ACSAndWindowsPhone7
ACSV2Federation
Advanced Web and Worker Roles
-Exercise1: Registering Sites, Applications, and Virtual Directories
-one web role can host multiple sites base on different "hostHeader"
<Sites>
<Site name="Fabrikam"physicalDirectory="..\SampleWebApp">
<Bindings>
<Binding name="HttpIn"endpointName="HttpIn" hostHeader="www.fabrikam.com" />
</Bindings>
</Site>
<Site name="Contoso"physicalDirectory="..\SampleWebApp">
<Bindings>
<Binding name="HttpIn"endpointName="HttpIn" hostHeader="www.contoso.com" />
</Bindings>
</Site>
-Exercise2: Using Start-Up Tasks to Register a COM Component
-Exercise3: Using Start-Up tasks to install PHP with the Web Platform Installer
BuildingASPNETAppsWithWindowsAzure
-Exercise2: Using the Azure ASP.NET Providers with MVC Applications
-Task1 – Configuring Authenticated Access to the Application
-decoratethe class with an Authorize attribute. This configures the application to requireauthenticated access for every available action on this controller.
-Task2 – Configuring Membership Support Using the AzureTableStorageMembershipProvider
-Task3 – Configuring Role Support Using the Azure TableStorageRoleProvider
-Task4 – Configuring Session Support Using the Azure TableStorageSessionProvider
ConnectingAppsWithWindowsAzureConnect
-Install Local Endpoint
-Application
-Configweb.config to connect to "ComputerName/SQLExpress,1433"
<addname="CustomersEntities" connectionString="metadata=res://*/Customers.csdl|res://*/Customers.ssdl|res://*/Customers.msl;provider=System.Data.SqlClient;providerconnection string="Data Source=COMPUTERNAME\SQLEXPRESS,1433;InitialCatalog=Customers;Persist Security Info=True;User ID=labUser;Password=Passw0rd!;MultipleActiveResultSets=True""providerName="System.Data.EntityClient" />
-PrepareSQL Express
-AllowRemote Connect
-SQLServer Browser service is diabled
-TCP/IPpotocal is enable
-TCP/IPport is 1433
-Firewall:open inbound tcp port 1433
-CreateGroup
-Connectfrom local machine to Azure Connect
SQL Azure Data Sync
-Adding aSQL Azure Database Sync Hub
SQLAzure Data Sync uses a hub/spoke topology. The hub is the central database in aSync Group and must be a SQL Azure database. It is best if the hub is either(a) in the same data center (when databases are not geographically disbursedor, (b) in the location most central to the other databases. The two mostsignificant factors in selecting a hub database is latency and cost. Choosing ahub database that is close to the majority of your data traffic minimizes bothlatency and cost.
Oncethe hub is set, it cannot be changed to a different database or removed. Datachanges in member databases are written to the hub database or discarded inaccordance with the Conflict Resolution policy. After all the member databaseshave sent their changes to the hub, the hub then write changes to all themember databases.
DataSync Service topology supports the following scenarios:sync between the Enterprise and the Cloud,and sync between the Cloud and the Cloud. Once the hub database is added to async group, other databases can be added to or removed from the sync group at any time, as business needs dictate
-Adding aSQL Azure Database to Sync
-Adding anOn-Premise SQL Server Database to Sync
-EachSQL Server database must be registered through a Client Sync Agent before itcan be added to a sync group
-SQLAzure Data Sync Preview
-Selectthe Conflict Resolution policy to determine what data is kept and what data islost whenever the same record is changed in different databases
-Deploythis sync group to SQL Azure
SQL Azure Tips and Tricks
-ManagingConnections – Logging SessionIds
-using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText= "SELECT CONVERT(NVARCHAR(36), CONTEXT_INFO())";
stringcontextInfo = (string)cmd.ExecuteScalar();
sessionId= new Guid(contextInfo);
}
-Supportability– Usage Metrics
-CalculatingSQL Azure Bandwidth Costs
-sys.bandwidth_usage
-cmd.CommandText= "SELECT direction, sum(quantity) / (1024 * 1024) AS quantity " +
"FROM sys.bandwidth_usage " +
"WHERE time >= @monthStart AND class= 'External' " +
"GROUP BY direction";
-CalculatingSQL Azure Database Costs
-sys.database_usage
- cmd.CommandText = "SELECT quantity "+
"FROM sys.database_usage " +
"WHERE time = @time AND sku = @sku";
-SKU:Business or Web
Part 1: Introduction to the AppFabric Service Bus
-Getting aBasic Client and Service Working
- // create the service URI based on theservice namespace
Uriaddress = ServiceBusEnvironment.CreateServiceUri("sb",
serviceNamespaceDomain, "EchoService");
-Connectinga WCF Service in IIS 7.5 to the Service Bus
-<endpointaddress="sb://ncshubsb.servicebus.windows.net/CalculatorServiceNetTcp/"behaviorConfiguration="sharedSecretClientCredentials"binding="netTcpRelayBinding" bindingConfiguration="NetTcpRelayEndpointConfig"name="RelayEndpoint"contract="IISHostedCalculatorService.ICalculatorService" />
-MulticastMessaging through the Service Bus
-netEventRelayBinding
-enablesmultiple listeners and senders at a single URI. Every actor is both a listenerand a sender at the same time.
??Service Remoting With AppFabric Service Bus
-Using theService Bus to Host Services Remotely
-ConfiguringAccess Control Service for Authentication
-AddService Identity
-EditRule Group
-AddClaim Rule
Anissuer in Access Control Service represents a trusted application. Using ACS,you can create rules to map incoming claims, from trusted identity providers,into claims issued by ACS that an application or service consumes. Morespecifically, in the case of the Service Bus, these rules map the identity ofthe issuer into a series of claims that Service Bus uses to determine whichactions the issuer is allowed to perform. For example, aListen claim issued byAC allows an application to expose services on the Service Bus, while aSendclaim allows it to send messages.
Part 2: Introduction to the Windows Azure Service Bus
-Bindings,Connection Modes and MEX Endpoints
-ConnectionMode
-Relayed
-Configuresthe binding to use the relay to exchange messages between the client and theservice. This is the default connection mode.
-Hybrid
-Hybridconnection capabilities - After establishing a relayed connection, it switchesautomatically to a direct, non-relayed connection whenever possible. A direct connectionmode between the client and the service is an optimization of the Relayed modebecause it attempts to bridge a direct connection between the sender andreceiver, if possible.
-Changingthe Windows Azure Service Bus Binding
-Exposing aMetadata Endpoint
-REST-BasedAccess and Binary Data
- <system.serviceModel>
<bindings>
<!-- Application Binding -->
<webHttpRelayBinding>
<bindingname="lab">
<!-- Turn off client authentication sothat client does not need to present credential through browser or fiddler-->
<securityrelayClientAuthenticationType="None" />
</binding>
</webHttpRelayBinding>
</bindings>
<services>
<!-- Application Service -->
<servicename="RestService.ImageService"
behaviorConfiguration="default">
<endpointcontract="RestService.IImageContract"
binding="webHttpRelayBinding"
bindingConfiguration="lab"
behaviorConfiguration="SharedSecretCredentials" />
</service>
</services>
<behaviors>
<endpointBehaviors>
<behaviorname="SharedSecretCredentials">
<transportClientEndpointBehaviorcredentialType="SharedSecret">
<clientCredentials>
<sharedSecretissuerName="[YOUR-ISSUER-NAME]"issuerSecret="[YOUR-ISSUER-KEY]" />
</clientCredentials>
</transportClientEndpointBehavior>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behaviorname="default">
<serviceDebughttpHelpPageEnabled="false"httpsHelpPageEnabled="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<extensions>
<behaviorExtensions>
<addname="transportClientEndpointBehavior"type="Microsoft.ServiceBus.Configuration.TransportClientEndpointBehaviorElement,Microsoft.ServiceBus, Version=1.6.0.0, Culture=neutral,PublicKeyToken=31bf3856ad364e35" />
</behaviorExtensions>
<bindingExtensions>
<addname="webHttpRelayBinding"
type="Microsoft.ServiceBus.Configuration.WebHttpRelayBindingCollectionElement,
Microsoft.ServiceBus,
Version=1.6.0.0, Culture=neutral,PublicKeyToken=31bf3856ad364e35" />
</bindingExtensions>
</extensions>
</system.serviceModel>
-MessageBuffers
-MessageBufferPolicy
-MessageBufferClient
-TypedMessageConverter
-TransportClientEndpointBehavior
-Send
- MessageBufferClient messageBufferClient =
MessageBufferClient.GetMessageBuffer(endpointBehavior,messageBufferUri);
TypedMessageConverter orderConverter =TypedMessageConverter.Create(typeof(Order), "SubmitOrder");
var message = orderConverter.ToMessage(order);
messageBufferClient.Send(message);
-Peek
-MessageBufferClientmessageBufferClient = EnsureMessageBufferExists(endpointBehavior,messageBufferUri, ref messageBufferPolicy);
TypedMessageConverterorderConverter = TypedMessageConverter.Create(typeof(Order),"SubmitOrder");
Messagemessage = messageBufferClient.PeekLock();
messageBufferClient.ReleaseLock(message);
-Process
-MessageBufferClientmessageBufferClient = EnsureMessageBufferExists(endpointBehavior,messageBufferUri, ref messageBufferPolicy);
TypedMessageConverterorderConverter = TypedMessageConverter.Create(typeof(Order),"SubmitOrder");
Message message =messageBufferClient.Retrieve();
messageBufferClient.DeleteMessageBuffer();
Eventing through netEventRelayBinding
-In anattempt to improve the experience of the nation’s commuters, Nationwide NewsCorporation intends to install electronic news tickers in subway trains, taxisand buses all over the country. To achieve this, Nationwide News Corp willemploy the AppFabric Service Bus. It will provide a service contract for alldeployed tickers to implement. Each ticker deployment will host a serviceresponsible for receiving and displaying news; each deployment hosts thisservice with the same endpoint URL.
When a newpiece of news is ready for broadcast, Nationwide News Corporation (The sender)will open a channel to the deployments endpoint URL, and broadcast the news toall receivers listening at that endpoint.BecausenetEventRelayBinding is used,the Service Bus will deliver the news item to any registered open host with thecorrect endpoint URL in a multicast fashion.
Some of thenews ticker deployments will not have a stable internet connection, and as aresult, they are not guaranteed to receive broadcasted news. To solve this,National News Corporation will use a new feature of the Service Bus:MessageBuffers. In addition to broadcasting the news via netEventRelayBinding, newswill also be added to a message buffer at a named endpoint. Messages added tothis buffer exist for a specified period.
TheNationwide News Corp newsroom receives news items from its reporters around theworld. It has decided to use the Service Bus so its reporters can connect toand report news back to the newsroom regardless of their location. When theNational News Corporation receives news from its reporters, it will thenbroadcast this news to all the deployed news tickers.
Deploying Applications in Windows Azure
-UsingPowerShell to Manage Windows Azure Applications
-Generatinga Self-Signed Certificate (Optional)
-cmd>>makecert-r -pe -n "CN=AzureMgmt" -a sha1 -len 2048 -ss My"AzureMgmt.cer"
Introduction to the AppFabric Access Control Service 2.0
-Use AccessControl Service for Accepting Users from Multiple Identity Providers
-Signing-upfor Windows Azure AppFabric Access Control Service and Creating the ServiceNamespace
-AddIdentity Providers
-AddRelying Party Applications
-GenerateRule: Default Rule Group for WebsiteACS
-Copy"WS-Federation Metadata" from Application integration
-Configuringa Website to Accept Tokens from Access Control Service
-AddSTS reference
-Use Claimsfor Authorizing Users
-RuleGroup => Add new Rule
-baseon Input claim type (nameidentifier) & Input claim value
-ThenOutput claim type(role) & Output claim value (administrator)
-if (Thread.CurrentPrincipal.IsInRole("Administrator"))
{
this.SecretContent.Visible= true;
}
-Takecontrol of the Sign-In experience
-Addlocation authorization for new login page
<locationpath="WebSiteACSLoginPageCode.html">
<system.web>
<authorization>
<allowusers="*"/>
</authorization>
</system.web>
</location>
-Changeissuer in web.config
<microsoft.identityModel>
<servicesaveBootstrapTokens="true">
...
<federatedAuthentication>
<wsFederationpassiveRedirectEnabled="true"issuer="https://localhost/WebSiteACS/WebSiteACSLoginPageCode.html"realm="https://localhost/WebSiteACS/" requireHttps="true"/>
<cookieHandlerrequireSsl="true"/>
</federatedAuthentication>
Use ACS to Federate with Multiple Business IdentityProviders
-AddIdentity Provider
-WS-Federation identity provider
ACSis able to broker authentication with many different types of identityproviders.Web IPs such as Windows Live ID, Google, Yahoo and Facebook are allservices available on the public internet, defined by the address of their STS(or equivalent), the set of attributes (claims) they share about their usersand the authentication protocol they use.
BusinessIPs, conversely, behaves in a slightly different way. Every company will haveits own STS address, will share different claims about their users, and so on.In ACS you can add multiple business IPs: one of the advantages of ACS isexactly that it can help you to manage many trust relationship withoutburdening your application code.
Asof today, the protocol that ACS uses for handing business IPs for webapplications is WS-Federation. On the Windows platform the standard way ofexposing an STS is usingActive Directory Federation Services 2.0
Introduction to Windows Azure Marketplace for Data
-Consuming Marketplace Data and Services via Managed Code
STS :Security Token Service- this.serviceUri = new Uri("{replace-with-dataset-url}");
this.context = new UnitedNationsGenderInfo2007Container(this.serviceUri);
this.context.Credentials = new NetworkCredential(
"{replace-with-your-user-id}",
"{replace-with-your-key}");
query = from value in this.context.Values
where value.CountryName == "Argentina"
select value;
SAML :Security Assertion Markup Language
