What would be the best way to configure Azure ACS so that when I run locally in the development fabric I can still authenticate?
I just want to configure once and be able to develop locally and publish to azure without having to make changes to the config. I'd even be open to not using Federated Auth when developing locally as long as I could somehow fake a claim.
You can have of Web.Config and Web.Release.Config (transformation file per build configuration).
Web.Config is for your local development where you have realm, audience URLs pointing to your local address i.e. 127.0.0.1.
You then can write transformation file for Web.Config, e.g. Web.Release.Config where you would write transformation to replace above value with actual deployment URLs. I am assuming that you would use release build for deploying to azure.
This is how your web.config.release would look...
<microsoft.identityModel>
<service>
<audienceUris>
<add value="https://abc.cloudapp.net/" xdt:Transform="Replace" />
</audienceUris>
<serviceCertificate xdt:Transform="Insert">
<certificateReference x509FindType="FindByThumbprint" findValue="AAAAAAAAAAAAAAAAAAAAAAAAAAA" storeLocation="LocalMachine" storeName="My" />
</serviceCertificate>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="https://myacs.accesscontrol.windows.net/v2/wsfederation" realm="https://abc.cloudapp.net/" requireHttps="true" xdt:Transform="Replace" />
<cookieHandler requireSsl="true" xdt:Transform="Replace" />
</federatedAuthentication>
</service> </microsoft.identityModel>