Azure Platform AppFabric Access Control Service

The final component of the Azure Platform we will consider is the AppFabric Access Control Service (ACS).

Over the past several years Microsoft has been doing a lot of good work related to the issues of “identity” and “security”. The Access Control Service brings these technologies to the Azure cloud. By using the Access Control Service a developer, who is often not an expert in security, does not have to write complex, proprietary code to do authentication and authorization.

There are several use cases for ACS. These include single sign-on, federating identities across security realms and role-based access control. Here we will focus on implementing a simple claims-based identity model. In this model the client will authenticate with ACS. The ACS will provide the client with a “token”. This token is created according to rules established by the server. The client can then present the token to the server. Then, based solely on the token, the server can decide whether or not to grant access to the client and what the client can do. The server and the client need have no specific knowledge of each other’s implementation.

A simplistic analogy might be a “will call” ticket at a theater. A patron arrives at the will call window and presents identification. Often this is a driver’s license and the credit card used to purchase the ticket. The will call person gives the patron the ticket (i.e. token) which the patron can then use to enter the theater. The driver’s license and credit card are meaningless to the theater person granting entry to the patron.

Figure 1 Simple Access Control Service scenario

The steps in this scenario are:

  1. The Client authenticates with ACS
  2. ACS creates a token and returns it to the Client
  3. The Client passes the token to the Server
  4. The Server verifies the token and authorizes functionality

In the diagram the client and server applications are not shown running on the Azure cloud. In practice either one or both could be on Azure, on another cloud, inside an organization’s datacenter or in a third party’s datacenter (e.g. a customer or business partner). It does not matter as far as ACS is concerned.

The AppFabric SDK includes some excellent sample code for getting started with ACS. This screencast walks through the “ASPNET String Reverser” sample project found in the SDK.

This simple example just scratches the surface. There is a lot more that can be done with the Access Control Service. Consider attending Learning Tree’s Windows Azure Programming Course to get into more details of how you can use the Azure Platform AppFabric Access Control Service to simplify and standardize authentication and authorization for your organization’s applications both on-premises and in the cloud!

To recap, in this series of blog posts we have introduced the essential components of Microsoft’s Azure Platform.

These are:

  1. Windows Azure
    1. Compute Services
      1. Web Roles
      2. Worker Roles
    2. Storage Services
      1. Blobs
      2. Tables
      3. Queues
  2. SQL Azure
  3. AppFabric
    1. Service Bus
    2. Access Control Services

I hope you found some of them interesting or useful. Most of all, though, I hope your appetite has been whetted to learn more about Azure and how you can use Microsoft’s cloud to solve real business or technical problems that your organization may be facing!


Type to search

Do you mean "" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.