Software Engineering, Project Management, and Effectiveness
As part of our patterns & practices Azure Security Guidance project, we’re putting together a series of Application Scenarios and Solutions. Our goal is to show the most common application scenarios on the Microsoft Azure platform. This is your chance to give us feedback on whether we have the right scenarios, and whether you agree with the baseline solution.
ASP.NET Security Scenarios on Windows Azure We’re taking a crawl, walk, run approach and starting with the basic scenarios first. This is our application scenario set for ASP.NET:
ASP.NET Forms Auth to Azure Storage
Solution Summary Table
ASP.NET Forms Authentication to SQL Azure
ASP.NET to AD with Claims
ASP.NET to AD with Claims (Federation)
JD this is great. One of the big concerns we hear from customers about moving to cloud computing in general is security and privacy etc. I think providiing this kind of guidance will help customers get more comfortable with the idea and get them further along the path.
I agree with Rudolph this is much needed material for guidance around transitioning to and leveraging the cloud. 99.9% of the time I always hear about security being the largest barrier to entry to taking the first steps into the cloud. I believe this guidance from Microsoft and the well-known and respected P&P team will do volumes to remove this barrier.
Of special importance to me given my role is the "ASP.NET to AD with Claims" model that enterprise solutions will almost certainly need and adhere to and much guidance is needed. Thanks for identifying this area and addressing it is an important one if Microsoft to tackle in order to promote Azure and stay ahead of the curve.
I look forward to the blue book version!
Using Azure introduces several new secrets (for connecting to Azure storage, SQL Azure etc). Prescriptive guidance on how to manage these secrets and store them securely is going to be very important.
Looking forward to this guidance!
Finally! This kind of guidance has been needed for a long time, looking forward to it.
Thanks for posting this JD. Scenario-based guidance is the secret sauce that will help us and our customers build secure Azure apps. I'm really looking forward to seeing more. For instance when is each of these scenarios appropriate and under which conditions or constraints?
@ Rudolph -- As a friend in the field put it, "show me what's worked" over "tell me theory" :)
@ Terrance -- I'm a fan of starting with the end in mind. Show me how to put the legos together -- are we building the pirate ship or the viking ship or the lunar mobile.
Beautiful point on claims -- it's about leveraging the identify infrastructure you have, in an open way, over starting from scratch or spinning up new.
@ Varun -- I agree -- dealing with secrets (or just basic confidentiality, integrity, and availability) is a recurring theme. While the scene changes, the play remains the same.
@ Kevin -- It would be great to just start out of the gate with a suite of app scenarios that customers can just leverage over starting from scratch. I think of them as living strawmen.
@ Jason -- I agree -- having the right scenarios is key. Basically, it translates to "solve a problem I care about." Ideally, our spread of scenarios maps to enough of the problems that people are trying to figure out. From our baseline set of scenarios, we can then up level it to a matrix of "what to use when" ... and "why."
All these scenarios literally useless without detailed instructions on how to make them work. Don't post if you are not giving detailed instructions, it is causes confusion.
@ john -- What specifically do you need instructions for? (we've covered step-by-steps before so give me a concrete example where you need help)
Can you share an example of how you're confused?