If you have worked with ADFS 2.0 or other claims based security models Azure’s Access Control Service (ACS) should not seem all the new to you. It is basically Azure’s hosted Secure Token Service (STS). Recently I have been building an MVC 3 application and did not want my application to be forums protected. My personal opinion is that no one wants to create one off logins on the web anymore. To solve this I decided to use MVC 3 with ACS. Adding ACS to your MVC 3 project is not very hard and is explained in a few blogs on the net ( here is a good one ). You basically just use Visual Studio’s “Add STS” functional like you would for any other STS. When you add the STS to your project it updates your web.config with information it needs for federation to work. By default it protects your entire website. This means you cannot even hit the login page without signing in. But what if I want unauthenticated people to read parts of my website, like the homepage? Well this is what I had