• No results found

Securing Cloud Applications Using Windows Azure Access Control

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Securing Cloud Applications Using Windows Azure Access Control"

Copied!
18
0
0

Loading.... (view fulltext now)

Download now ( 18 Page )

Full text

(1)

© 2009 SPR Companies. All rights reserved.

Securing Cloud Applications Using

Windows Azure Access Control

January 20, 2012 Keith Franklin Director of Cloud and .NET Services

(2)

Table of Contents

MPS Partners Overview

Claims based Identity. What is it?

Windows Identity Framework (WIF)

WIF and Windows Azure

Securing a Web Applications using Windows Azure Access Control Service

(3)

Page 3

Who We Are

• MPS Partners is a Microsoft Gold Certified

Managed Partner with deep expertise in defining and deploying solutions based on Microsoft technology

• We focus in a few key areas:

 Collaboration and enterprise content management

 Business Intelligence

 Integration of the Microsoft toolset with

diverse technology landscapes and the cloud

 We are especially known for having this expertise within accounts that run SAP

(4)

Our Background

• Founded in 2006, MPS Partners is Microsoft’s

2010 Central Region Partner of the Year. We

have earned the distinction of being a Microsoft Gold Managed Partner – an elite designation within the Microsoft partner community.

• Our experienced staff an leadership team are business people first that focus on bringing valuable business solutions to market.

We are part of SPR Family of Companies, a 35-year-old professional services firm headquartered in the Willis Tower in Chicago, IL.

(5)

Page 5

Connected Business

Application Platform and Integration

.NET and Cloud Solutions

• BizTalk Integration Solutions

• Enterprise Service Bus • Cloud Integration

• Supply Chain Solutions

• Advanced .NET Solutions • Windows Azure

Development • Mobile Solutions

Providing Technology solutions that magnify the value of previous IT investments and enhance communication with business partners.

(6)

Table of Contents

MPS Partners Overview

Claims based Identity. What is it?

Windows Identity Framework (WIF)

WIF and Windows Azure

Securing a Web Applications using Windows Azure Access Control Service

(7)

Claims based Identity. What is it?

• Identity

 For sake of this discussion think of Identities as “Users”

• Tokens

 A bunch of bytes that represents an Identity

 Usually XML in the form of Security Assertion Markup Language

(SAML)

• Claims

 Represent something about the Identity (Name, Age, Position, etc.)

– I claim that I am Keith Franklin

– I claim that I am 45

 Contained within a Token

• STS – Security Token Service

(8)

Claims based Identity. What is it?

• Identity Provider

 Combination of a STS and an Account/Attribute Store

 Examples:

– Active Directory Federation Services 2.0

– Windows Live ID, Facebook, Yahoo, Google

• Federation Provider

 Service that takes multiple trusted or untrusted Identity Providers

and produce a trusted Identity Token to an application

 Examples:

– Windows Azure AppFabric Access Control - Cloud

– Active Directory Federations Services 2.0 – On Premise

• Identity Library

(9)

Table of Contents

MPS Partners Overview

Claims based Identity. What is it?

Windows Identity Framework (WIF)

WIF and Windows Azure

Securing a Web Applications using Windows Azure Access Control Service

(10)

Page 10

Windows Identity Framework

• Programming Model

• Software Development Kit (SDK)

 Provides pre-built .NET security logic

 Visual Studio Tools/Wizards

• Middleware Technology for building Claims aware

solutions

• Allows for Applications to be built that are unaware of

how they are secured.

• When un-authenticated visitor arrives the Middleware

steps in and authenticates the user and upon success the user and the users security token is redirected to the intended application.

(11)

Table of Contents

MPS Partners Overview

Claims based Identity. What is it?

Windows Identity Framework (WIF)

WIF and Windows Azure

Securing a Web Applications using Windows Azure Access Control Service

(12)

Page 12

WIF and Windows Azure

• Windows Azure Access Control Service (ACS)

 Supports Web Application single sign-on (SSO)

 WS-Federation

 Federation for SOAP and REST Web Services using

WS-Trust and Oauth

 Web Based Management Portal

 Odata-based management service for configuring and

managing the service

• WIF provides the plumbing for your applications to

(13)

Page 13

(14)

Authenticating Users from Web and Social Providers

(15)

Page 15

ACS sign on step by step

1.

User enters page address in a browser

2.

Page responds to browser to redirect to ACS

3.

Browser asks ACS for a Token

4.

ACS responds with list of Token types to user

5.

User logs in to Identity Provider

6.

Identity Provider returns Token to browser

7.

Browser presents Identity Provider Token to ACS

8.

ACS returns an ACS Token to browser

9.

Browser redirects back to original page address

with ACS Token

(16)

Table of Contents

MPS Partners Overview

Claims based Identity. What is it?

Windows Identity Framework (WIF)

WIF and Windows Azure

Securing a Web Applications using

(17)

Page 17

Securing a Web Applications using Windows Azure Access Control Service

• Demo

 Use WIF and Windows Azure Access Control to secure a Web Role (ASP.NET Web Site)

(18)

Page 18

Closing Thoughts

• Additional Information

 Azure SDK

http://www.microsoft.com/windowsazure/sdk/

 Azure Platform Training Kit

http://www.microsoft.com/download/en/details.aspx?displaylang =en&id=8396

Microsoft Windows Azure Development Cookbook by Neil Mackenzie

 Windows Identity Foundation Simplifies User Access for Developers

http://msdn.microsoft.com/en-us/security/aa570351

• Need assistance with Azure contact MPS Partners, LLC

References

Download now ( PDF - 18 Page - 0.93 MB )

Related documents

Assessing the New Federalism

Despite this, the two-year budget passed by the legislature in the spring included several health care initiatives, including Medicaid eligibility simplification for chil- dren,

Basket Weight and Region Automatic

The Regions tab enables you to create delivery regions containing the weight based delivery cost levels and postcode information that will be used to calculate delivery costs

The success of the horse-chestnut leaf-miner, Cameraria ohridella, in the UK revealed with hypothesis-led citizen science

ohridella had been present was the segmented regression in which there was a linear increase in damage for the first three years (having taken account of the time of year and

Measuring Home Broadband Performance By S. Sundaresan, W. de Donato, N. Feamster, R. Teixeira, S. Crawford, and A. Pescapè

We analyze whether routers in the SamKnows deployment consistently achieve their peak performance using the Avg/P 95 metric, which we define as the ratio of the

CLOUD CRUISER FOR WINDOWS AZURE PACK

The online help in the QuickStart tab of the User Costs module in Windows Azure Pack includes a short video to guide you through the overall process. In addition, a Cloud

NONLINEAR MARKET DYNAMICS BETWEEN STOCK RETURNS AND TRADING VOLUME: EMPIRICAL EVIDENCES FROM ASIAN STOCK MARKETS

We employ the smooth transition autoregressive model with the percentage change in trading volume as the transition variable to capture the nonlinear movement between stock

Lower Bounds for Subgraph Detection in the CONGEST Model

(In [7] there are lower bounds for other graphs, in a broadcast variant of the CONGEST model where nodes are required to send the same message on all their edges.) For any fixed k

Gossip protocols for renaming and sorting

Jelasity and Kermarrec [20] proposed the following simple gossip protocol for this problem: In each round, a node contacts a peer chosen uniformly at random, and both nodes