I need to determine what operations are safe to do with users who are using LiveID for authentication. My backend relies on IDs to grant access to users, and that ID has to be consistent across migrations of my project.
Can someone tell me if the unique ID returned for a user from the ACS is consistent between
* Labs ACS and Prod ACS
* Different relying parties in different subscriptions (in prod)
* Different RPs in the same subscription
* If I delete and rebuild the RP to the same realm, same account
The user ID that you receive from ACS for Windows Live ID will be specific to that user at your service namespace. If you use a different service namespace, you'll get a different value for the same user. So to answer your questions:
* Labs ACS and Prod ACS [Different IDs]
* Different relying parties in different subscriptions (in prod) [Different IDs]
* Different RPs in the same subscription [Same ID if the service namespace is the same, different for 2 namespaces in the same subscription]
* If I delete and rebuild the RP to the same realm, same account [Same ID]
Can you explain more about your scenario? If you're going to try using multiple ACS service namespaces to authenticate to the same service, how are you going to decide which namespace to send your users to?