Major update to ACS now available

Today I’m excited to announce a major update to ACS. It’s available in our labs environment: Keep in mind that there is no SLA around this release, but accounts and usage of the service are free while it is in the labs environment. This release includes many of the features I discussed late last…


Mgmt Config sample for WLID / Facebook Connect sample

Now that we have a mgmt tool, I can provide you with a template so you can setup the ACS part of the WLID / Facebook Connect sample with less effort. Here’s the XML configuration: <ServiceNamespace xmlns:xsi=”” xmlns:xsd=””> <Issuers> <Issuer handle=”acswebauth”> <IssuerName>acswebauth</IssuerName> <Algorithm>Symmetric256BitKey</Algorithm> <CurrentKey>gyiepxNtc7RkCZuvV6FyEPWOp788uc1T0DMSZ9c/5QA=</CurrentKey> <PreviousKey>bAO0llCgF5C00GW/h7Zp0lt2WAe3WRrdIj42UMbds+A=</PreviousKey> </Issuer> </Issuers> <Scopes> <Scope handle=”root”> <AppliesTo></AppliesTo> <TokenPolicyHandle>root</TokenPolicyHandle> <Rules> <Rule handle=”wlidpassthrough”>…


ACS integration with Windows Live ID & Facebook Connect

I’ve received several requests regarding ACS and Windows Live ID integration for websites. This post describes what you can do with ACS and Windows Live ID today (with the new release of ACS). It takes a bit of code, but the integration is pretty straightforward. Note that this code isn’t hardened and it relies heavily…


ACS SAML / ADFS v2 Sample

The November 2009 CTP of ACS integrates with Active Directory Federation Server v2. ACS can act as a bridge between enterprise identity and REST web services. The runtime flow is pretty simple (shown below). At runtime, the client app requests a SAML bearer token from AD FS v2. The easiest way to do this is…


Management Browser uploaded

Since releasing the new version of ACS on Nov 5, we’ve received quite a bit of feedback that we should provide a UI for managing ACS rules/scopes/issuers/token policies. In response, Cyrus put together a little WPF app that does the trick. It’s available on MSDN code gallery here: In the coming milestones, we are…


Access Control Service (M7) released today!

Today is a big day for the Access Control Service team. M7 is now live. There are a few huge changes: It is running on top of Azure (fabric and storage) We incorporated a new community driven protocol and token format (Web Resource Authorization Protocol (WRAP) and Simple Web Tokens (SWT)) Relying Parties and Requestors…


Access Control Service and ADFS v2 demo

In my last post I outlined the changes that were coming in the Access Control Service. Since that post, I’ve received many questions about how ACS will integrate with ADFS v2. Below is a link to a simple demo I put together to highlight this very cool integration point (video on Channel 9).


Access Control Service – Roadmap for PDC and Beyond

We are in the process of making some key design changes to the Access Control Service (ACS) for our PDC release this fall. I think these changes will bring tremendous benefits to ACS customers in the near-term, but the changes break all ACS-related code that exists today. This post summarizes the planned changes and provides…


Client Certificate Credential Verification

Over the past few months, several people have asked me how to accept client certificates on a service. The scenario is something like the following: A web service owner wants to limit access to the service to authorized clients authorized clients identify themselves using a certificate the certificate may or may not be issued by…