Access Control provides an easy way to provide identity and access control to web applications and services, while integrating with standards-based identity providers, including enterprise directories such as Active Directory, and web identities such as Windows Live ID, Google, Yahoo! and Facebook.
The service enables authorization decisions to be pulled out of the application and into a set of declarative rules that can transform incoming security claims into claims that applications understand. These rules are defined using a simple and familiar programming model, resulting in cleaner code. It can also be used to manage users' permissions, saving the effort and complexity of developing these capabilities.
Here's a brief description of potential usage scenarios, benefits and features. We've embeddd a collection of short videos about ACS - each video is approximately two minutes.
These are "demystifying" videos about ACS including supporting slides available for download.
- What is ACS?
- What ACS Can Do For Me?
- ACS Functionality
- ACS Architecture
- ACS Deployment Scenarios
- ACS and the Cloud
- ACS And WIF
- ACS and ADFS
Use Access Control to
- Create user accounts that federate a customer's existing identity management system that uses Active Directory service, other directory systems, or any standards-based infrastructure
- Exercise complete, customizable control over the level of access that each user and group has within your application
- Apply the same level of security and control to Service Bus connections
Access Control Benefits:
- Federated identity and access control through rule based authorization enables applications to respond as if the user accounts were managed locally
- Flexible standards-based service that supports multiple credentials and relying parties
- Lightweight developer-friendly programming model based on the Microsoft .NET Framework and Windows Communication Foundation
Access Control Features:
Setup Issuer trust with a simple Web interface or programmatically through APIs
Supports Active Directory and other identity infrastructures, with minimal coding
Support for multiple credentials, including X.509 certificates
Support for standard protocols including REST
Applications that run inside and outside the organizational boundary can rely on the service
Validate application and user request from data and connectivity services