Azure Access Control: filter on domain

Question

Hi,

I'm new to Azure Access Control, so this might be a trivial question.

I have setup an asp.net website, and secured it using Azure Access Control,
by adding a STS reference. That works out nicely.

My identity provider is google.
Now, I would like to set it up in such a way, that not everyone with a google account can log in,
but only users within a specific google domain, let's say @SomeGooglePartner.com.

 

What would be the best way to achieve this?
- Is it possible to set up any filtering in the azure management portal?
- Listen to specific "WSFederationAuthenticationModule" events, and act upon them?
- Create my own "WSFederationAuthenticationModule" as a subclass from WSFederationAuthenticationModule.
  Then override the "OnSignedIn" method, and throw an exception if it email address claim
   is not from "SomeGooglePartner.com" ?


Thanks for your time!
Koen

 

 

Answer 1

Please try to modify the config in acs rules, such as Input Claim value to set the specify google domain, the identity provider is Google. About the next question, i am not very sure for the "set up filtering in azure management portal", do you want to create a custom authentication validation? Please use Federation Authentication in Windows Azure, just like WIF or ADFS for archieving your goals, please refer the following links:

http://msdn.microsoft.com/en-us/WAZPlatformTrainingCourse_WindowsAzureAndPassiveFederation2010

http://msdn.microsoft.com/en-us/WAZPlatformTrainingCourse_WebServicesAndIdentityInTheCloud2010

http://msdn.microsoft.com/en-us/WAZPlatformTrainingCourse_ACSV2Federation