Supported Token Format and Protocol in ACS

To get authenticated via Windows Azure ACS; relying party need to obtain a token. Token can be in different formats.

Possible token formats are as below,

image

SAML 1.1 and SAML 2.0

  1. It stands for Security Assertion Markup language.
  2. It is wildly used token format.
  3. It is used in Single sign on
  4. It is used in clam based authentication
  5. it provides a XML schema for token and protocol used in authentication
  6. SAML version 2.0 was approved as an OASIS Standard in March 2005
  7. There are two types of schema for SAML

image

SWT

  1. It stands for Simple Web Token.
  2. It works on Simple Web Token specification.
  3. SWT work on key value pair. All the required information is present in form of encrypted key value pair.
  4. Key value pairs are relying party specific.

There are few keys which have to be present always in SWT token. They are as below,

image

Supported Protocols

ACS has to use some protocols to communicate either with the service or web application. Supported protocols are as below

image

Supported Token Protocols combination

ACS sends tokens over the protocol supported on the token format. Supported token and protocols are as below

image

If you find my posts useful you may like to follow me on twitter http://twitter.com/debug_mode or may like Facebook page of my blog http://www.facebook.com/DebugMode.Net If you want to see post on a particular topic please do write on FB page or tweet me about that, I would love to help you.

Free EBook on Razor View Engine in MVC 3 by Abhimanyu Kumar Vatsa

  • He is young
  • He is aspired
  • He is passionate
  • He is learner

and he has come up with a eBook on Razor View Engine .

You can free download e Book from  here

Personal details

170757_192407110783523_100000427076029_619707_6748802_o

He is student from Bokaro steel city , Jharkhand India.He is founder of http://www.itorian.com/ He has authored around  225 articles on C – Sharp Corner .com  .

 You can free download e Book from here and can send him feedback to improve and get motivated.

I wish very good luck Smile Good  job done.

If you find my posts useful you may like to follow me on twitter http://twitter.com/debug_mode or may like Facebook page of my blog http://www.facebook.com/DebugMode.Net If you want to see post on a particular topic please do write on FB page or tweet me about that, I would love to help you.

Mindcracker Mumbai geeks want to meet for pizza and design pattern?

image

 

 

 

image

  • Are you a member of esteem community site http://www.c-sharpcorner.com/ ? If not then why are waiting? Register your self.
  • Are you actively participate to the community via your articles, forum answers, discussions on http://www.c-sharpcorner.com/ ? If not then start engaging yourself.
  • Are you from Mumbai and free on 2nd December?
  • Do you want to learn design pattern from the guru Shivprasad Koirala
  • Do you want to take away some cool goodies?

If answers of all above questions are yes then this event is for you. Please find more detail about event here

Few quick facts about the event is below,

 

When

2 December Friday evening 6 PM

Where

Pizza Hut, Mulund, Mumbai.

Contact

9967590707 Shivprasad koirala

I hope you are going to make most of this event  Smile

If you find my posts useful you may like to follow me on twitter http://twitter.com/debug_mode or may like Facebook page of my blog http://www.facebook.com/DebugMode.Net If you want to see post on a particular topic please do write on FB page or tweet me about that, I would love to help you.

Pinal Dave and Vinod Kumar‘s SQL Server Interview Questions and Answers: Book review

clip_image001

I have decided not to review this book and requested someone who is having profound understanding on this subject to review this book. I requested Sandeep Kalra to review and give candid feedback. Even though he is always very busy in work and researching, he agreed to do that for me. So a Big Thanks to Sandeep for this review.

About Book

This book is authored by two great people Vinod Kumar and Pinal Dave. Read more about book at below given link,

http://blog.sqlauthority.com/sql-server-books/sql-server-interview-questions-and-answers-for-all-database-developers-and-developers-administrators/

Review of Book in Sandeep Words

I recently got a chance to do a quick review of the newly released book by Pinal Dave and Vinod Kumar titled “SQL Server Interview Questions and Answers for Database Developers and Administrators“. I am an ardent follower of Pinal’s blogs, and have attended Vinod’s after lunch sleep awakening sessions in Tech-Ed, in which he keeps the listeners on their toes with his impressive interactive skills. So when I got a chance to get hands on one of their books, I felt elated.

While I didn’t get time to do a line to line review of each question, some of the key points which I found impressive in the book were:

· Good way to start off with basic concepts. Often, in a project world, we forget the basics on which the whole platform is being built. That is one thing I learned the most from the last architect I worked with: When in doubt, go back to basics rather than trying to quick fix things.

· The points to ponder from SQL Joes 2 books are excellent to refresh/test your existing knowledge.

· Section on Common Developer questions is good for people who are joining firms on entry level.

· I personally liked the section on Common tricky questions; it contains the tricks of trade for performance tuning/indexing/profiler usage. One of my favorite SQL topics. The same goes for DBA diagnostic tool section. Although I haven’t worked as full time DBA in any of my previous positions, but many a times I have performed the role of “accidental DBAs”. This section gives a good collection of things to do when stuck up with production problems.

· General best practices section at the end is the one I would always recommend for any teams starting project development.

Although aimed at preparing people for SQL Interview questions, I don’t mind recommending it to people on projects, as this book gives a good about overview of things to do when in trouble, and things not to do to stay out of trouble. So go ahead, and get your copy

Thanks and Regards,

Sandeep Kalra

About Sandeep

clip_image002

Sandeep Kalra works as a Technology Lead with Infosys in its Microsoft Technology Center. He has 7+ years of experience in designing and developing applications on Microsoft Technologies. His work includes gaining and sharing knowledge of advanced concepts in architecting and designing solutions, and providing the best possible solution to meet the functional and non-functional requirements. He also participates in various architecture review sessions to provide inputs to team as well evaluate work products and share the knowledge at group level as well as company level.

You can connect with him on LinkedIn at http://in.linkedin.com/in/kalrasandeep

I hope this review is useful to you. Thanks for reading Smile

If you find my posts useful you may like to follow me on twitter http://twitter.com/debug_mode or may like Facebook page of my blog http://www.facebook.com/DebugMode.Net If you want to see post on a particular topic please do write on FB page or tweet me about that, I would love to help you.

Step by Step guide on Federated Authentication in Windows Azure Web Role using Windows Azure App Fabric Access Control Service

In this article I will show you step by step demonstration of enabling Federated Authentication on Windows Azure Web Role using Windows Azure App Fabric Access Control Service.

You are writing an application and want to make it open for users of all the identity providers. You want users of Facebook, Live, Google; Yahoo etc. should be able to use your application. Probably to achieve this task you will have to implement authentication logic for all types of providers separately. For instance there would be separate authentication logic for Facebook, separate authentication logic for Google and so on.

You outsource this authentication task for separate identity provider to Access Control Service. ACS does the task of authentication for your application.

clip_image001

Image taken from MSDN

In this post, I am focusing on demonstrating step by step process to work with Windows Azure ACS. In later post I will discuss more on theory of Claim Based Authentication

You need to work with Windows Azure Access Control Service.

Windows Identity Foundation SDK

Windows Identity Foundation Run Time

Essentially you need to perform two tasks

  1. Configure Windows Azure ACS with Identity Provider, Relying Party, Rules
  2. Create Windows Azure Web Role and configure for Federated authentication

Configure Windows Azure ACS with Identity Provider, Relying Party, Rules

First you need to login to Windows Azure Management portal. Navigate to below link and provide yours live username and password

https://windows.azure.com/

After successful authentication, you need to select Service Bus, Access Control & Caching tab from left panel.

clip_image002

Then choose Access Control from top

clip_image003

You need to have a Namespace.If you are already having a namespace feel free to use that. I assume here you don’t have any namespace created then follow below screens to create namespace.

You need to click on New option at Top panel to create a new namespace.

clip_image004

On clicking of New, you will get Create a new Service Namespace window. For purpose of this article, I am choosing Access Control Service and providing other information in properties tab like Namespace, Country and Subscription

clip_image006

Once Namespace is created you can see that listed. Select newly created Namespace and from top panel choose Access Control Services

clip_image008

Access Control Services will get open in next tab. There from left panel select Identity Providers

clip_image009

On click of Identity providers you can see Windows Live ID is already added. Click on Add button to add another Identity Providers.

clip_image010

On click of Add Button you will get option to add different identity providers. For purpose of this post I am adding Google and Yahoo only.

clip_image011

I have chosen Yahoo. Next you will get prompted to choose Image URL at login screen. This is optional. I have not given any Image URL link here.

clip_image012

In same way you can add Google identity provider as well. After adding all the identity providers you will be getting them listed as below.

clip_image014

Next you need to add Relying Party Application. For that from the left panel click on Relying Part Application and then click on Add button to add new Relying Part Application. You will get screen to Add Relying Party Application. You need to provide all the information on this screen.

clip_image016

You need to provide a friendly name for relying party application. Feel free to give any name of your choice.

clip_image017

You need to select Mode. Choose Mode as Enter setting manually

clip_image018

After selecting Mode, you need to provide Realm, Return URL and Error URL.

We may have two scenarios here

  1. Running Azure Web Role in Locally in Azure Emulator
  2. Running Azure Web Role in Azure Portal

If you are running web role locally then set URL as http://127.0.0.1:81/

If you are running web role from Azure portal the set URL as you chosen there. That might look like http://abcurname.cloudapp.net

For both Realm and Return give the same URL and if you want you can leave optional error URL.

clip_image020

Leave Token Format, Token Encryption Policy and Token Lifetime as default.

clip_image021

Next you need to select identity providers for this relying party. Select all the identity providers we added previously.

clip_image022

Choose to create new rule group.

clip_image023

Select token signing as standard and click on save button to add a relying party application.

clip_image024

Next step you need to create Rule Groups for Relying party application. To create Rule Group click on Rule Groups from left panel and select Add

clip_image026

Next enter name of Rule Group and click on Save button

clip_image027

You will get an error message to generate rule. Click on Generate button to create rule.

clip_image029

Next you will get prompted to provide identity provider to generate rules. Select all listed identity provider and click on Generate button.

clip_image030

On next screen you need to click on save button. After saving in left panel click on Application integration from Development tab. You need WS-Federation MetaData to configure authentication mechanism for application.

clip_image031

Create Windows Azure Web Role and configure for Federated authentication

Now you need to create Windows Azure project. To create open visual studio as administrator and from cloud tab select Windows Azure Project.

clip_image033

Then choose ASP.Net Web Role as part of Windows Azure project.

clip_image035

Here you can write all required code and business logic of your application. Now to use ACS Federated authentication, right click on web application project and select add STS Reference

clip_image036

Now you need to provide

  1. Application Configuration location :Leave default value
  2. Application URI: It would be same as Replying Party Application URI. In our case it is URI of Azure web role running in azure emulator http://127.0.0.1:81/

 

clip_image037

On clicking of Next Button you will get a warning message that application is not using HTTPS. In real application best practice is to provide certificate and work with secure Http. Proceed with selecting yes.

clip_image038

In Security Token Service check the check box Use and existing STS and there you need to provide Meta Data document location. If you remember in previous step you copied an WS-Federation MetaData URL by clicking on Application integration from Development tab. You need to provide location of XML file from different End Point references.

clip_image040

On next screen choose Disable certificate chain validation.

clip_image042

On next screen select no encryption

clip_image044

On next screen leave the default values and click on next .

clip_image045

Finally click on Finish to complete add process. You should be getting Success message as below,

clip_image046

Last step you need to do is open Web.Config file and edit the entry as below. You need to add below line in rectangle in System.web

clip_image047

Now go ahead and run application. You will get prompted to Sign In. Choose any identity provider to log in to your application

clip_image048

I am choosing Google. I will be redirected to Google Login page

clip_image050

After successful Sign in you will get redirected to the application.

clip_image052

This is all you need to do to perform Federated authentication on Windows Azure web role using Windows Azure App Fabric Access Control Service. I hope this post is useful. Thanks for reading Smile

 

If you find my posts useful you may like to follow me on twitter http://twitter.com/debug_mode or may like Facebook page of my blog http://www.facebook.com/DebugMode.Net If you want to see post on a particular topic please do write on FB page or tweet me about that, I would love to help you.