Building a simple custom STS using VS2012 & ASP.NET MVC

In my previous post, I walked through how “easily” one can take advantage of claims based authentication in ASP.NET. In that post, I switched out the good old forms authentication stuff for the new FedAuth stuff. In this post, I want to take it a step further and actually federate my security, but instead of just using the Windows Azure ACS’s built in identity providers, I want to build a very simple one of my own.

A lot of the solution is based on the STS project that we could get by using VS2010 and the WIF SDK. However, this project was a Web Site project using Web Forms, and I really wanted a MVC version for different reasons.

If you are fine with using VS2010 and the WIF SDK, adding a custom STS is really easy. Just create a new web project, right-click the project and choose “Add STS Reference…” and then, walking through the wizard, there will be a step that offers you to select an STS. In this step, you choose “Create a new STS project…”, which will generate a custom STS project that you can modify to your needs. Unfortunately, that option isn’t available in VS2012. Using the “Identity and Access” add-on, you are only allowed to connect to an existing STS, the ACS or a local test STS, not an STS project.


Claims-based identities in ASP.NET MVC 4.5 using the standard ASP.NET providers

Lately I have done a bit of work with claims-based identities. Most of it has been about doing federated security using the Windows Azure Access Control Service. However, I have also been working with a client that wanted claims-based identity management without federating it. For the moment, they just want to run locally, but they want to be prepared for a future where they might expand and move to a federated paradigm. And also, the way that they handle multitenancy is a perfect fit for claims…

Interestingly enough, working through their scenario, I found that there is a lot of information on the web about how to set up claims-based identity management using federation, but there is not a whole lot around for running it locally… It might not be that surprising considering that federated security has some really good points. Having been faced with this lack of information, I had to come up with a solution on my own, and building on what I built for them, I decided to create an extended example…


Compressing messages for the Windows Azure Service Bus

As a follow up to my previous post about encrypting messages for the Service Bus, I thought I would re-use the concepts but instead of encrypting the messages I would compress them.

As the Service bus has limitations on how big messages are allowed to be, compressing the message body is actually something that can be really helpful. Not that I think sending massive messages is the best thing in all cases, the 256kb limit can be a little low some times.

Anyhow… The basic idea is exactly the same as last time, no news there…but to be honest, I think this type of compressions should be there by default, or at least be available as a feature of BrokeredMessage by default… However, as it isn’t I will just make do with extension methods…


Encrypting messages for the Windows Azure Service Bus

A week ago I ran into Alan Smith at the Stockholm Cental Station on the way to the Scandinavian Developer Conference. We were both doing talks about Windows Azure, and we started talking about different Windows Azure features and thoughts. At some point, Alan mentioned that he had heard a few people say that they would like to have their BrokeredMessages encrypted. For some reason this stuck with me, and I decided to give it a try…

My first thought was to enherit the BrokeredMessage class, and introduce encryption like that. Basically pass in an encryption startegy in the constructor, and handle all encryption and decryption inside this subclass. However, about 2 seconds in to my attempt, I realized that the BrokeredMessage class was sealed. An annoying, but somewhat understandable  decision made by Microsoft. Ok, so I couldn’t inherit the class, what can you do then? Well, there is no way to stop me from creating a couple of extension methods…


SDC 2013 Service Bus Talk Demo Code

Yesterday I did a talk about the Widnows Azure Service Bus at the Scandinavian Developer Coneference in Gotheburg. As a part of that, I promised to make all the code I demoed available here on my blog, so here it is. The only thing you need to do to be able to run it is to set up a new Service Bus service in the Azure portal, and the copy the namespace and key into the App.config file available in the “Shared” folder.

The App.config in the “Shared” folder is shared throughout all the projects in the solution, so you only need to change it in that single file. The code will however default to use the “owner” account, which I made pretty clear during the talk that you shouldn’t use. But for a demo like this, it will have to do.

Code: GetOnTheBus - Demo (314.08 kb)

Tech-knowledge in approximately 100 pages

A while back a company called Syncfusion contacted me and asked me if I would be interested in trying out one of their Metro Studio, which is a brilliant tool for anyone doing “Modern UI” development (WP7/8 or Windows 8 Store applications). It is basically a massive icon library that fit straight into the Modern UI look and feel, and offers some cool abilities to resize them and so on. And to be completely honest, if I did a bit more WP dev than I am at the moment, I would not want to spend a day with out it. As soon as I do any WP8 development, I keep starting it up to quickly get some icons for my app.

However, that is NOT the reason I am doing this blog post… While browsing around their website looking for a simple way to download Metro Studio after a re-install of my machine, I stumbled upon a “Resources” section of their web, which is great. It includes a bunch of free whitepapers about different things, as well as a bunch of free e-books.


Fileuploads through Windows Azure Mobile Services - take 2

So a couple of weeks ago I posted this blog post on how to upload files to blob storage through Mobile Services. In it, I described how one could do a Base64 encoded string upload of the file, and then let the mobile service endpoint convert it and send it to blob storage.

The upsides to this is that the client doesn’t have to know anything about where the files are actually stored, and it doesn’t need to have blob storage specific code. Instead, it can go on happily knowing nothing about Azure except Mobile Services. It also means that you don’t have to distribute the access keys to your storage together with the application.

I did however mention that there was another way, using shared access signatures (SAS). Unfortunately, these have to be generated by some form of service that has knowledge of the storage keys. Something like a Azure compute instance. However, paying for a compute instance just to generate SASes (plural of SAS…?) seems unnecessary, which is why I opted to go with the other solution.


A way to upload files to Windows Azure Mobile Services

Ok, so it is time for another Mobile Services post I believe. My previous posts about the subject has covered the basics as well as authentication when it comes to Mobile Service. But so far, I have only been doing the most simple tasks, such as added and read data from a SQL Database. However, I have mentioned that Mobile Services is supposed to be sort of a layer on top of more of Microsoft’s cloud offering like for example the Service Bus, storage etc. So in this post, I want to demo how you can utilize Mobile Services to upload files to blob storage.

There are probably a lot of different ways to do this, but 2 stood out for me. The one I am about to describe, using public containers, as well as using shared access signatures (SAS). So before going about it “my way”, I am going to explain SAS, and why I don’t like it even though it might be a “cleaner” way to do it.


Authenticating users in Windows Azure Mobile Services

In my previous post about Mobile Services, I talked about how to get started with the service. I also promised that I would follow up with a post about how to authenticate the users, so that is what this post is going to be about.

You currently have 4 different options when it comes to authentication, Microsoft ID (previously Live ID), Facebook, Twitter and Google. They are all 3rd party services, and requires your users to have accounts with one of the providers. Luckily, most users already do. And the neat thing about using 3rd party authentication is that you don’t have to care about handling sensitive data such as usernames and passwords. And leaving that to someone else is making your life a lot less complicated. Not to mention that having Mobile Services handle all of the actual interaction with them makes your life ridiculously simple, as you will see.


Code from the Sweden Azure User Group presentation this week

Ok guys, here is the code that I used during the SWAG presentation this week. I promised to get it on-line before the end of the week, and it seems like that actually happened. Yay!

It includes the client end of it, as well as th escripts needed on the server end. Just remember that you need to configure your accounnt details in App.xaml.cs, sign up for SendGrid if you want to send e-mails, and configure the storage account settings in the images insert script.

Any questions? Just ask!

Code: SWAG (76.73 kb)