Azure Active Directory’s Access Control Service (ACS) is being retired on Nov8, 2018. In most cases, this will break web applications (hosted on Azure or on-prem using AAD) that utilize this service to authenticate users.

How do you know you are going to be affected?

  1. 1. If your web application supports an OAuth type of sign – including’sign in with a microsoft account’ or a Google, FB or Yahoo account or even ADFS, you may be at risk. Chances are you set this up in AAD using the ‘passive’ sign in feature of ACS.
  2. 2. If you hosted a Web API (or WCF Web Services) and controlled access to the API using tokens issued by AAD. Chances are that access was being controlled by ACS as well.
  3. 3. If your app authenticates users to additional Azure Services – including Azure Service Bus or Dynamics CRM, your app may be at risk.

 

That was the bad news. What can you do?

Contact Anuj Varma to see if he can help refactor your code to accommodate this change.

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

 Twitter Linkedin