Summary

By completing this Hands-On Lab you have learned how to:

• Configure your application to outsource authentication to ACS
• Configure ACS to include the identity providers you want to leverage
• Configure ACS to process incoming identities and add new claims
• Modify your application to consume claims from ACS and drive authorization decisions
• Customize the default authentication user experience provided by ACS

The notion of outsourcing authentication to an external entity, instead of taking care of the details yourself, is an extremely powerful one. Windows Identity Foundation makes it easy to configure .NET applications to trust their authentication needs to external authorities.

The AppFabric Access Control Service is a great service to outsource authentication to, as it can easily abstract away the complexity of dealing with mutiple identity providers such as Windows Live Id, Facebook, Google, Yahoo! and even business providers such as directories enhanced by Active Directory Federation Services or equivalent. Furthermore, ACS offers powerful tools for manipulating the way in which the user’s identity is processed before reaching your application.

This introductory lab barely begun to explore the capabilities of ACS. Here we focused on Web sites, but ACS can handle just as well SOAP and REST web services; we used the portal, but ACS offers a rich management API which can be used to automate provisioning tasks; we focused on Web identities, but ACS offers comprehensive support for business identity providers and processing capabilites for the richer claims set they generate. If you are interested in knowing more about those capabilites, please refer to the upcoming intermerdiate and advanced hands-on labs.