Alik Levin's

Clarity, Technology, and Solving Problems | PracticeThis.com 

June, 2012

  • Alik Levin's

    Windows Azure Security Guidance – Focus on Identity and Access

    • 0 Comments

    imageHot off the press: Windows Azure Security Guidance topic. We decided first to tackle things that are significantly different from security perspective in Windows Azure comparing to what we know in on-premises world. And that turned out to be scenarios related to identity – authentication and authorization. These are key scenarios, including graphics, that are covered in the topic:

    • ASP.NET Web Form Application with Federated Authentication. In this scenario you control access to your ASP.NET Web Forms app using either Internet identity such as Live ID / Microsoft Account or corporate identity managed in Windows Server Active Directory.
    • WCF (SOAP) Service with Federated Authentication.In this scenario you control access to your WCF (SOAP) service using Service Identities managed by Windows Azure AD Access Control.
    • WCF (SOAP) Service with Federated Authentication, Identities in Active Directory. In this scenario you control access to your WCF (SOAP) web service using identities managed by corporate Windows Server Active Directory.
    • WCF (REST) Service With Federated Authentication.In this scenario you control access to your WCF (REST) service using Service Identities managed by Windows Azure AD Access Control.
    • WCF (REST) Service With Live ID / Microsoft Account, Facebook, Google, Yahoo!, Open ID. In this scenario you control access to your WCF (REST) service using Internet identity such as Live ID / Microsoft Account.
    • ASP.NET Web App to REST WCF Service Using Shared SWT Token. In this scenario you have distributed application with front end ASP.NET web app and downstream REST service and you want to flow end user’s context through physical tiers.
    • imageRole-Based Access Control (RBAC) Authorization In Claims-Aware Applications and Services. In this scenario you want to implement authorization logic in your app based on roles.
    • Claims-Based Authorization In Claims-Aware Applications and Services. In this scenario you want to implement authorization logic in your app based on complex authorization rules.
    • Windows Azure Storage Service Identity and Access Scenarios.In this scenario you need to securely share access to Windows Azure storage blobs and containers.
    • Windows Azure SQL Database Identity and Access Scenarios.SQL Database supports only SQL Server Authentication. Windows Authentication (integrated security) is not supported. Users must provide credentials (login and password) every time they connect to SQL Database.
    • Windows Azure Service Bus Identity and Access Scenarios.In this scenario you need securely access Windows Azure Service Bus queues.
    • In-Memory Cache Identity and Access Scenarios.In this scenario you need to securely access data managed by in-memory cache.
    • Windows Azure Marketplace Identity and Access Scenarios.In this scenario you need to securely access Windows Azure Marketplace datasets.

    Give it a try. Consider leaving comments and suggestions how to improve it in the comments section at the end of the topic or through this blog. Huge thank you goes to Mike Howard for the shout out, the man and the legend and the author of epic book Writing Secure Code. Mike is now principal architect in Cybersecurity team in the field continuing to fight a good fight in the trenches.

  • Alik Levin's

    Windows Azure Active Directory (AD) Graph API and Hybrid Cloud Identity

    • 0 Comments

    imageWindows Azure Active Directory (AD) Graph API is a feature that allows programmability against MS cloud directory, Windows Azure AD. Windows Azure AD powers Office 365 and Windows Intune.

    Scott Guthrie mentioned Graph API in his keynote (01:03:10). There is also drill down session during Teched by Ed Wu:

    Session Code: SIA322

    Directory Graph API: Drill Down

    Speaker(s):
    Edward Wu
    Thursday, June 14 at 4:30 PM - 5:45 PM in S310E

    This session introduces the new Directory Graph API, a REST-based API that enables access to Windows Azure Active Directory (Directory for Office 365 Tenants and Azure customers). We review the data directory model, the Graph API protocol (based on Odata V3 protocol), how authentication and authorization is managed, and demonstrate an end-to-end scenario. We walk through sample code calling the Directory Graph API. A roadmap is also reviewed. #TESIA322

    With the introduction of Graph API the hybrid (public/private) cloud identity story becomes even better:

    • Deploy your app anywhere – Windows Server, Windows Azure.
    • Manage your identity anywhere – Windows Server AD or Windows Azure AD, and they sync!
    • Authenticate and query user’s profile from on-prem/private and public cloud.

    Consider the following high level model to help embracing the idea of the hybrid cloud organization identity:

    Windows Azure AD Graph API

    Related:

Page 1 of 1 (2 items)