Q20. What are Azure Access Control Services?

Access Control Service (ACS) is Cloud based and is an authenticating and authorizing service. Authentication is the process by which we determine whether a person or an application or a service is what he or it claims to be.

We are familiar with using usernames and passwords for authentication and ACS is one form of authentication. When a user enters a username and password, it is concluded that the person is what he claims to be. Prior to entering a username and password, the user has to undergo a process of registration. For financial transactions, a more rigorous process is adopted. A popular method is to issue a digital certificate and get a verification from a Certificate Authority.

Using this service, we can allow users to gain access to applications and services. When we use ACS, the authentication settings need not be included in the code and it is a major advantage as a considerable amount of repetitive work is eliminated. ACS comes with Single Sign On and centralized authorization capabilities which we can integrate into our web applications. The additional advantage of the Single Sign On is that users need not login multiple times to avail the services.

Microsoft allows integration of ACS with Active Directory, and web identities such as Windows Live ID (Microsoft account), Google, Yahoo!, and Facebook.

Important words:

Digital certificate

A digital certificate is a certificate consisting of identification information of the subject, subjects publiv key value, issuing authorities name and issuing authorities digital signature. When information is available for exchange along with a digital certificate then the information is deemed to be secure.

Certificate Authority

A Certificate Authority can be a company or an organization or a group of companies. There is no regulation in this business but only companies of repute and popularity with a proven capability in technology issue these certificates.

Active directory

There are two Active directory services offered by Microsoft. One is Azure active directory and other is Windows Server active directory. Active directory is a database and the name active is probably derived from the fact that the directory is a database of all the users, groups and organizations – their permissions and usernames etc. Azure Active directory is also similar to active directory and much more sophisticated.