Friday, March 9, 2012

Using Windows Azure Access Control Services for Windows Live Authentication using Live Id SDK and ADFS authentication – Part 1

After long time I am writing post today. Well I was busy in doing some important work related to Azure which took substantial amount of time. Today I am going to discuss the same.
I will guide you on how I used Azure ACS along with Windows Live ID. The main problem with Windows Live Id using with Azure ACS is that, you don’t get profile information. Means you will not receive the email ID, user name etc information as claims from Azure ACS when using Live Id. So what is the solution?
Also I want to use ADFS (Active Directory Federation Service) for which I need to use ACS. So how can I integrate Access Control Services with Active Directory Federation Services and Live ID and get required information in claims? Following post talks about the same.

Here I assume that, you already have an ACS namespace configured on Azure Management Portal. Also you have configured Identity Providers – ADFS and Live ID, relying party for URL – http://127.0.0.1/ along with necessary rules. For example “name” rule for live ID and default rules that get generated for my ADFS. If local cloud environment is running on port 81 then relying party URL will be – http://127.0.0.1:81/ I am running on port 80 so throughout the explanation I will use http://127.0.0.1/ only.




Now create simple cloud service application with 1 web role in it in visual studio and then Add STS Reference.

So final solution will look like as follows –


Now I will run my application and login with my ADFS. Then I will show you what claims I receive when I use ADFS. Following screenshots explain the same –
This is my sing in page loaded from Azure ACS showing 2 identity providers ADFS and live ID. I login with “My ADFS” –




After successful login I receive following claims like email address, name etc and my name gets populated in default.aspx username label automatically.




Now I run the project again and instead of “my ADFS” I choose Live ID button to login in to my application. Then I receive following information –




Add reference of Microsoft.IdentityModel.dll  in your web role to get above information about clams collection.
It is very clear from above screenshot that, we don’t receive profile information such as name, email ID when we use ACS – Live ID. Instead we receive a unique identifier. So how can we receive profile information from Live ID.
The following post talks about how we can receive profile information using Live ID along with Azure ACS – Part 2.

1 comment: