We have a mobile web platform that we are developing above Azure. We have a website which is a regular passive authentication scenario and mobile client infront of a web serivce which is active authentication scenario. We want to create our own users identities store and not base ourselves upon others , currently he are the options we mapped and I have added questions regarding them: (Correct me if I am wrong or writing something silly).
1.Asp.net membership -Was not originally built for active scenario also will block us in the future if we also want to support OpenId/OAuth providers. Also , does not support SWT/SAML tokens , so in the future we will need multiple security handlers in our services environment. Do you know any good way to integrate this with Azure ACS if we need to in the future ?
2.ADFS 2.0 : We can install active direcotry on a virtual machine and manage all users through that , in the future we can integrate this to Azure ACS , supports SWT. Is Active Directory not an overkill for basic users authentication ? Wont it be an IT overhead (something we desperately want to eliminate) .
3.We can perhaps install other identity management servers - such as Oracle Identity management , again , on a virtual machine and integrate Azure with that as custom STS. Oracle has designated web access products line : http://www.oracle.com/technetwork/middleware/id-mgmt/overview/index.html
4.We can use Azure service identities , and simply add users to there. Our main question here is if we can add large amounts of users to this scope (more then several millions).
Regards ,
James
I would suggest making your own STS, but maybe use OpenID or Facebook or someone to do the authentication. Or you could do something like this to store your own usernames, etc:
http://www.soulier.ch/?p=1105&lang=en
But you will run the risk of storing these credentials and have to make sure you don't store it in a way that could be compromised. I don't think service identies would be good for that volume of users.
You may want to check out:
http://identityserver.codeplex.com/
http://garvincasimir.wordpress.com/2011/08/06/azure-acs-plus-asp-net-mvc-memberships/