I'm new to Azure Access Control, so this might be a trivial question.
I have setup an asp.net website, and secured it using Azure Access Control,
by adding a STS reference. That works out nicely.
My identity provider is google.
Now, I would like to set it up in such a way, that not everyone with a google account can log in,
but only users within a specific google domain, let's say @SomeGooglePartner.com.
What would be the best way to achieve this?
- Is it possible to set up any filtering in the azure management portal?
- Listen to specific "WSFederationAuthenticationModule" events, and act upon them?
- Create my own "WSFederationAuthenticationModule" as a subclass from WSFederationAuthenticationModule.
Then override the "OnSignedIn" method, and throw an exception if it email address claim
is not from "SomeGooglePartner.com" ?
Please try to modify the config in acs rules, such as Input Claim value to set the specify google domain, the identity provider is Google. About the next question, i am not very sure for the "set up filtering in azure management portal", do you want
to create a custom authentication validation? Please use Federation Authentication in Windows Azure, just like WIF or ADFS for archieving your goals, please refer the following links: