I'm developing a software using windows azure as backend. I'm thinking about user authentication and how to go about it. Windows Azure ACS seems like a good way to handle user authentication and not have to worry about usernames/passwords etc. But how far does that take me? At what point should I consider also using Windows Azure Active Directory? Any significant downsides to not having an AD?
2 Answers
ACS does not provide authentication - it only brokers between different authentication providers. That's the big distinction with WAAD - they actually store accounts and credentials, have a user management UI and provide authentication services.
You are definitely on the correct train of thought on this. Here are some observations I have made while developing applications for Azure.
ACS is the way to go, period. In this day and age there is no reason to roll your own security system. Let your users log in with their Gmail or Facebook accounts and they will love you for it. There are plenty of people in the world now that will simply not use your site if they have to create yet another profile.
ACS makes it super-simple to integrate any OAuth provider into ACS and provides several for you right out of the box. ACS even provides a custom login page that handles most of the heavy lifting already. This solution should be what you need for 99% of your applications.
As far as Active Directory goes, you only need it if you are trying to build an intranet type site hosted in Azure. As a rule of thumb, if you are building a site for a company that wants employees to use their existing credentials and security groups to access your system, then use Active Directory. If you don't have this as a requirement, you can safely ignore it.