Windows Azure Access Control with ASP.NET Membership

I have an existing production application that uses vanilla ASP.Net Membership for a开发者_如何学Cuthentication.

However, I'd like to provide other means of authentication as well as the current ASP.net membership system, such as Facebook.

The Windows Azure Access Control Service makes this extremely easy and straight forward. Provided, that is, you're starting a new web application from scratch.

So, in this case, how do I

1. Integrate the Access Control Service authentication into my app without affecting the current login system and its users?
2. Migrate users over or Link logins? ( not sure if this is even possible)

Thanks all

Roberto

You need to create a custom identity provider based on your membership database. See this article on custom WS-Federation Identity Providers that can be integrated to access control: http://msdn.microsoft.com/en-us/library/windowsazure/gg185933.aspx

Also see this article on one that was written on top of the membership database: http://blogs.msdn.com/b/vbertocci/archive/2009/04/23/enhance-your-asp-net-membership-based-website-by-adding-identity-provider-capabilities.aspx

Approach of creating an identity provider (IP) based on your ASP.NET membership database which Paul Tyng suggested is valid.

However, it means that if you just create an IP you'll allow log in to all people who are authorised with other IPs (e.g. Google or Facebook). I'm guessing it's not what you want - you'd still want people to first register (either plainly with username-password or with their external identity). If that's the case then your task is the following:

1. Add a data store for users' external identities which is related to your existing Users table.
2. Modify the ACS login handling within your application to check that the identity returned from ACS actually exists in your members database.
3. Perform member log in (instead of federated log in) if you found the returned identity in your db.
4. Add external identity tie in during the registration process so your Identities table can be actually populated.
5. (optional) Re-use the bulk of the #4 mechanism to provide an ability to attach external identity to existing user accounts (i.e. I already have a normal membership with you and now want to add an ability to log in with Google as well, for example).

There is no one single tutorial/walk-through to achieve this (or I have not found one) so I had to pull bits from a variety of sources to make it work. Please let me know in the comment if I understood your requirement correctly and I'll add a guide on how to set this up. Cheers!

Might be a bit late, but check out the following blog posts by fellow Windows Azure MVP - Dominik Bayer:

• Mixing Forms and Token Authentication in a single ASP.NET Application
• Mixing Forms and Token Authentication in a single ASP.NET Application (the Details)
• Replacing ASP.NET Forms Authentication with WIF Session Authentication (for the better)

Invaluable readings which will help you in any way!