The new ACS ships!


Last week we shipped a new version of the Windows Azure AppFabric Access Control service. and MIX is all a buzz about it!

The new ACS includes a plethora of new features that you guys have been asking with enthusiasm: single sign on from business and web identity providers, easy integration with our development tools, support for both enterprise-grade and web friendly protocols, out of the box integration with Facebook, Windows Live ID, Google and Yahoo, and many others. If that would not be enough to get your attention: as part of a special promotion, customers and partners will be able to use ACS free of charge until at least January 2012. Pretty neat eh?

In order to help you  to hit the ground running , today we are releasing a series of new assets (videos, samples and live sites) that complement the existing documentation and samples that come with the service. Below you can find a brief description and links for each of the assets.

New Code Resources

Identity Training Kit


All the ACS labs in the new Identity Developer Training Kit and Windows Azure platform Training Kit released today have both been updated to point to the ACS production service.

Furthermore, we added one new lab which demonstrates how to take advantage of ACS for handling user authentication in your WP7 applications and how to use OAuth2 for securing calls to OData services from the phone.

Both training kits are also available unbundled as MSDN courses here and here.

ACS Extensions for Umbraco


With over 85,000 websites running it, including Wired, Heinz and Vogue, Umbraco is the most widely adopted CMS on the .NET platform.
In the last few weeks we worked on some extensions which seamlessly integrate key ACS features into the Umbraco’s administrative UI.

Today we are releasing the ACS Extensions for Umbraco, both in source code and NuGet package forms.

Niels Hartvig, Founder of Umbraco, is quoted saying:

We're excited about the very diverse integration scenarios the ACS (Access Control service) extension for Umbraco allows. The ACS Extension for Umbraco is one great example of what is possible with Windows Azure and the Microsoft Web Platform

Visit for downloading the source package and the comprehensive documentation, or install the extension directly from Visual Studio. All the main tasks are demonstrated by three screencasts on Channel9 (see below)

ACS Plugin for Wordpress


ACS is entirely based on open standards: as such, it can be used by applications running on any platform, and we have proof. Aaron Smalser from the ACS team wrote a PHP plugin for Wordpress which integrated with ACS. You can get it from
From the readme:

The ACS WordPress Plugin allows WordPress hosts to enable federated login for their WordPress site using Windows Azure AppFabric Access Control Service (ACS) 2.0.
WordPress administrators can use ACS to create trust relationships between their site and identity providers such as Windows Live ID, Facebook, Google, Yahoo!, and custom identity providers such as Microsoft Active Directory Federation Services 2.0. The ACS WordPress Plugin then renders a custom login page based on the ACS configuration, and enables end users to log in to the WordPress site using an identity provider of their choice.

myTODO AppFabric


Many of our samples aim to demonstrate realistic end to end cloud scenarios, where identity is one of the many aspects developers and architects need to consider. This has always been well received, however you asked us to highlight some key tasks in simpler examples as well. MyTodo AppFabric is one such sample: it shows how to use ACS for brokering authentication to web identity providers, how to host a custom HDR page and how to handle token-based registration in a very, very simple scenario. You can download it from here, and see it in action on an live instance running in Windows Azure (see below).

FabrikamShipping SaaS


FabrikamShipping SaaS, our most comprehensive cloud sample to date, is being updated to the ACS production environment.

New Videos


This is the news that so many have been waiting for: the new version of Access Control Service finally hit RTW stage!
Stuart Kwan, Principal Group Program Manager on the Cloud Identity Platform team and recurrent guest on the IdElement, gives a four-minute introduction to the service and touches on the pricing model. For example, did you know that you can use ACS in production free of charge until at least January 2012? Jump to and get started NOW!


If you want to understand what the Access Control Service is really about, look no further: this is the interview you want to watch.
Justin Smith, Principal Program Manager Lead for the Windows Azure AppFabric Access Control Service, worked on ACS from its very first version. From that vantage point, Justin looks back at the roots of the problem that ACS is meant to solve, retraces the trajectory that the service has been following from its 1.0 version to the new 2.0 release, and touches on some of the most important scenarios it addresses.


Have you ever tried to handle authentication for a mobile app, regardless of the platform? Every provider has its own protocol, which forces you to write and maintain a lot of different implementations. Writing protocol code on devices might not always be easy, and the fact that web protocols are moving targets which change every few months doesn't help.
Nobody knows this better than Caleb Baker, Senior Program Manager on the ACS team. Caleb has been working on making it real easy to outsource to ACS your mobile authentication woes: his solution is the base of the new ACS+WP7 hands-on lab in the Identity Developer Training Kit.
In this quick interview Caleb examines in details the authentication flow of his solution, from the Silverlight control which wraps most of the ACS integration to the way in which the phone app uses OAuth2 to secure calls to one OData service.
Caleb also worked on improving the way in which errors are handled in federated scenarios, and drove interesting features in ACS which can really help with that: thanks to his explanation here, you'll be able to use those features in just minutes. Folks, don't miss this interview!


ACS may be a PaaS service, but the programmatic route is not the only way to is heart: there are many situations in which developers, administrators and users interact directly with it.
The new release of the Access Control Service features a management portal you can use for managing your access control policies, from which identity providers you want to engage with (you have a choice of social providers, such as Windows Live ID, Facebook, Yahoo, Google and any OpenID or OAuth2 provider, and business providers, such as Active Directory Federation Services instances or any other WS-Federation/WS-Trust provider) to the transformation rules which decide what claims will be available to your application.
Furthermore, ACS now provides various features aimed at solving the home realm discovery problem (HDR): in practical terms, features which make it easy for developers and end users to always pick the right identity provider.
The man behind those features is Aaron Smalser, Program Manager on the ACS team: in this 20-minutes interview Aaron discusses the user interaction aspects of the service from his unique perspective.


The Access Control Service (ACS) Extensions for Umbraco code sample is one extensions to Umbraco 4.7 which enables you to authenticate users from Facebook, Windows Live ID, Google, Yahoo, Active Directory and other identity providers. Setup, user management and handling of authorization policies are all seamlessly integrated in the Umbraco UI. Download the ACS Entensions for Umbraco here .

All the screencasts in the series:

  • · 1 Setup
    This screencast shows you how to set up Umbraco 4.7 and install & configure the Access Control Service (ACS) Extensions for Umbraco.
  • 2 SignIn and Authorization for Social
    In this screencast you will learn how to use the ACS Extensions to add sign in, sign up and authorization features to your web site. Furthermore, you wil learn how to invite users from Facebook, Windows Live ID, Google and Yahoo to your web site and manage their access level via roles.
  • 3 ADFS2 Integration
    In this screencast you will learn how to use the ACS Extensions to grant access to users coming from business identity providers (like ADFS2) to your Umbraco web site.


All work and no play makes your PaaS dull! J

In this lightning-fast screencast you'll see how ACS helped the guys at to handle their authentication needs, without compromising anything in the stunning visuals in their latest creation, the online strategy game at .

2nd Edition of “A Guide to Claims based Identity”


This new edition of the patterns & practices’ “Guide to Claims based Identity”, has been extended with 5 new chapters covering the recently released “Window Azure Access Control Service”, Windows Phone 7 and SharePoint. After an introduction of the core concepts and principles of claims based identity, the book provides guidance on common scenarios such as: WebSSO, Federation, claims based authentication with SOAP and REST web services; and claims enabling SharePoint. It also includes extensive downloadable code samples that demonstrate each of the described scenarios. Get it at

New Live Web Sites

myTODO Live Instance


At you can find a live instance of the myTodo AppFabric sample described above. The application is entirely self-service, since anybody can sign up and create new lists. That’s a very good asset for quickly experiencing basic concepts in action, such as federated sign in, custom HDR pages, sign up and registration flows and similar.

ACS Extensions Live Instance


At you can find one instance of Umbraco with the ACS Extensions on. Social members need to be registered with the web site, hence you can’t use web providers there, however you can use it for experiencing ADFS integration with the AdventureWorks’ SelfSTS utility you can find in the FabrikamShipping SaaS companion (available for download at

FabrikamShipping SaaS


The live instance of FabrikamShipping SaaS at proved to be a valuable asset for customers who use it to provision new tenants daily, as a booth demo at many important events (PDC, RSA, TechEd) and even as keynote demo (TechEd Europe, TechEd China). The ACS labs environment is still up hence the transition to ACS prod should be smooth.


clip_image033 will start accepting beta participants this spring: its ACS integration is a real beauty, and makes it for a gorgeous demo without requiring you to install anything on your machine.


If you have feedback on those samples, please do not hesitate to drop me a line. We are committed to empower you to use our services in the most effective way.

Please join me in congratulating the ACS team for their incredible work!