The Id Element (Audio) - Channel 9

The latest release of Windows Azure Toolkit for Windows Phone 7 integrates with the Windows Azure AppFabric Access Control Service!In this screencast you will learn:How to use the project templates to create a Windows Phone application and backend secured via ACS How to find your way around the resulting application If you want more details about the ACS integration, check out this post from Vittorio's blog. For more information about the toolkit please refer to Wade Wegner's post here, the documentation and the Getting Started video here.

This is the news that so many have been waiting for: the new version of Access Control Service finally hit RTW stage!Stuart Kwan, Principal Group Program Manager on the Cloud Identity Platform team and recurrent guest on the IdElement, gives a four-minute introduction to the service and touches on the pricing model. For example, did you know that you can use ACS in production free of charge until at least January 2012? Jump to http://windows.azure.com and get started NOW!If you want to know more about the new ACS, check out the announcements below and the other videos in this IdElement special:Justin Smith on the 2. release of ACSCaleb Bakeron using ACS with your WP7 appsAaron Smalser on the ACS portal and the HDR featuresFind out more about ACS:Newest samples and videos about ACSACS CodePlex Site (for code samples) Identity Training KitWindows Azure Platform Security Forum

All work and no play makes your PaaS dull!In this lightning-fast screencast you'll see how ACS helped the guys at www.angrytoyfactory.com to handle their authentication needs, without compromising anything in the stunning visuals in their latest creation, the online strategy game at www.AtlantisOnline.com.Find out more about ACS:Newest samples and videos about ACSACS CodePlex Site (for code samples) Identity Training KitWindows Azure Platform Security Forum  

In this screencast you will learn how to use the ACS Extensions to grant access to users coming from business identity providers (like ADFS2) to your Umbraco web site.The Access Control Service (ACS) Extensions for Umbraco code sample is one extensions to Umbraco 4.7 which enables you to authenticate users from Facebook, Windows  Live ID, Google, Yahoo, Active Directory and other identity providers. Setup, user management and handling of authorization policies are all seamlessly integrated in the Umbraco UI. Download the ACS Entensions for Umbraco here.All the screencasts in the series:1 Setup2 SignIn and Authorization for Social 3 ADFS2 IntegrationFind out more about ACS:Newest samples and videos about ACSACS CodePlex Site (for code samples) Identity Training KitWindows Azure Platform Security Forum

In this screencast you will learn how to use the ACS Extensions to add sign in, sign up and authorization features to your web site. Furthermore, you wil learn how to invite users from Facebook, Windows Live ID, Google and Yahoo to your web site and manage their access level via roles.The Access Control Service (ACS) Extensions for Umbraco code sample is one extensions to Umbraco 4.7 which enables you to authenticate users from Facebook, Windows  Live ID, Google, Yahoo, Active Directory and other identity providers. Setup, user management and handling of authorization policies are all seamlessly integrated in the Umbraco UI. Download the ACS Entensions for Umbraco here.All the screencasts in the series:1 Setup2 SignIn and Authorization for Social 3 ADFS2 IntegrationFind out more about ACS:Newest samples and videos about ACSACS CodePlex Site (for code samples) Identity Training KitWindows Azure Platform Security Forum

This screencast shows you how to set up Umbraco 4.7 and install & configure the Access Control Service (ACS) Extensions for Umbraco.The Access Control Service (ACS) Extensions for Umbraco code sample is one extensions to Umbraco 4.7 which enables you to authenticate users from Facebook, Windows  Live ID, Google, Yahoo, Active Directory and other identity providers. Setup, user management and handling of authorization policies are all seamlessly integrated in the Umbraco UI. Download the ACS Entensions for Umbraco here.All the screencasts in the series:1 Setup2 SignIn and Authorization for Social 3 ADFS2 IntegrationFind out more about ACS:Newest samples and videos about ACSACS CodePlex Site (for code samples) Identity Training KitWindows Azure Platform Security Forum

ACS may be a PaaS service, but the programmatic route is not the only way to is heart: there are many situations in which developers, administrators and users interact directly with it.The new release of the Access Control Service features a management portal you can use for managing your access control policies, from which identity providers you want to engage with (you have a choice of social providers, such as Windows Live ID, Facebook, Yahoo, Google and any OpenID or OAuth2 provider, and business providers, such as Active Directory Federation Services instances or any other WS-Federation/WS-Trust provider) to the transformation rules which decide what claims will be available to your application.Furthermore, ACS now provides various features aimed at solving the home realm discovery problem (HDR): in practical terms, features which make it easy for developers and end users to always pick the right identity provider.The man behind those features is Aaaron Smalser, Program Manager on the ACS team: in this 20-minutes interview Aaron discusses the user interaction aspects of the service from his unique perspective.If you want to know more about the new ACS, check out the announcements below and the other videos in this IdElement special:Stuart Kwan announces the RTW of ACS2.0Justin Smith on the 2. release of ACSCaleb Bakeron using ACS with your WP7 appsFind out more about ACS:Newest samples and videos about ACSACS CodePlex Site (for code samples) Identity Training KitWindows Azure Platform Security Forum

Have you ever tried to handle authentication for a mobile app, regardless of the platform? Every provider has its own protocol, which forces you to write and maintain a lot of different implementations. Writing protocol code on devices might not always be easy, and the fact that web protocols are moving targets which change every few months doesn't help.Nobody knows this better than Caleb Baker, Senior Program Manager on the ACS team. Caleb has been working on making it real easy to outsource to ACS your mobile authentication woes: his solution is the base of the new ACS+WP7 hands-on lab in the Identity Developer Training Kit.In this quick interview Caleb examines in details the authentication flow of his solution, from the Silverlight control which wraps most of the ACS integration to the way in which the phone app uses OAuth2 to secure calls to one OData service.Caleb also worked on improving the way in which errors are handled in federated scenarios, and drove interesting features in ACS which can really help with that: thanks to his explanation here, you'll be able to use those features in just minutes. Folks, don't miss this interview!If you want to know more about the new ACS, check out the announcements below and the other videos in this IdElement specialStuart Kwan announces the RTW of ACS2.0Justin Smith on the 2. release of ACSAaron Smalser on the ACS portal and the HDR featuresFind out more about ACS:Newest samples and videos about ACSACS CodePlex Site (for code samples) Identity Training KitWindows Azure Platform Security Forum  

If you want to understand what the Access Control Service is really about, look no further: this is the interview you want to watch.Justin Smith, Principal Program Manager Lead for the Windows Azure AppFabric Access Control Service, worked on ACS from its very first version.  From that vantage point, Justin looks back at the roots of the problem that ACS is meant to solve, retraces the trajectory that the service has been following from its 1.0 version to the new 2.0 release, and touches on some of the most important scenarios it addresses.Want to know more about the new ACS? Check out the announcements below and the other videos in this IdElement special:Stuart Kwan announces the RTW of ACS2.0Caleb Baker on using ACS with your WP7 appsAaron Smalser on the ACS portal and the HDR featuresFind out more about ACS:Newest samples and videos about ACSACS CodePlex Site (for code samples) Identity Training KitWindows Azure Platform Security Forum

Join Justin Smith, Program Manager on the Windows Azure AppFabric Access Control Service (ACS) team, on a whirlwind tour of the new features of today's Labs release of ACS. Just to whet your appetite, here's a list of some of the news touched on in this video: Support for identity providers such as Facebook, Windows Live ID, Google, Yahoo, OpenID providers, and ADFS 2 instances Support for a wide range of protocols: WS-Federation, WS-Trust, Oauth WRAP Seamless integration with Windows Identity Foundation Brand new management portal and OData-based management API Tools for helping developers embed identity providers selection UI in their applications What are you waiting for? Tune in!Once you have watched the video, create your account at http://portal.appfabriclabs.com/ and start experimenting: it's free, there are no tokens to redeem, and there's no waiting time. Instant gratification!

The second lab of the workshop explores some of the patterns discussed in the former section. One lab demonstrates how a generic web site can be enhanced with identity provider capabilities regardless of the authentication technology it uses, simply by adding an STS page. Another lab shows how to use an existing membership store for authenticating calls to a custom STS and sourcing claim values. Labs from the Identity Developer Training Kit

This session explores in depth how WIF tackles the sign-in scenario.After a general intro to the WIF configuration element, the session describes how WS-Federation is used for driving the various browser redirects which ultimately constitute the sign in experience. Most of the time is spent digging deep in how WIF leverages the ASP.NET HttpModule extensibility mechanism and its own classes & events for implementing the sign-in sequence.

This session describes in detail the difference between passive and active scenarios, specifically around the confirmation method for toekns (bearer vs. holder-of-key).The WIF object model and WCF integration are discussed, with special attention to similarities to what has been seen for the ASP.NET case and differences with the traditional, WCF-only programming model.The notion of trusted subsystem is explored at lenght, providing the backdrop for the introduction to WSTrustChannel, CreateChannelActingAs and CreateChannelWithIssuedToken.

This lab explores the idea of delegated service call via ActAs tokens: the exercise from the Web sites lab shows how to do that from an ASP.NET to a WCF backend, while the one from the WCF lab focuses on flowing identity info through a chain of services calls.The first exercise of the WCF lab does not use an STS for authentication. It uses username & password credentials, and is designed to highlight the differences between the old WCF-only model and the enhanced model offered by WIF. Labs from the Identity Developer Training Kit

The last session of the training covers the use of WIF in Windows Azure. After a quick introduction to Windows Azure and the infrastructural differences between web roles and on-premises deployment, the session provides practical advices on aspects of distributed development such as handling NLB sessions, certificate management, dealing with volatile application URI, handling tracing, metadata generation considerations, and so on. The discussion covers both Web roles and WCF roles.

The last lab of the workshop covers the use of WIF on Windows Azure, demonstrating in practice how to cope with NLB sessions, volatile application URI, dynamic configuration, metadata generation, tracing and so on. Labs from the Identity Developer Training Kit

This session provides a light introduction to claims-based identity: the problems it solves, the canonical authentication scenario, key concepts and terminology.The main Windows Identity Foundation API surface for non-security developers is introduced.

The first lab of the workshop offers an overview of what can be achieved when using WIF with Web sites: authentication externalization, integration with IsInRole and ASP.NET authorization, customization of the application via claims, claims-based authorization.This video introduces the viewer to the lab format and gives some advices about lab execution. Labs from the Identity Developer Training Kit

In this session you will learn about the difference between IP-STS and FP-STS and how to choose where to put STSes in your architecture. You will learn about federation, home realm discovery and how to leverage the WIF extensibility model in order to handle multiple identity providers.

This short session explores the architectural implications of using claims for authorization purposes