Access Control Service

Access Control Service, or Windows Azure Access Control Service (ACS) is a Microsoft-owned cloud-based service that provides an easy way of authenticating and authorizing users to gain access to web applications and services while allowing the features of authentication and authorization to be factored out of the application code.^[1] This facilitates application development while at the same time providing users the benefit of being able to log in to multiple applications with a reduced number of authentications, and in some cases only one authentication. The system provides an authorization store that can be accessed programmatically as well as via a management portal. Once authorizations are configured, a user coming to an application via ACS arrives at the application entrance with not only an authentication token, but also a set of authorization claims attached to the token.

Features

ACS has the following features

• Integration with Windows Identity Foundation (WIF)
• Support for popular web identity providers including Windows Live ID, Google, Yahoo, and Facebook
• Support for Active Directory Federation Services (AD FS) 2.0
• Support for OAuth 2.0 (draft 10), WS-Trust, and WS-Federation protocols
• Support for the SAML 1.1, SAML 2.0, Simple Web Token (SWT) and Json Web Token (JWT) token formats (JWT still in beta)
• Integrated and customizable Home Realm Discovery that allows users to choose their identity provider
• An Open Data Protocol (OData)-based management service that provides programmatic access to the ACS configuration
• A browser-based management portal that allows administrative access to the ACS configuration

Web platform support

ACS supports all modern web platforms such as .NET Framework, PHP, Python, Java and Ruby. It can be used with both web applications and web services.

See also

• Azure Services Platform
• Claims based identity

References