The final component of the Azure Platform we will consider is the AppFabric Access Control Service (ACS).
Over the past several years Microsoft has been doing a lot of good work related to the issues of “identity” and “security”. The Access Control Service brings these technologies to the Azure cloud. By using the Access Control Service a developer, who is often not an expert in security, does not have to write complex, proprietary code to do authentication and authorization.
There are several use cases for ACS. These include single sign-on, federating identities across security realms and role-based access control. Here we will focus on implementing a simple claims-based identity model. In this model the client will authenticate with ACS. The ACS will provide the client with a “token”. This token is created according to rules established by the server. The client can then present the token to the server. Then, based solely on the token, the server can decide whether or not to grant access to the client and what the client can do. The server and the client need have no specific knowledge of each other’s implementation.
A simplistic analogy might be a “will call” ticket at a theater. A patron arrives at the will call window and presents identification. Often this is a driver’s license and the credit card used to purchase the ticket. The will call person gives the patron the ticket (i.e. token) which the patron can then use to enter the theater. The driver’s license and credit card are meaningless to the theater person granting entry to the patron.
Figure 1 Simple Access Control Service scenario
The steps in this scenario are:
In the diagram the client and server applications are not shown running on the Azure cloud. In practice either one or both could be on Azure, on another cloud, inside an organization’s datacenter or in a third party’s datacenter (e.g. a customer or business partner). It does not matter as far as ACS is concerned.
This simple example just scratches the surface. There is a lot more that can be done with the Access Control Service. Consider attending Learning Tree’s Windows Azure Programming Course to get into more details of how you can use the Azure Platform AppFabric Access Control Service to simplify and standardize authentication and authorization for your organization’s applications both on-premises and in the cloud!
To recap, in this series of blog posts we have introduced the essential components of Microsoft’s Azure Platform.
I hope you found some of them interesting or useful. Most of all, though, I hope your appetite has been whetted to learn more about Azure and how you can use Microsoft’s cloud to solve real business or technical problems that your organization may be facing!