Running WIF Relying parties in Windows Azure

23 ביולי 2012

When running in a multi server environment like windows azure it is required to make sure the cookies generated by WIF are encrypted with the same pair of keys so all servers can open them. Encrypt cookies using RSA In Windows Azure, the default cookie encryption mechanism (which uses DPAPI) is not appropriate because each instance has a different key. This would mean that a cookie created by one web role instance would not be readable by another web role instance. This could lead to service failures effectively causing denial of the service. To solve this problem...
tags: , ,
2 comments

How to use the new Distributed Cache (SDK 1.7) for Asp.Net Session State

22 ביולי 2012

Until today AppFabric Distributed cache was used to host Azure web roles Asp.Net Session state. Unfortunately there were many problems with AppFabric Azure Distributed Cache: It was VERY expensive. It was not available in all Data Centers. It was slow. Fortunately in the new SDK (1.7) we have the opportunity to use our resources (i.e. roles) to host the distributed cache cluster and get a free and performant cache. So lets see how to use it to host asp.net session: 1. For each...
4 comments

Production Debugging Videos

18 ביולי 2012

I gave a debugging course today and one of my students asked for recommended resources so I did some searching and I found this series of videos: .NET Debugging Starter Kit for the Production Environment, Part 1 .NET Debugging Starter Kit for the Production Environment, Part 2 .NET Debugging Starter Kit for the Production Environment, Part 3 .NET Debugging Starter Kit for the Production Environment, Part 4 .NET Debugging Starter Kit for the Production Environment, Part 5 .NET Debugging Starter Kit for the...
tags:
5 comments

Chrome Support for ACS with ADFS 2.0 Identity Provider

16 ביולי 2012

When using Windows Azure's Access Control Service (ACS) to perform user authentication against an Active Directory Federated Service (ADFS) endpoint everything works well when using IE However, when using Chrome or Firefox the site continually prompts for credentials over and over again. Why? Turns out, the ADFS website that performs authentication of users (this website gets setup in IIS during the installation of ADFS v2.0) is by default configured for Integrated Windows Authentication (IWA). IWA is configured in IIS to use Extended Protection for Authentication (EPA) and therein lies the problem. Apparently, most other browsers don't...
tags: , ,
2 comments

Upload to Shared Access Signature blob using WebClient (REST API)

14 ביולי 2012

I want asked by a client how to upload a blob (Put blob) to a SAS (Shared Access Signature) blob using the REST Api. Here is a simple code snippet demonstrating that using WebClient. class Program { private static CloudBlobContainer m_container; static void Main(string args) { try { var m_StorageAccount = CloudStorageAccount.DevelopmentStorageAccount; var m_BlobClient = m_StorageAccount.CreateCloudBlobClient(); m_container...
tags: ,
2 comments

ACS and OAuth 2.0

10 ביולי 2012

I was asked by a customer about the OAuth 2.0 endpoint in the ACS management portal. Well ACS can participate in the OAuth Dance. Its role is to produce authorization code for the user's resource and then produce the actual access token that will enable a client application to access the user's resources at the resource server. There is a demo provided by the ACS team demonstrating OAuth delegation with ACS. I found a very good blog post explaining the OAuth flow of the sample in great details. I recommend to view the following 10m...
tags: , ,
no comments

How web roles can behave like a worker roles

5 ביולי 2012

The main difference between web and worker roles is the fact that web roles lives in IIS and so they are running in an application pool. Application pools are going down every X minutes (default is 20) if no request arrived. This is problematic for periodic tasks. For example: If you want a timer to live for a long time and periodically send triggers the application pool must not recycle. The other day I read a blog post by Steve marx that describe how easy it is to make sure the application pool will not recycle. All...
tags: ,
one comment