Azure AppFabric Access Control Service (ACS) v2 Token Transformation Rules
Azure AppFabric Access Control Service (ACS) v2 provides powerful feature of token transformation. It gives you ability to transform a token by adding new claims or changing claims that come with the original token. Consider the following generic architecture of ACS:
Notice that the token received from IdP (Identity Provider), colored green, is different from the token received from ACS, colored blue. The transformation is done by ACS and its behavior can be controlled by using Rules and Rule Groups.
Each rule describes specific transformation. Rules are not directly associated with your application. Rules aggregated into Rule Groups, Rule Groups applied to your application (Relying Party). Consider the following diagram:
The process of creating token transformation can be described be as follows:
- Create transformation Rules.
- Aggregate relevant rules into Rule Group.
- Apply relevant Rule Groups to Relying Party.
Related Books
- Programming Windows Identity Foundation (Dev - Pro)
- A Guide to Claims-Based Identity and Access Control (Patterns & Practices) – free online version
- Developing More-Secure Microsoft ASP.NET 2.0 Applications (Pro Developer)
- Ultra-Fast ASP.NET: Build Ultra-Fast and Ultra-Scalable web sites using ASP.NET and SQL Server
- Advanced .NET Debugging
- Debugging Microsoft .NET 2.0 Applications
Related Info
- Windows Identity Foundation (WIF) and Azure AppFabric Access Control (ACS) Service Survival Guide
- Windows Phone 7 and RESTful Services: Delegated Access Using Azure AppFabric Access Control Service (ACS) And OAuth
- Integrating ASP.NET Web Applications With Azure AppFabric Access Control Service (ACS) – Scenario and Solution
- SSO, Identity Flow, Authorization In Cloud Applications and Services – Challenges and Solution Approaches
- Azure AppFabric Access Control Service (ACS) v 2.0 High Level Architecture – Web Application
- Azure AppFabric Access Control Service (ACS) v 2.0 High Level Architecture – REST Web Service Application Scenario