Chapter 9

Identity in Azure

What’s in This Chapter?

• Understanding a federated identity and claims-based identity
• Working with federation and claims with Windows Identity Foundation
• How to deploy and troubleshoot a WCF service on Windows Azure

Most applications need some way to identify users and to determine what a specific user may or may not do, and this is no different for applications running in Windows Azure, in fact it’s more critical for many reasons. Windows Azure is unlike your typical server sitting in a data center under your control, in that applications are not part of your own network environment or domain. In your own network, you can fall back on the security at an infrastructure level, which is definitely not the case in Windows Azure, which is accessible from anywhere, so you need to compensate for this. Also, you can’t rely on network credentials to authenticate users because that doesn’t work over a firewall. Another aspect of the security picture is the increasing need for applications to interact. Put this all together, and you need a different strategy for identity.

Identity in the Cloud

Many applications (or services) need to uniquely identify the user—some for the purpose of giving you a personalized experience, and others to determine your access rights. Until a few years ago, you could be identified in two ways. The first was through credentials like a username and password unique to the application; the other was through your network credentials used ...