My Talk in the SDP 2013

יום שני, מאי 6, 2013

Today I spoke about web identities and about Azure data sync. In the web identities talk I spoke about the identity concept and about the open ID, SAML and OAuth standards. In the Azure data sync talk I spoke about the value of sync, the Microsoft synchronization framework (MSF) and the Azure data sync service (which is based on MSF) Tomorrow I will speak about cryptography in .Net and explore different types of encryption algorithms and signing APIs. You can find the slide deck here: Web Idenytities ...
one comment

Subscribe to Windows Azure Using Your Organization ID

יום שני, אפריל 29, 2013

Until recently, you could only sign up for a new Windows Azure subscription using your Microsoft account (LiveID) It means that your administration account is governed by a private user account. This is a major security threat. The account credentials are simple user name and password (which could be easily stolen) No “Multi factor authentication” is possible No policy and management is enforced on the administration identity All this is changing now with Windows Azure Active Directory (WAAD) Now you can Sign-In to...
2 comments

Uploading Large Files to Blob Storage

יום שני, אפריל 22, 2013

It you will try to upload a large file (2Mb and larger) to blob storage it is likely that you will get the following timeout exception: “StorageServerException : Operation could not be completed within the specified time.” The solution is to do things in parallel. Fortunately blob storage has a simple API for parallel upload. blobClient.ParallelOperationThreadCount = 20; To use it it is required to open the max number of outgoing connection using ServicePointManager.DefaultConnectionLimit The following method will demonstrate that: Code Snippet public static void LoadLargeBlob(string storageAccountName, string storageAccountKey)         {             ServicePointManager.DefaultConnectionLimit...
tags: ,
no comments

New Azure Improvements

יום שני, דצמבר 24, 2012

On December 21th Microsoft released important improvements for its Azure services which include the following: Mobile Services: Job scheduler support, Europe Region Support, Command Line Support Web Sites: Ability to scale up to 6 shared instances and 10 reserved VMs, integrated source control in custom create wizard SQL Data Sync: Now supported in the new HTML portal ACS Management: Now supported in the new HTML portal Media Services: New job and task management, blob storage support, reserved compute Virtual Network:...
tags: ,
no comments

Where is Azure’s previous portal?

יום רביעי, נובמבר 7, 2012

Few days ago the new portal was upgraded. The service bus was maid available (and few other new features) but the CTP announcements and the link to the previous portal was removed. Unfortunately as for today not all Azure features are available in the new portal, so the previous portal is still required. For example to use ACS or Data Sync we have to use the previous portal. To access the previous portal click on your name: Then a new menu will be opened, and a...
tags:
no comments

Connecting Cloud Services to Azure Virtual Network

יום רביעי, אוקטובר 10, 2012

A customer asked me if it is possible to connect cloud services to azure virtual network. When creating a new virtual machine we specify the network to be used but when creating a new cloud service the portal does not provide a method to connect the new cloud service to an existing virtual network. Well It is possible !!! Michael Washam wrote a nice blog about it. The Idea is to put NetWorkConfiguration in the config file (.cscfg) of your deployment. Enjoy Manu
tags: ,
no comments

Running WIF Relying parties in Windows Azure

יום שני, יולי 23, 2012

When running in a multi server environment like windows azure it is required to make sure the cookies generated by WIF are encrypted with the same pair of keys so all servers can open them. Encrypt cookies using RSA In Windows Azure, the default cookie encryption mechanism (which uses DPAPI) is not appropriate because each instance has a different key. This would mean that a cookie created by one web role instance would not be readable by another web role instance. This could lead to service failures effectively causing denial of the service. To solve this problem...
tags: , ,
2 comments

Chrome Support for ACS with ADFS 2.0 Identity Provider

יום שני, יולי 16, 2012

When using Windows Azure's Access Control Service (ACS) to perform user authentication against an Active Directory Federated Service (ADFS) endpoint everything works well when using IE However, when using Chrome or Firefox the site continually prompts for credentials over and over again. Why? Turns out, the ADFS website that performs authentication of users (this website gets setup in IIS during the installation of ADFS v2.0) is by default configured for Integrated Windows Authentication (IWA). IWA is configured in IIS to use Extended Protection for Authentication (EPA) and therein lies the problem. Apparently, most other browsers don't...
tags: , ,
2 comments

Upload to Shared Access Signature blob using WebClient (REST API)

יום שבת, יולי 14, 2012

I want asked by a client how to upload a blob (Put blob) to a SAS (Shared Access Signature) blob using the REST Api. Here is a simple code snippet demonstrating that using WebClient. class Program { private static CloudBlobContainer m_container; static void Main(string args) { try { var m_StorageAccount = CloudStorageAccount.DevelopmentStorageAccount; var m_BlobClient = m_StorageAccount.CreateCloudBlobClient(); m_container...
tags: ,
2 comments

ACS and OAuth 2.0

יום שלישי, יולי 10, 2012

I was asked by a customer about the OAuth 2.0 endpoint in the ACS management portal. Well ACS can participate in the OAuth Dance. Its role is to produce authorization code for the user's resource and then produce the actual access token that will enable a client application to access the user's resources at the resource server. There is a demo provided by the ACS team demonstrating OAuth delegation with ACS. I found a very good blog post explaining the OAuth flow of the sample in great details. I recommend to view the following 10m...
tags: , ,
no comments