azure - When not to use ACS? -


i've been researching azure access control service (acs), , looks it's @ handling authentication heterogeneous (configurable) identity providers. there number of additional scenarios appears support (see example acs how-to's).

the question have opposite: me understand, in order use properly, acs not for. limitations of acs, and/or scenarios acs inappropriate?

(assume, sake of argument, plan create - profitable :) - public web api , corresponding web site front-end, hosted in azure - i.e., care user identity. if like, can further assume system built using .net.)

thanks!

you shouldn't use acs identity provider.

occasionally see confusion role acs serves. acs @ core federation provider, there valid scenario in want backend service (a trusted subsystem) authenticating directly acs using shared secret or certificate. can done using service identities. however, more once i've seen acs scenarios proposed multiple accounts provisioned, , going achieved creating service identity each user.

that's not how acs designed. if suddently have thousands of users, making acs authoritative source user directory won't scale. acs offers nice rules engine designed normalizing incoming claim types various identity providers, or simple authorization policy such generating role claims.

but acs' capabilities here should not confused powered directory, authentication , authorization solutions such ad , adfs. in short, acs not version of ad/adfs.


Comments

Post a Comment

Popular posts from this blog

jquery - Invalid Assignment Left-Hand Side -

i trying assign class tag via jquery, resulting in error through firebug says "invalid assignment left-hand side" on fourth line below. <cfoutput> $('.pngfix a').each(function(index) { var hreflink = $(this).attr("href"); if (hreflink.tolowercase() = '../audio.cfm') { $(this).addclass('audioimg'); } }); </cfoutput> looking around online, looks syntax problem, don't seem see it... any tips? thanks if (hreflink.tolowercase() = '../audio.cfm') that attempts assign value, rather check equality. change = operator == .
Read more

java - Play! framework 2.0: How to display multiple image? -

i need display gallery of photos. here template: @(photos: list[photo]) @title = { <bold>gallery</bold> } @main(title,"photo"){ <ul class="thumbnails"> @for(photo <- photos) { <li class="span3"> <a href="#" class="thumbnail"> <img src="@photo.path" alt=""> </a> </li> } </ul> } and here controller method: public static result getphotos() { return ok(views.html.photo.gallery.render(photo.get())); } and here photo bean : @entity public class photo extends model { @id public long id; @required public string label; public string path; public photo(string path, string label) { this.path = path; this.label = label; } private static finder<long, photo> find = new finder<long, photo>( long.class, photo.class); public static list<phot...
Read more

gmail - Is there any documentation for read-only access to the Google Contacts API? -

i want read-only access user's google contacts. there stackoverflow member wanted this, , received following answer : yes, there is, use https://www.googleapis.com/auth/contacts.readonly scope , "view contacts". this exchange reference read-only access google contacts can find using google. simply using access token obtained attempt read usual google contacts api (i.e. https://www.google.com/m8/feeds ) fails insufficient permissions. similarly, using google contacts api on new target fails 404 errors (for example https://www.googleapis.com/auth/contacts.readonly/default/full ). is there documentation anywhere on how use api, or permissible way access google contacts api full read-write access?
Read more