You are designing a plan for migrating an application to the Windows Azure platform.
All users authenticate by using their Active Directory Domain Services (AD DS) credentials.
The Windows Azure application must provide single sign-on (SSO) for domain-authenticated users.
You need to recommend an authentication type for the service endpoint behavior.
What should you recommend?

A.
SAML credential

B.
Windows authentication

C.
Shared secret credential

D.
Microsoft Challenge Handshake Authentication Protocol (MSCHAP)

Explanation:
The Windows Azure AppFabric Service Bus uses a class called TransportClientEndpointBehavior to specify the credentials for a particular endpoint. There are four options available to you: Unauthenticated, SimpleWebToken, SharedSecret, and SAML. For details, take a look at the CredentialType member.

The CredentialType property specifies which authentication method will be used on the endpoint. The possible values for this property are as follows:

* Saml: this option specifies that the client credential is provided in the Security Assertion Markup Language (SAML) format, over the Secure Sockets Layer protocol.This option requires that you write your own SSL credential server.

* SharedSecret: This option specifies that the client credential is provided as a self-issued shared secret that is registered with Access Control through the Windows Azure portal. This option requires no additional settings on the Credentials property.

* SimpleWebToken: This option specifies that the client credential is provided as a self-issued shared secret that is registered with Access Control through the Windows Azure portal, and presented in the emerging industry-standard format called simple Web token (SWT). Similar to the shared secret option, this option requires no additional settings on the Credentials property.

* Unauthenticated: This option specifies that there is no client credential provided. This option avoids acquiring and sending a token. It is used by clients that are not required to authenticate, based on the policy of their service binding. Note that this setting might leave data nonsecure if not used together with another security measure.