When migrating internal applications to the cloud it is no longer possible to hide behind firewalls and windows authentication. Care needs to be taken to make sure your applications are secure. This talk will be based on a real-life example of migrating an application from an internal windows authentication style environment to the cloud. We will start with a simple WCF service that uses netTcpBinding with windows auth and change the bindings to use a Federation server via the Azure Access Control Service (ACS). Care will be taken to compare the authentication methods. Additionally different configurations of the bindings will be explored to cover a number of security implementations (For instance the differences between certificate encryption of your tokens or just running them over SSL).