Right now when the user is authenticated (over Azure ACS with WIF enabled for SWT tokens) it dont look like I can let them sign in again with a new provider and get two tokens.
im looking for a pattern that would let users link two accounts together?
As per Identity Providers, you get a unique "Name Identifier" per provider. You would have to manually link them together by storing them in a repository.
e.g.
Update:
You need to have a "control" identity e.g. something like the normal SQL membership provider. So firstly they log in as this identity. Then you have a workflow that asks "Would you like to use another identity?" You know their control identity so you map the new "name identifier" to the control identity. If they log in with one of the ACS identities, you search your repository. If you don't find it. you say "We haven't seen this identity before. Please log in as your control and then map it".