ACS SAML / ADFS v2 Sample

The November 2009 CTP of ACS integrates with Active Directory Federation Server v2. ACS can act as a bridge between enterprise identity and REST web services. The runtime flow is pretty simple (shown below). At runtime, the client app requests a SAML bearer token from AD FS v2. The easiest way to do this is…


Management Browser uploaded

Since releasing the new version of ACS on Nov 5, we’ve received quite a bit of feedback that we should provide a UI for managing ACS rules/scopes/issuers/token policies. In response, Cyrus put together a little WPF app that does the trick. It’s available on MSDN code gallery here: In the coming milestones, we are…


Access Control Service – Roadmap for PDC and Beyond

We are in the process of making some key design changes to the Access Control Service (ACS) for our PDC release this fall. I think these changes will bring tremendous benefits to ACS customers in the near-term, but the changes break all ACS-related code that exists today. This post summarizes the planned changes and provides…


Mix 09 Deck

For some reason the slide deck I presented at Mix didn’t show up on the Mix 09 website. If you are interested in the deck, see the link below.


TokenClient (Mix) introduction

This week at Mix I demonstrated a new experimental client API (TokenClient) for interacting with the Access Control Service (ACS). The purpose of this API is to simplify the developer interaction with the ACS Security Token Service. It still uses WS-Trust on the wire, but restricts the WS-Trust options to what I believe to be…


Access Control Service – Common Interaction Model

In my previous post I described at a high level a simple scenario that leverages the Access Control Service. Now I’d like to describe the interactions between messaging participants and the .NET Access Control Service. Recall the scenario: a multi-tenant payroll application is running in the cloud – it uses the Access Control Service to…


Robots and BizTalk Services

I just posted a new screencast on Channel 9: It’s purpose is to show off the power of claims and claims transformation, especially in a hosted service like BizTalk Services.


Claims and the Calculator sample in the BizTalk Services SDK

The identity provider in BizTalk Services is a way for applications to delegate identity and access control to a hosted service. In other words, an application can use BizTalk Services to answer the all-important question "Who are you and what are you allowed to do?". If you haven’t checked it out, I strongly recommend it…


PictureServices and BizTalk Services

Previous posts have talked a bit about PictureServices. Now I’d like to run through what it took to bring PictureServices to the BizTalk Services. I’ve talked a bit in other posts about BizTalk Services, but it has some interesting and very useful messaging features. For starters, BizTalk Services has an endpoint that can do HTTP…