Subscribe for updates by RSS
  Send to friend by Email
  Share on Facebook
Programming Windows Identity Foundation
Update: ACS content is live on MSDN and can be quickly accessed using human friendly URL -

This article is a collection of resources that will help you to get up and running with Windows Identity Foundation (WIF) and Windows Azure AppFabric Access Control Service (ACS) v2.

Think of it as of a map that helps you navigate WIF and ACS terrain.

Below is the Table of Contents  (TOC) to help you better navigate through the resources. The content organized the way that simplifies the task of finding the answer. You do not have to parse through the whole article – skim through the TOC and find relevant section.


Getting Started


What is it?

The following resource will help you understand what Windows Identity Foundation and Azure AppFabric Access Control Service (ACS) are so you will be able to ask a more focused scenario driven questions.


How does it fit?

The following are some of the common Application Architecture Scenarios where Windows Identity Foundation and/or Azure AppFabric Access Control Service can be used. Note, there is more that are not covered yet in this article.


How To Make It Work?

Following are few how-to's to get you up and running with Windows Identity Foundation and Azure AppFabric Access Control. After walking through these your probably want to skip to the WIF Anatomy and Quality Attributes sections. If you are interested in deeper learning consider skipping to the Video section where you can find the references to the whole Identity Workshop by Vittorio Bertocci, or you could just grab his book - found in books section.


Case Studies


WIF/ACS Anatomy




Identification (how a client identifies itself)


Authentication (how client's credentials validated)

Identity flow (how the token flows through the layers/tiers)

Authorization (how relying party - application or service - decides to grant or deniy access)



Quality Attributes


Supportability defines how easy it is for operators, developers, and users to understand and use the application, and how easy it is to resolve errors when the system fails to work correctly.


Testability is a measure of how easy it is to create test criteria for the system and its components, and to execute these tests in order to determine if the criteria are met. Good testability makes it more likely that faults in a system can be isolated in a timely and effective manner.


Interoperability is the ability of diverse components of a system or different systems to operate successfully by exchanging information, often by using services. An interoperable system makes it easier to exchange and reuse information internally as well as externally.


Performance is an indication of the responsiveness of a system to execute any action within a given time interval. It can be measured in terms of latency or throughput. Latency is the time taken to respond to any event. Throughput is the number of events that take place within a given amount of time.


Security defines the ways that a system is protected from disclosure or loss of information, and the possibility of a successful malicious attack. A secure system aims to protect assets and prevent unauthorized modification of information.


Flexibility is the ability of a system to adapt to varying environments and situations, and to cope with changes in business policies and rules. A flexible system is one that is easy to reconfigure or adapt in response to different user and system requirements.

Content Channels






SDK Reference




Content Types


Architecture scenarios




Troubleshooting cheat sheets

Code samples






Related Technology


Additional Q&A