thanking the following subject matter experts and key contributors to this guide: Dominick Baier, Vittorio Bertocci, Keith Brown, Matias Woloski, Scott Densmore and Christian Nielsen. These guys were outstanding. I admire their rigor, their drive for excellence, and their commitment to practical solutions.

Running code is a very powerful device for explaining how technology works. Designing sample applications that are both technically and pedagogically sound is no simple task. I want to thank the project's development and test teams for providing that balance: Federico Boerr, Carlos Farre, Diego Marcet, Anant Manuj Mittal, Erwin van der Valk, and Matias Woloski.

This guide is meant to be authoritative and prescriptive in the topics it covers. However, we also wanted it to be simple to understand, approachable, and entertaining—a guide you would find interesting and you would enjoy reading. We invested in two areas to achieve these goals: an approachable writing style and an appealing visual design.

A team of technical writers and editors were responsible for the text. They performed the miracle of translating and organizing our jargon- and acronym-plagued drafts, notes, and conversations into clear, readable text. I want to direct many thanks to RoAnn Corbisier, Colin Campbell, Roberta Leibovitz, and Tina Burden for doing such a fine job on that.

The innovative visual design concept used for this guide was developed by Roberta Leibovitz and Colin Campbell (Modeled Computation LLC) who worked with a team of talented designers and illustrators. The book design was created by John Hubbard (eson). The cartoon faces and chapter divisions were drawn by the award-winning Seattle-based cartoonist Ellen Forney. The technical illustrations were adapted from my Tablet PC mock-ups by Veronica Ruiz. I want to thank the creative team for giving this guide such a great look.

I also want to thank all the customers, partners, and community members who have patiently reviewed our early content and drafts. You have truly helped us shape this guide. Among those, I want to highlight the exceptional contributions of Zulfiqar Ahmed, Michele Leroux Bustamante (IDesign), Pablo Mariano Cibraro (Tellago Inc), Hernan DeLahitte (DigitFactory), Pedro Felix, Tim Fischer (Microsoft Germany), Mario Fontana, David Hill, Doug Hiller, Jason Hogg, Ezequiel Jadib, Brad Jonas, Seshadri Mani, Marcelo Mas, Vijayavani Nori, Krish Shenoy, Travis Spencer (www.travisspencer.com), Mario Szpuszta (Sr. Architect Advisor, Microsoft Austria), Chris Tavares, Peter M. Thompson, and Todd West.

Finally, I want to thank Stuart Kwan and Conrad Bayer from the Identity Division at Microsoft for their support throughout. Even though their teams were extremely busy shipping WIF and ADFS, they always found time to help us.


Eugenio Pace

Senior Program Manager – patterns & practices

Microsoft Corporation

Redmond, January 2010

Acknowledgements to Contributors to this Second Edition

All our guides are the result of great work from many people. I’m happy to see that so many of the original contributors and advisors of our first guide also worked on this one. The interest in this particular area has increased notably since the first edition was published. Proof of that is the continued investment by Microsoft in tools, services, and products.

As our scope increased to cover SharePoint and Azure Access Control Service, we also added new community members and industry experts who have significantly helped throughout the development of this new edition.

We’d like to acknowledge the following individuals who have exceptionally contributed to it: Zulfiquar Ahmed, Dominic Betts, Federico Boerr, Robert Bogue, Jonathan Cisneros, Shy Cohen, David Crawford, Pedro Felix, David Hill, Alex Homer, Laura Hunter, Chris Keyser, Jason Lee, Alik Levin, Masashi Narumoto, Nicolas Paez, Brian Puhl, Paul Schaeflein, Ken St. Cyr, Venky Veeraraghavan, Rathi Velusamy, Bill Wilder, Daz Wilkin, Jim Zimmerman, Scott Densmore, Steve Peschka, and Christian Nielsen.

We also want to thank everyone who participated in our CodePlex community site.


Eugenio Pace

Sr. Program Manager Lead – patterns & practices

Microsoft Corporation

May 2011

© 2015 Microsoft