Archives For acs

What is the Windows Azure Access Control Service?

June 19, 2012

The Windows Azure Access Control Service, or ACS, is probably one of the most unsung heroes of Microsoft’s PaaS/IaaS offerings. At it’s core ACS servers as a Federation Provider allowing you to decouple the authentication and authorization process from your applications. In a time when more and more web sites (i.e. LinkedIn) seemed to be getting hacked on a daily basis with confidential information exposed for all to see, the ACS can give you and your organization a level of comfort in the cloud by offloading the liabilities associated with unauthorized access to a third party while, at the same time, actually decreasing the amount of code you need to write. However understanding ACS and identity management is not an easy task at first. To help in that effort I created a short screencast where I talk about identity management terminology, how the various pieces of identity management fit together, and how ACS comes into the picture. Enjoy!

ag

In azure , , , , , , , ,
permalink

Add STS Reference Disappears from Visual Studio

June 11, 2012


(I’ve run into these issue enough times that I thought I’d do a quick post about as it can be incredibly frustrating if you don’t know how to resolve this issue.)

As you may know I do a lot of work with Azure and, in particular, the Access Control Service (ACS). I’m a huge fan of ACS because it is a great way to offload authentication and authorization from your web sites. In order secure your web sites with ACS you need to download and install the Windows Identity Foundation (WIF) runtime and sdk. Once installed, you’ll get some nice templates in Visual Studio. You’ll also get a context menu option to add a Secure Token Service (STS) reference to your web site. This is typically what you use to integrated your web sites with ACS (unless you like crafting your web configuration files by hand, which I don’t recommend.)

Every now and then, typically after I install some update or additional tools for Visual Studio, the add STS reference option disappears. As evidences in the picture below.

I can’t replicate the scenario that removes the context menu option from Visual Studio. I just know it’s happened to me 5-6 times.

The resolution is simple enough:

  1. Run the Visual Studio Command Prompt as an administrator
  2. Run the following command: “C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv” /ResetAddin Microsoft.IdentityModel.Tools.VS.VSAddin.FederationAddin

After you’ve executed the steps above, open a project containing a web site in Visual Studio, right-click on the project, and you should be good to go:

Hope this helps resolves what can be a very frustrating issue quickly.

ag

 

In azure , , , , , ,
permalink

Cloud.Compile() for the Week of April 23, 2012

April 27, 2012

{News and Analysis}

Amazon

force.com

Google

Microsoft

Rackspace

ag

In compile , , , , , , , , , , , , ,
permalink

Reminder–Speaking at Share Cloud in Dallas, TX

March 20, 2012

Just a reminder that next week I’ll be presenting the following two sessions at the Share Cloud conference in

AZR 102 – You Can Do What in Windows Azure?!
You already know you can run your .NET based web sites, services, and applications on Windows Azure, but this only scratches the surface of what you can do. Encoding video with Expression Encoder, hosting adaptive streaming video in blob storage, hosting multiple web sites, enabling remote desktop, running php, node.js, and MongoDB, creating a VPN and more are all possible with the Windows Azure platform. In this demo intensive session I’ll show you how to do amazing things to unleash the power of Azure.

AZR 104 – Securing Azure Hosted Services, the Easy Way
Authentication and authorization are key components of most line of business applications. However, identity management is not a trivial task, especially when it comes to extending identity management to the cloud. In this session we’ll look at how you can use the Windows Azure Access Control Service (ACS) to simplify identity management for applications running on the Windows Azure platform. We’ll start by covering the basics of identity management and ACS. From there we’ll look at how to do create an ACS namespace, integrate identity providers and relying parties, create token transformation rules to provide consistent claims, establish a trust between ACS and your ASP.NET application, test the integration, and automate the management of your ACS namespaces.

You can find out more about the conference and register here.

ag

In events , , ,
permalink

Reminder–Speaking at the RBA Tech Spotlight Event

March 14, 2012

Just a reminder that I’ll be speaking at the RBA Tech Spotlight event next Wednesday (March 21, 2012) at 12:00 PM. The topic for this session is [title]. The focus of my talk is on how to use the Windows Azure Access Control Service (ACS) to offload identity management from your applications. Here’s a synopsis of what I’ll be covering:

Authentication and authorization are key components of most line of business applications. However, identity management is not a trivial task, especially when it comes to integrating third party systems in the cloud. Some of the challenges faced in this scenario include:

  • Redirecting unauthenticated requests to the required identity provider
  • Validating and parsing incoming token issued by the identity providers
  • Implementing authorization checks
  • Transforming tokens by adding, removing, or changing the claims types and values
  • Using configuration rather than code to do all of the above

In this session we’ll look at how you can use the Windows Azure Access Control Service (ACS) to tackle these challenges. We’ll start by covering the basics of identity management and ACS. From there we’ll look at how to do the following with ACS:

  • Create an ACS namespace
  • Integrate identity providers
  • Integrate relying parties
  • Create token transformation rules
  • Establish a trust between ACS and your ASP.NET application
  • Test the integration between ACS and your ASP.NET application
  • Automate the management of the ACS namespace

You can get more info and register for the event here.

I hope to see you there.

ag

In events , ,
permalink

Content for WCF User Group Posted on github

March 7, 2012

Today I gave a talk at the Twin Cities WCF User Group on how to use the Windows Azure Access Control Service (ACS) to secure WCF services. The slides (in pdf format) and code have been posted to github. You can grab them here. Please note, this code is posted as is. It worked on my machine during the demo. I make no guarantees that it will work for you. However, if you follow the instructions in the README.md file in the root directory you should be able to get things working.

ag

In events , , , , ,
permalink

Reminder–Speaking at the Twin Cities WCF User Group Next Week

February 29, 2012

Just a reminder that I’ll be speaking at the Twin Cities WCF User Group next Wednesday (March 7, 0212) at 12:00 PM. The topic for this session is Securing WCF Services with the Windows Azure Access Control Service. Here’s the abstract:

Integrating your WCF services with third-party authentication and identity management systems can be a daunting task. Some of the common challenges associated with this task include:

  • Configuring WCF bindings to request a token from ACS
  • Validating the incoming token issued by the identity provider
  • Parsing the incoming token
  • Implementing authorization checks
  • Transforming tokens by adding, removing, or changing the claims types and values
  • Using configuration rather than code to accomplish all of the above

In this session we’ll look at how to use the Windows Azure Access Control Service (ACS) to tackle these challenges. We’ll start by covering the basics of identity management and ACS. From there we’ll look at how to secure WCF services via ACS using the following methods:

  • WCF Username Authentication
  • WCF Certificate Authentication
  • WCF Federated Authentication with AD FS 2.0

You can register for the event here.

Hope to see you there!

ag

In events , , , ,
permalink

Speaking at Share Cloud in Dallas, TX

February 17, 2012

On March 27, 2012 I’ll be presenting two sessions at the Share Cloud conference in Dallas, TX. Abstracts for the sessions are below:

AZR 102 – You Can Do What in Windows Azure?!
You already know you can run your .NET based web sites, services, and applications on Windows Azure, but this only scratches the surface of what you can do. Encoding video with Expression Encoder, hosting adaptive streaming video in blob storage, hosting multiple web sites, enabling remote desktop, running php, node.js, and MongoDB, creating a VPN and more are all possible with the Windows Azure platform. In this demo intensive session I’ll show you how to do amazing things to unleash the power of Azure.

AZR 105 – Securing Azure Hosted Services, the Easy Way
Authentication and authorization are key components of most line of business applications. However, identity management is not a trivial task, especially when it comes to extending identity management to the cloud. In this session we’ll look at how you can use the Windows Azure Access Control Service (ACS) to simplify identity management for applications running on the Windows Azure platform. We’ll start by covering the basics of identity management and ACS. From there we’ll look at how to do create an ACS namespace, integrate identity providers and relying parties, create token transformation rules to provide consistent claims, establish a trust between ACS and your ASP.NET application, test the integration, and automate the management of your ACS namespaces.

You can find out more about the conference and register here.

ag

In events , , ,
permalink

Speaking at the RBA Tech Spotlight Event

February 16, 2012

On March 21, 2012 I will be speaking at the RBA Tech Spotlight event. The focus of my talk is on how to use the Windows Azure Access Control Service (ACS) to offload identity management from your applications. Here’s a synopsis of what I’ll be covering:

Authentication and authorization are key components of most line of business applications. However, identity management is not a trivial task, especially when it comes to integrating third party systems in the cloud.

Some of the challenges faced in this scenario include:

  • Redirecting unauthenticated requests to the required identity provider
  • Validating and parsing incoming token issued by the identity providers
  • Implementing authorization checks
  • Transforming tokens by adding, removing, or changing the claims types and values
  • Using configuration rather than code to do all of the above

In this session we’ll look at how you can use the Windows Azure Access Control Service (ACS) to tackle these challenges. We’ll start by covering the basics of identity management and ACS. From there we’ll look at how to do the following with ACS:

  • Create an ACS namespace
  • Integrate identity providers
  • Integrate relying parties
  • Create token transformation rules
  • Establish a trust between ACS and your ASP.NET application
  • Test the integration between ACS and your ASP.NET application
  • Automate the management of the ACS namespace

You can get more info and register for the event here.

I hope to see you there.

ag

In events , , ,
permalink

Speaking at the Twin Cities WCF User Group

February 15, 2012

On Wednesday March 7, 2012 at 12:00 PM I’ll be presenting at the Twin Cities WCF User Group. The topic for this talk is Securing WCF Services with the Windows Azure Access Control Service. Here’s a taste of what we’ll be covering:
 
Integrating your WCF services with third-party authentication and identity management systems can be a daunting task. Some of the common challenges associated with this task include:

  • Configuring WCF bindings to request a token from ACS
  • Validating the incoming token issued by the identity provider
  • Parsing the incoming token
  • Implementing authorization checks
  • Transforming tokens by adding, removing, or changing the claims types and values
  • Using configuration rather than code to accomplish all of the above

In this session we’ll look at how to use the Windows Azure Access Control Service (ACS) to tackle these challenges. We’ll start by covering the basics of identity management and ACS. From there we’ll look at how to secure WCF services via ACS using the following methods:

  • WCF Username Authentication
  • WCF Certificate Authentication
  • WCF Federated Authentication with AD FS 2.0

You can find out more about this event and register for it here.

In events , , , ,
permalink