DOCX

Use Access Control Service to Federate with Multiple Business

By Douglas Bennett,2014-08-11 22:12
12 views 0
Use Access Control Service to Federate with Multiple Business

Hands-On Lab

    Use Access Control Service to Federate with Multiple Business Identity Providers

Lab version: 1.0.0

Last updated: 8/11/2011

CONTENTS

    OVERVIEW ............................................................................................................................................. 3

    GETTING STARTED: CREATING A SERVICE NAMESPACE ................................................................ 6

    Task 1 Creating your AppFabric Service Namespace ...................................................................... 6

    EXERCISE 1: USE ACS TO FEDERATE WITH MULTIPLE BUSINESS IDENTITY PROVIDERS ........... 8

    Task 1 Creating the Initial Solution ................................................................................................ 8

    Task 2 Configure one entry for the application in the Access Control Service with the AppFabric

    portal............................................................................................................................................. 13

    Task 3 Configuring a Website to Accept Tokens from Access Control Service ............................... 18

    Task 4 Use the ACS Management Portal to Trust a Business Identity Provider and Process User

    Attributes via Claims Mapping Rules .............................................................................................. 23

    Task 5 Use the ACS Management API to Trust a Second Business Identity Provider and Create

    Claims Mapping Rules. ................................................................................................................... 37

    Exercise 1: Summary .......................................................................................................................... 55

    SUMMARY ............................................................................................................................................ 55

Overview

    Connecting one application to its users is one of the most basic requirements of any solution, whether deployed on-premises, in the cloud or on both.

    The emergence of standards is helping to break the silos which traditionally isolate accounts stored by different web sites and business entities, however offering application access to users coming from multiple sources can still be a daunting task. As of today, if you want to open your application to users coming from Facebook, Live ID, Google and business directories the brute-force approach demands you to lean and implement four different authentication protocols. Changes in today’s world happen fast and often, forcing you to keep updating your protocol implementations to chase the latest evolutions of the authentication mechanisms of the user repositories. All this can require a disproportionate amount of energy, leaving you with fewer resources to focus on your business.

Figure 1

    A functional view of the Access Control Service

    Enter the AppFabric Access Control Service (ACS). ACS offers you a way to outsource authentication and decouple your application from all the complexity of maintaining a direct relationship with all the identity providers you want to tap from. ACS takes care of engaging every identity provider with its own authentication protocol, normalizing the authentication results in a protocol supported by the .NET framework tooling (namely the Windows Identity Foundation technology, or WIF) regardless of from where the user is coming from. WIF allows you in just few clicks to elect the ACS as the authentication manager for your application; from that moment on ACS takes care of everything, including providing a UI for the user to choose among all the recognized identity providers.

    Furthermore, ACS offers you greater control over which user attributes should be assigned for every authentication event; again in synergy with WIF, those attributes (called claims) can be easily accessed for taking authorization decisions without forcing the developer do understand or even be aware of the lower level mechanisms that the authentication protocols entail.

    In this intermediate hands-on lab you will learn how to use the Access Control Service for managing trust relationships with multiple business identity providers. Users from two different organizations will be able to gain authenticated access to your application; however you will not be required to write any special code for handling the differences between the two. You will learn how to use ACS for establishing relationships and normalizing attributes without having to touch your application's source code. The lab will demonstrate how to configure ACS both via the AppFabric portal and the management API.

    Objectives