Authentication/Authorization using ACS

Question

I want to know about the Authentication/Authorization for my app.
I want multiple users to access the application at the same time, of course with proper authentication, and limited access - incremental authorization (think of Role Based Access !!). I want to implement ACS for this.

As per my knowledge, there can be only one username/password per solution. With this i cant have incremental authorization. So this method goes void.
Currently I dont want to delve into cardspace and Certificates. (I'll try this out later).
Latest CTP release states WLID is no more supported. (If WLID is supported how can I implement it ?)
Finally i have decided to use Active Directory (of my company).

Now i am totally confused from where to start... :(

I was going through some other posts. Many of them suggested using "Geneva Framework" ( now Windows Identity Foundation - if I am right) for the Federation of the AD.

- Is it compulsory to use Geneva Framework? Or is there some other solution? (Can i create my own security token ?)
- Also, how will i associate a scope(/rules) with a particular service?
- What is relevance of the url for the Scope?
- Can I generate my own custom claims (input)?
- Pls provide some guide lines to start coding.

Thanks.

---

~MANISH

Answer 1

Hi Manish,
For a start you can start looking at the AccessControl samples in the Nov 2009 CTP release of .Net Services. You can configure Access Control service with issuers and rules to design a role based authentication/authorization system. The service can also integrate with Active Directory exposed through an ADFSv2 STS - we will have a community sample on this for PDC 09.

Thanks,
Arnab.