Implementing federated security with Azure Access Control Service

I believe it is time for a really heavy blog post, and if you have ever read one of my other blog posts you are probably getting scared now. My posts are normally big, but this might actually be even bigger… Sorry! But it is an interesting topic with many things cover…

But before we can start looking at code, there are 2 things I want to do. First of all, I want to thank my colleague Robert Folkesson (warning, blog in Swedish) for getting me interested in this topic, and for showing me a great introduction.

And secondly, I want to give a quick run-through of what federated security and claims based authentication means…

Federated security means that an application relies on someone else to handle user authentication, for example Windows Live or Facebook. These identity providers are responsible for authenticating the user, and returning a token to the application, which the application can use to perform authorization.

More...

Configuring Azure Applications

Configuring your application when running in Azure can be a little confusing to begin with, I agree. However, it isn’t really that complicated as long as you understand what config goes where and why.

In Azure, you have 3 places that affect your configuration. Actually it is in more places than that if you count machine.config files and stuff like that, but I’ll ignore that now… And to be honest, it is only 2 places, but you need to tweak 3 places to get it to work…

When you create a new Azure web application project, you get 2 projects in your solution, one “cloud project” and one Web Application Project for example, and both have some form of configuration going.

More...

We need AI now! Even Arnold will do!

Earlier this week, I got a link to a blog post that I for some reason just loved. I also managed, for some reason, to etch itself in the back of my mind. It is about the fact that due to human nature, and the that we have pretty much secured our survival and don’t need to fight to survive anymore, we are turning into a self-destructive and delusional species that try to turn unimportant things into important things just to give ourselves a reason to exist.

My short version of it however doe not do it any justice, so I suggested heading over and reading it in full here: http://phirate.posterous.com/weve-been-alone-too-long

It sort of sat there in the back of my mind, gnawing a little on me ever so often, until I found this: https://secure.mysociety.org/admin/lists/pipermail/developers-public/2011-October/007647.html

More...

A somewhat hidden WCF Test Client feature

Lately I have been working on an Azure project for a client (if you haven’t noticed from my Azure-centric blog posts as of late). A part of this, we have built a WCF service that exposes the functionality that we need. However, we are not actually building a client, only the service. So we don’t have a great way of testing the service. This is obviously where the “WCF Test Client” comes in.

For those of you who don’t know what this is, it is a small client that hooks up to any available service and creates a proxy for you. You can then use this proxy through the interface and call your service.

More...

Dynamic IP-address filtering for Azure

Putting applications in the cloud is great, and offers a lot of benefits (as well as some complications). We get great scalability, elasticity, low cost of ownership etc. One problem however, is that the cloud is very public. I guess this isn’t a problem in most cases, but if what you are putting up there is supposed to be secret, or at least needs to limit who gets to use it, it becomes an issue.

I am currently working on a project like this. I am not going to talk about the project as such as it is under NDA, but the fact that it is is a service in the cloud that should only be used by certain clients is not uncommon.

The service has a front end that consists of WCF services, hosted in a web role, which is what we need to secure. The worker roles behind the web roles are by default secure as they do not communicate with the outside world at all.

More...

Windows Azure Service Bus - Lost in Intro

I have recently posted a few posts on how to use some of the new features of the Azure Service Bus. They seem to have been somewhat popular, which is fun. They are however very light weight introductions, and not that I am going to dig a whole lot deeper at the moment, but there are a few little things I want to mention.Mainly around brokered messages.

As you know from the previous posts, a brokered message, is a message that is sent to the bus from a client, and picked up by a service at some point. The message can contain a body, which could be more or less any class that you would like, as well as metadata about the message. The only thing to remember with those things, is the fact that the message size is limited to 256kb.

More...

Using the Windows Azure Service Bus - Topics and Subscribers

I guess it is time for another Azure Service Bus post. The previous ones has been relatively popular, so I thought I would do one more post to cover one last feature in the bus. (I say one last now, but I am pretty sure I will be back…)

Topics and subscribers are the basic units behind the Service Bus implementation of the pub/sub pattern. And as expected from a “simple” pattern like this, it should be simple to implement, and it is. The basics would be, create a topic, add subscribers that subscribe to messages from the topic, and finally push some messages to the topic, which are then relayed to the subscribers. Simple as…

More...

Weird bug/feature in Visual Studio 2010

As I was working with some of my demo code for the Azure posts I have been putting up lately, I came across a very odd thing. I had a solution with several projects that built and worked perfectly fine. I did however need to make some changes to the solution before zipping it up and putting it on my blog. So I made a copy of the solution folder, removed my source control bindings and everything else that shouldn’t be in the zip.

Before zipping it up, I thought I would just make sure it built ok after my changes, which it obviously should as I made no code changes. So I loaded the solution into Visual Studio and everything looked fine. But pressing Ctrl+Shift+B made Visual Studio cough and tell me that XXX was not available in namespace YYY, which is really odd as I had made no code changes.

More...

Using the Windows Azure Service Bus - Queuing

I guess it is time for another look at the Azure Service Bus. My previous posts about it has covered the basics, message relaying and relaying REST. So I guess it is time to step away from the relaying and look at the other way you can work with the service bus.

When I say “the other” way, it doesn’t mean that we are actually stepping away from relaying. All messages are still relayed via the bus, but in “the other” case, we utilize the man in the middle a bit more.

“The other” way means utilizing the message bus for “storage” as well. It means that we send  a message to the bus, let the bus store it for us until the service feels like picking it up and handling it.

There are several ways that this can be utilized, but in this post, I will focus on queuing.

More...

Using Azure Service Bus relaying for REST services

I am now about a week and a half into my latest Azure project, which so far has been a lot of fun and educational. But the funky thing is that I am still excited about working with the Service Bus, even though we are a week and a half into the project. I guess there is still another half week before my normal 2 week attentions span is up, but still!
So what is so cool about the bus, well, my last 2 posts covered some of it, but it is just so many cool possibilities that open up with it.
This post has very little to do with what I am currently working on, and to be honest, the sample is contrived and stupid, but it shows how we can use REST based services with the bus.