Application security auditing and logging

26 במרץ 2012

Auditing is one of the main pillars of security policies. The question is how to do it wisely The infrastructure can log almost everything. For example access to files, registry keys databases etc. The problem is that the infrastructure has no knowledge about the application use cases. It means that the context for these logs is missing. Let us ask what is the purpose of auditing? The trivial reason is to collect information that will be useful in case of a problem, yet how do you know that there is a problem after all? Auditing can...
no comments

Http error 405 when calling STS

18 במרץ 2012

I wrote a simple example for demonstrating delegation with Windows Identity Framework (WIF). I created a simple web site that used a simple custom STS for authentication. The web site called another web service to calculate a simple calculation (calculator). The web site used passive federation using a simple asp.net STS. SOAP Web service in general can only use passive federation for authentication, so I created another WCF custom STS. The idea was that the web application will obtain an act-as token from the active STS using the token it received from the...
tags: , ,
9 comments

כלכלת ענן

15 במרץ 2012

Hi this post will be written in Hebrew (sorry for all English speakers) כולנו שומעים על ענן מכל כיוון אפשרי. נשאלת השאלה למה? מה עושה את הענן הזה לשם החם הבא? מה הסוד מאחורי המושג הזה? הכול מתחיל ונגמר בכסף. הסיפור הוא כלכלי. מחוק מור למדנו שכל שנתיים מערכות מכפילות את יכולתן הטכנולוגית השאלה שנשאלת מה קורה למחיר? בסביבה הטכנולוגית כיום הלקוח התרגל לא רק לקבל מערכות טובות יותר ככל שהזמן עובר, אלא גם לשלם פחות. זה מוזר מבחינה כלכלית – לקבל יותר אך לשלם פחות. הכול טוב ויפה מצדו של הצרכן...
no comments

Azure ServiceBus Topic using REST API – Part 4

12 במרץ 2012

In the three last post's we learned how to use Azure ServiceBus REST API to send and receive messages using Topics. The difference between Queues and Topics is the fact that with topics different customers can receive different messages according message filtering which is deployed as filtering rules on the subscription. MSDN describe the following about topics and rules: Topics extend the messaging features provided by Queues with the addition of Publish-Subscribe capabilities. Each Subscription can define one or multiple Rule entities. Each Rule specifies a filter expression that is used to filter messages that pass through the subscription and a...
102 comments

Azure ServiceBus Topic using REST API – Part 3

11 במרץ 2012

In the last two posts we showed how to use the Azure ServiceBus service bus REST API to send a message to a topic. In this post we will see how to listen on a topic and receive a message. There are two options: 1. Receive a message and delete it from the topic. Receive and Delete public static T ReceiveAndDeleteMessage<T>(string serviceNamespace, string topicName,     string subscriptionName, string token) where T : class {     var address = string.Format("https://{0}.{1}/{2}/subscriptions/{3}/messages/head?timeout=10",         serviceNamespace, sbHostName, topicName, subscriptionName);     WebClient webClient = new WebClient();     webClient.Headers = token;     byte response = webClient.UploadData(address, "DELETE", new byte);    ...
9 comments

Azure ServiceBus Topic using REST API – Part 2

8 במרץ 2012

In the last post I described why to use REST API when working with Azure service bus and demonstrated how to create a topic and subscription. In this post we will actually send a message to the topic. When sending a http request with a message to a topic we have to provide two special headers 1. Authorization header with the token we received from ACS 2.  BrokerProperties with Json serialization of metadata of metadata about our message. To do that let us create a special class that will help us represent and serialize the metadata. Broker Properties /// <summary> /// Container for general...
7 comments