Introduction to the AppFabric Access Control Service 2.0 Version: 1.2 Description In this introductory hands-on lab you will learn how to take advantage of the ACS for outsourcing authentication, managing multiple identity sources, performing some basic authorization tasks and take control of the authentication experience. You will discover that it takes less to do it than to describe it! Overview Connecting one application to its users is one of the most basic requirements of any solution, whether deployed on-premises, in the cloud or on both. The emergence of standards is helping to break the silos which traditionally isolate accounts stored by different web sites and business entities, however offering application access to users coming from multiple sources can still be a daunting task. As of today, if you want to open your application to users coming from Facebook, Live ID, Google and business directories the brute-force approach demands you to lean and implement four different authentication protocols. Changes in today’s world happen fast and often, forcing you to keep updating your protocol implementations to chase the latest evolutions of the authentication mechanisms of the user repositories. All this can require a disproportionate amount of energy, leaving you with fewer resources to focus on your business. Figure 1 A functional view of the Access Control Service AppFabric Access Control Service (ACS) offers you a way to outsource authentication and decouple your application from all the complexity of maintaining a direct relationship with all the identity providers you want to tap from. ACS takes care of engaging every identity provider with its own authentication protocol, normalizing the authentication results in a protocol supported by the .NET framework tooling (namely the Windows Identity Foundation technology, or WIF) regardless of from where the user is coming from. WIF allows you in just few clicks to elect the ACS as the authentication manager for your application; from that moment on ACS takes care of everything, including providing a UI for the user to choose among all the recognized identity providers. Furthermore, ACS offers you greater control over which user attributes should be assigned for every authentication event; again in synergy with WIF, those attributes (called claims) can be easily accessed for taking authorization decisions without forcing the developer do understand or even be aware of the lower level mechanisms that the authentication protocols entail. In this introductory hands-on lab you will learn how to take advantage of the ACS for outsourcing authentication, managing multiple identity sources, performing some basic authorization tasks and take control of the authentication experience. You will discover that it takes less to do it than to describe it! Objectives In this Hands-On Lab, you will learn how to: Configure your application to outsource authentication to ACS Configure ACS to include the identity providers you want to leverage Configure ACS to process incoming identities and add new claims Modify your application to consume claims from ACS and drive authorization decisions Customize the default authentication user experience provided by ACS System Requirements You must have the following items to complete this lab: Microsoft® Windows® Vista SP2 (32-bits or 64-bits) , Microsoft® Windows Server 2008 SP2 (32-bits or 64-bits), Microsoft® Windows Server 2008 R2, or Microsoft® Windows® 7 RTM (32-bits or 64-bits) Microsoft® Internet Information Services (IIS) 7.0 Microsoft® .NET Framework 4 Microsoft® Visual Studio 2010 Microsoft® Windows Identity Foundation Runtime Microsoft® Windows Identity Foundation SDK Microsoft® Windows PowerShell Setup For convenience, much of the code used in this hands-on lab is available as Visual Studio code snippets. To check the prerequisites of the lab and install the code snippets: Open a Windows Explorer window and browse to the lab’s Source\Setup folder. Double-click the Dependencies.dep file in this folder to launch the Dependency Checker tool and install any missing prerequisites and the Visual Studio code snippets. If the User Account Control dialog is shown, confirm the action to proceed. Note: This process may require elevation. The .dep extension is associated with the Dependency Checker tool during its installation. For additional information about the setup procedure and how to install the Dependency Checker tool, refer to the Setup.docx document in the Assets folder of the training kit. Note: If you have never run Visual Studio before on the machine, please make sure to do so before running the setup of this lab. Note: When you first start Visual Studio, you must select one of the predefined settings collections. Every predefined collection is designed to match a particular development style and determines window layouts, editor behavior, IntelliSense code snippets, and dialog box options. The procedures in this lab describe the actions necessary to accomplish a given task in Visual Studio when using the General Development Settings collection. If you choose a different settings collection for your development environment, there may be differences in these procedures that you need to take into account. Using the Code Snippets Throughout the lab document, you will be instructed to insert code blocks. For your convenience, most of that code is provided as Visual Studio Code Snippets, which you can use from within Visual Studio 2010 to avoid having to add it manually. If you are not familiar with the Visual Studio Code Snippets, and want to learn how to use them, you can refer to the Setup.docx document in the Assets folder of the training kit, which contains a section describing how to use them. Exercises The following exercises make up this Hands-On Lab: Outsource Authentication to multiple Identity Providers Create claims mapping rules and add claims-driven authorization to an application Take control of the Sign-In experience Note: Each exercise is accompanied by a starting solution. These solutions are missing some code sections that are completed through each exercise and therefore will not necessarily work if running them directly. Inside each exercise you will also find an end folder where you find the resulting solution you should obtain after completing the exercises. You can use this solution as a guide if you need additional help working through the exercises. Estimated time to complete this lab: 45 minutes next >

Downloads Download The Offline Training Kit Download Hands-on Lab Document (DOCX) Download Hands-on Lab Source Files Contents Overview Exercise 1: Use Access Control Service for Accepting Users from Multiple Identity Providers Exercise 2: Use Claims for Authorizing Users Exercise 3: Take control of the Sign-In experience Summary