I'm using Azure ACS for authentication to my Web API project and it's working great with IP's such as Google and Live. I have a requirement to allow third party (partners) to develop against my API but I'm not exactly sure how to authenticate them. I'm thinking I may have to write a custom STS and manage usernames and passwords for each partner. In this scenario the partner would request an access token from my custom STS via a username/password and than use that token to access my API. Also I see Azure ACS has Service Identities, I'm wondering if I can use them in order to authenticate to my API?
Yes, you can.