• Applications can authenticate using Access Control Service (ACS) in windows Azure.

• ACS is a security token service that supports claim based authentication and authorization by following methods:

  • User (solution) name and password
  • Windows Live ID
  • Windows CardSpace
  • X.509 certificate
  • Security Assertion Mark-up language (SAML) tokens issued by third party STSs.

i) Windows card space:

• A digital identify is an online or networked identity adopted or claimed in cyber space by an individual organization or electronic device.
• When transmitted on the network a digital identity is represented by some security token which included a claim containing a username

• Window cardSpace provide support for digital identities.

  i) User- the user is the entity that is associated with a digital identity.

  ii) Identity provider- for the digital identity assigned to you by your employer for example, the identity provider is typically a system such as Active Directory.

  iii) Replying party-a replying party will frequently use an identity to authenticate a user and then make an authorization decision. Such as allowing this user to access some information

Fig: the seven primary interactions between service requesters, access control solutions and relying parties with managed CardSpaceCredentials

ii) Window Live ID

• Web authentication works by sending your users to the windows live ID sign-in page. The service then directs them back to your web site along with unique site- specific identifier that you can use to manage personalized content.

• Windows live ID data is not shared with your site

• All applications that you crate in Azure service developer portal are registered with wild service

• WILD assigns application ID value which is used to look up the return URL for hosted service to generate a personal unique ID no

• PUID is used as primary key for additional registration data provided for user.

• The secret key value encrypt& sign the security token provides by WILD service & corresponds to password for project.

iii) SAML

• It is an XML-based standard for exchanging authentication and authorization data between security domains, that is, between an identity provider(a producer of assertions) and a service provider(a consumer of assertions).

Role management

Role management helps you manage authorization, which enables you to specify the resources that users in your application are allowed to access and to group users as a unit by assigning users to roles such as manager, sales, member, and so on.

• To work with roles, you must be able to identify users, roles do not work with users who have not established an identity in your application (anonymous users).

• Role management provides an API that enables you to write code to take advantage of roles and perform any application tasks based not only on who the user is but also on what roles the user is in.

• To use ASP.NET role management, you enable it in an application's Web.config file by using a setting such as the following:

  roleManager

  enabled="true"

  cacheRolesInCookie="true" >

  </rolemanager>