Just published the article for the following scenario:
In this scenario you are developing distributed application that includes front end ASP.NET web app and the backend REST WCF service. You are interested to use public identity providers, such as Live ID, Google, Facebook, Yahoo!, and OpenID 2.0, to authenticate users. You are also interested to flow the original identity of the end users down to the backend REST WCF service for authentication and authorization purposes at the backend.
Windows Identity Foundation (WIF) and Windows Azure Access Control Service (ACS) is used to solve this scenario. The approach is to have one relying party configured in ACS that issues SWT token. This SWT token is used with both front end ASP.NET web app and downstream REST WCF service. The signing keys shared with all three - ACS, ASP.NET RP, REST WCF RP.
- Code Sample: ASP.NET Web App To REST WCF Service Delegation Using Shared SWT Token
- Visio Diagrams: ASP.NET to WCF (REST) Delegation With Live ID, Google, Facebook Using SWT.vsd