Welcome to the waad-acs-sample!
The goal of this project is to provide a simple example that illustrates how you can use Windows Azure Active Directory (WAAD) and Access Control Service (ACS) to provide both authentication and authorization services to a website hosted using Windows Azure Websites. In brief, a user of the web site will be able to authenticate using either WAAD or another online ID (such as a Microsoft or Google account), rules in ACS will determine the user's role membership, and the website will use the role to control access to pages within the site.
The sample also shows how you can query the Microsoft Account (Live ID) servers for additional user information from the website if the user chooses to authenticate using a Microsoft Account. Typically a Microsoft Account only delivers two claims (Name Identifier and Identity Provider) to ACS for ACS to pass on to your application. By using the Live APIs from the web application, it is possible to discover the user's name and other information if the user gives consent. The sample shows an approach to using this information to personalize the website.
The project will include sample code, PowerShell scripts, and a description of how the sample works.