7/27/2019 Azure Identity 6 Sep 2013
1/16
1Copyright 2013 Tech Mahindra. All rights reserved.
Identity and Access
7/27/2019 Azure Identity 6 Sep 2013
2/16
2Copyright 2013 Tech Mahindra. All rights reserved.
Agenda:
Identity Definition and Technology.
Role Based Identity
Claim Based Identity
Azure ACS Service
How is ACS and ADFS 2.0 Work together
Azure Active Directory Services
Demo
7/27/2019 Azure Identity 6 Sep 2013
3/16
3Copyright 2013 Tech Mahindra. All rights reserved.
Identity
Identity is collection of information about entity.
Name
ID No
BiometricsE-Mail
PhotographAddress
7/27/2019 Azure Identity 6 Sep 2013
4/16
4Copyright 2013 Tech Mahindra. All rights reserved.
Identity Technology
Azure support a wide range of Identity technology.
Windows Server Activity Directory.
SQL Server
Windows Identity Foundation (Claim based approach )
Open Id
Certificates Information Card
7/27/2019 Azure Identity 6 Sep 2013
5/16
5Copyright 2013 Tech Mahindra. All rights reserved.
Identity on Cloud
Windows Azure Support both role based and claim based identity
management.
Identity Technology
Windows Domain Join (Role based )
User Name/
Password
Asp.net Forms Authentication (role based /
Claim based)
Claim Based Azure ACS (claim based)
Claim Based Azure Active Directory Services
7/27/2019 Azure Identity 6 Sep 2013
6/16
6Copyright 2013 Tech Mahindra. All rights reserved.
Role based Identity
Credentials are map to an Identity.
Identity is member of one or more Role.
Application use Roles to authorize Identities.
Implementation is in Azure.
7/27/2019 Azure Identity 6 Sep 2013
7/167Copyright 2013 Tech Mahindra. All rights reserved.
Web
RoleWorker
Role
SQLAzure
Sql
Server
On- Premise
Identity Store
Role Based ImplementationASP .NET Member Ship
Continue to use Form Basedauthentication
Scenario enabled :
Upload the DB to SQL Azure
Change the configuration toconnect Sql azure
Domain Join
Connect Plug in supportsdomain join of Windows
Azure Role to On- PremiseAD
Scenario Enabled :
Login to Azure instanceusing domain account.
Connect On -premise serverusing windowsauthentication.
7/27/2019 Azure Identity 6 Sep 2013
8/168Copyright 2013 Tech Mahindra. All rights reserved.
Why Role based Authorization
Simple Scenario:
Easy migration of tradition application
Domain join Scenario
No Federation or SSO Required.
7/27/2019 Azure Identity 6 Sep 2013
9/169Copyright 2013 Tech Mahindra. All rights reserved.
Claim based Identity
A Claim holds information relevant to the identity.
Each Claim has a type and issuer.
Application use claims to authorize identities.
Token is a collection of claim and are signed.
Security Token Service (STS) map Credential to a token.
7/27/2019 Azure Identity 6 Sep 2013
10/1610Copyright 2013 Tech Mahindra. All rights reserved.
Claim based approach
Secure Token Service
End User Claim Aware Application
Claim
Framework(WIF)
App Business
Logic
Configure :
Trust (Sign
key)
Configure :Claim rules
(Federation
Metadata0
1. Get Policy
4. AuthN(Claim)
5.Grant
Access
7/27/2019 Azure Identity 6 Sep 2013
11/1611Copyright 2013 Tech Mahindra. All rights reserved.
Why Claim based Identity Management
Claims provide a framework that can be consumed by all applications
regardless of their location
Allows the identity token to carry more information than just the user and group
memberships
Your trusted partners manage the identity and authentication of their users
The solution is based on industry standard protocols
Works for browsers and web services
7/27/2019 Azure Identity 6 Sep 2013
12/1612Copyright 2013 Tech Mahindra. All rights reserved.
Azure ACS
Provides Rules driven, claim based authorization.
Key Feature
Broad identity provider list
Ws- Trust and Ws- Federation protocol support.
Full integration with WIF
Configurable.
7/27/2019 Azure Identity 6 Sep 2013
13/1613Copyright 2013 Tech Mahindra. All rights reserved.
How is ACS and ADFS 2.0 Work together.
ADFS 2.0
End User
AuthNu
singkebrsoretckt
Web
Role
ACS
RP
IP
RP
IP
List of Identity
Provider
--1-
--2-
--3-
SAML
7/27/2019 Azure Identity 6 Sep 2013
14/1614Copyright 2013 Tech Mahindra. All rights reserved.
DEMO
7/27/2019 Azure Identity 6 Sep 2013
15/1615Copyright 2013 Tech Mahindra. All rights reserved.
Azure Active Directory ServicesWindows Azure Active Directory is modern cloud service providing
identity management and access control capabilities to cloud application.
7/27/2019 Azure Identity 6 Sep 2013
16/1616Copyright 2013 Tech Mahindra. All rights reserved.