1 / 24

Cloud Identity & Access Control Services Cloud Computing Soup to Nuts

Cloud Identity & Access Control Services Cloud Computing Soup to Nuts. Mike Benkovich Microsoft Corporation www.benkoTips.com - @ mbenko. btlod-74. Agenda. What is ACS How is it configured Using in web applications Mobile scenarios Part of provider model. Windows Azure. Core Services.

ishmael-callahan
Download Presentation

Cloud Identity & Access Control Services Cloud Computing Soup to Nuts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud Identity & Access Control ServicesCloud Computing Soup to Nuts Mike Benkovich Microsoft Corporation www.benkoTips.com - @mbenko btlod-74

  2. Agenda What is ACS How is it configured Using in web applications Mobile scenarios Part of provider model

  3. Windows Azure Core Services Additional Services • Caching • CDN • Identity • HPC • Service Bus • Reporting • Data Sync • Azure Connect Database Compute Storage

  4. Who are you?

  5. Really?

  6. Can you prove it?

  7. Identity in the cloud

  8. Threegeeks walk into a bar…

  9. Airport security Do you have a valid ID? • Drivers license • Visa • Other… Other rules • Current flight • Exceptions

  10. Identity in the Cloud is Hard Outside of identity domains Too many islands of identity Current technology hard or not interoperable Managing 3rd party accounts in your system is risky

  11. Some definitions • WIF – Windows Identity Foundation • STS – Security Token Service • HDR – Home Realm Discovery • FP – Federation Provider • Claims based identity • Relying Party Application • Depends on knowing user identity • IP - Identity Provider • Authenticates user credentials • Resets/Recovers password • Identity Selector • The interface that is used to work with identity

  12. Access Control Services (ACS)… • Used to authenticateand authorize users • Integration single sign on and centralized authorization into your web applications • Standards-basedidentity providers • Enterprise directories (e.g. Active Directory Federation Server v2.0) • Web identities (e.g. Windows Live ID, Google, Yahoo!, and Facebook)

  13. Access Control Website Sequence Browser Identity Provider Access Control Application 1. Request Resource 2. Redirect to Identity Provider 4. Authenticate & Issue Token 3. Login 5. Redirect to AC service 7. Validate Token, Run Rules Engine, Issue Token 6. Send Token to ACS 8. Redirect to RP with ACS Token 10. Validate Token 9. Send ACS Token to Relying Party 11. Return resource representation

  14. Access Control Features • Integrates with Windows Identity Foundation (WIF) tooling • Claims-based access control • Support for OAuth WRAP, WS-Trust, and WS-Federation • Support for the SAML 1.1, SAML 2.0, and Simple Web Token formats • Integrated and customizable Home Realm Discovery • OData-based Management Service to ACS configuration

  15. Configuring ACS • Provision your namespace in management portal • Create from: http://windows.azure.com • Manage: https://<namespace>.accesscontrol.windows.net • Select trusted identity providers • Describe relying application • Realm • Token format • Return URI • Define claims processing rules

  16. Configuration demo

  17. Adding Identity to Web App • After ACS has been configured you can integrate it in your app by adding a STS Reference to project • Download WIF SDK from http://bit.ly/bqtWIFsdk • FederationMetadata.xml defines conversation • Customize Login experience by specifying the issuer to be your html page (download example from management portal)

  18. ACS + Web demo

  19. Device integration • ACS works with Mobile thru same mechanism • Use sample control from http://acs.codeplex.com - or - • Add NuGetpackage from Package Manager Console PM> Install-Package Phone.Identity.AccessControl.BasePage • Download toolkits for control to work with Devices at • Windows Phone http://bit.ly/bqtWATWP • Android http://bit.ly/bqtWATAndroid • iOShttp://bit.ly/bqtWATiOS • Realm is URI as opposed to web URL

  20. ACS + Mobile demo

  21. Integrate with other providers • Profile, Role and other parts of provider model require data store for information • Download scripts from http://bit.ly/bqtAzRegSQL • Create SQL Azure database and run scripts • In Web.config define sections for usage • Profile • RoleManager

  22. Providers demo

  23. Summary • Access Control Services simplify the way to enable applications to work with existing identity sources • Configure who the identity providers are, the nature of your application, and the rules for processing claims • Integrate with Web apps via STS reference • Integrate with Phone via User Control • Leverage the features of the Provider Model with ACS

  24. Where can I get more info? • Visit my site http://www.benkotips.com • Resources from today’s talk • Webcasts • Downloads • More! • Check out the rest of this series! • http://bit.ly/s2nCloud • Ask questions on Windows Azure Office Hours http://aka.ms/WazOH-Live

More Related