browser identity provider access control application
TRANSCRIPT
Identity and Securing Azure Services for SharePoint
Speaker Name
Essential claims programming modelClaims OM integrated with the .NET identity APISingle programming model for ASP.NET & WCFConfig drivenSingle programming model for on-premises & cloud
Tools for metadata-driven automatic app configurationWS-Federation, WS-Trust
Framework for custom STS developmentAnd more…
What Can You Do with WIF?
Handle Application AuthenticationOutsource it via standard protocols
Cross-platform!
Federate with partnersAccept identities from multiple sourcesReuse existing accounts everywhere…
Handle Application AuthorizationTraditional RBACClaims based
Handle User Attributes“the end of provisioning”
What is Windows Azure AppFabric Access Control?
ACS is used to authenticate and authorize usersThink of it as WIF in the cloud for youIntegration Single Sign On and centralized authorization into your web applicationsStandards-based identity providers
Enterprise directories (e.g. Active Directory Federation Server v2.0)Web identities (e.g. Windows Live ID, Google, Yahoo!, and Facebook)
V2 now available
BrowserIdentity Provider
Access Control
Application
3. Login
5. Redirect to AC service
10. Validate Token
1. Request Resource
2. Redirect to Identity Provider4. Authenticate &
Issue Token
6. Send Token to ACS
7. Validate Token, Run Rules Engine, Issue Token8. Redirect to RP with ACS
Token9. Send ACS Token to Relying Party
11. Return resource representation
Access Control Website Sequence
Access Control Features
Integrates with Windows Identity Foundation and toolingClaims-based access controlSupport for OAuth WRAP, WS-Trust, and WS-Federation protocolsSupport for the SAML 1.1, SAML 2.0, and Simple Web Token token formatsIntegrated and customizable Home Realm DiscoveryOData-based Management Service to ACS configuration
Calling External Code
ServerACS 2.0
Silverlight(or)
InfoPath
SharePoint 2010 Windows Azure
JQuery
WCF Service
Integration Pattern
Service Namespace
Web ServiceService Consumer
(SharePoint)
Step 0Secret Exchange
(Periodic Refresh)
2. Send Claims
4. Send Token(Output claims from 3)
3. Map Input claims to output claims
5. Send Message with Token
6. Claims checked in Apps
1. Access Control rules
Cert Based Auth - Architecture
Certificate based Authentication
demo
Summary
Claims Based identity works both on-premises & in the cloudAccess Control Services simplifies the access control for Azure hosted resourcesAzure uses certificates (Management & Service Certificates) to identify a trust relationship
Resources
Azure AppFabric SDKhttp://msdn.microsoft.com/en-us/library/ee173584.aspx
Identity Developer Training Kithttp://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=c3e315fa-94e2-4028-99cb-904369f177c0
Configuring SSL on Windows Azurehttp://msdn.microsoft.com/en-us/library/ff795779.aspx
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft
cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Microsoft Confidential - NDA Only