Access Control Service (ACS) is a Windows Azure service that offers a way of outsourcing authentication. It decouples the application from all the complexity of maintaining a direct relationship with all the identity providers the application is collaborating with. ACS takes care of engaging every identity provider with its own authentication protocol, normalizing the authentication results in a protocol supported by the .NET Windows Identity Foundation (WIF). In just a few clicks ACS can be configured as the authentication manager for the application. Once running, ACS takes care of the application authentication. Furthermore, ACS even offers an UI for the user to choose among the selected identity providers.
Using ACS, applications can:
- Leverage an existing Active Directory user stores through Active Directory Federation Services (ADFS v2), as well as other stores compatible with the WS* or SAML 2.0 protocols, to multiple Windows Azure applications through a single trust relationship with the ACS 2.0 service.
- Implement a Single Sign-On.
ACS uses security tokens instead of credentials, which is more secure because credentials are not passed over the network. Also, Building around claims allows separation of authentication logic from application logic.