Quantcast
Channel: Azure – leastprivilege.com
Browsing latest articles
Browse All 39 View Live

Image may be NSFW.
Clik here to view.

Handling Configuration Changes in Windows Azure Applications

While finalizing StarterSTS 1.5, I had a closer look at lifetime and configuration management in Windows Azure. (this is no new information – just some bits and pieces compiled at one single place –...

View Article


Image may be NSFW.
Clik here to view.

Unlocking the SSL Section in Windows Azure Web Roles

Posting the favourite command line snippet seems to be the newest hobby for Azure developers Here’s one that is useful to unlock the SSL section (e.g. for client certificates):...

View Article


Image may be NSFW.
Clik here to view.

Windows Azure Diagnostics: Next to Useless?

To quote my good friend Christian: “Tracing is probably one of the most discussed topics in the Windows Azure world. Not because it is freaking cool – but because it can be very tedious and partly...

View Article

Image may be NSFW.
Clik here to view.

Windows Azure Root CAs and SSL Client Certificates

I ran into some problems while trying to make SSL client certificates work for StarterSTS 1.5. In theory you have to do two things (via startup tasks): Unlock the SSL section in IIS Install all the...

View Article

Image may be NSFW.
Clik here to view.

Adding a Certificate to the Root Certificate Store from the Command Line...

The title says it all certutil -addstore root LeastPrivilegeCA.cer Filed under: Azure

View Article


Image may be NSFW.
Clik here to view.

Logging Output of Azure Startup Tasks to the Event Log

This can come in handy when troubleshooting: using System; using System.Diagnostics; using System.Text;   namespace Thinktecture.Azure {     class Program     {         static EventLog _eventLog = new...

View Article

Image may be NSFW.
Clik here to view.

StarterSTS 1.5

I have the 1.5 version of StarterSTS sitting here for quite some time now. But I was always reluctant to release it. Some of the reasons are: too many new features for a single (small) version change....

View Article

Image may be NSFW.
Clik here to view.

Access Control Service: Home Realm Discovery (HRD) Gotcha

I really like ACS2. One feature that is very useful is home realm discovery. ACS provides a Nascar style list as well as discovery based on email addresses. You can take control of the home realm...

View Article


Image may be NSFW.
Clik here to view.

Weird 302 Redirects in Windows Azure

In IdentityServer I don’t use Forms Authentication but the session facility from WIF. That also means that I implemented my own redirect logic to a login page when needed. To achieve that I turned off...

View Article


Image may be NSFW.
Clik here to view.

Migrating a Local IdentityServer Membership Database to SQL Azure

This is a useful tool to accomplish this: http://sqlazuremw.codeplex.com Filed under: Azure, IdentityServer

View Article

Image may be NSFW.
Clik here to view.

Access Control Service: Protocol and Token Transition

ACS v2 supports a number of protocols (WS-Federation, WS-Trust, OpenId, OAuth 2 / WRAP) and a number of token types (SWT, SAML 1.1/2.0) – see Vittorio’s Infographic here. Some protocols are designed...

View Article

Image may be NSFW.
Clik here to view.

Access Control Service: Transitioning between Active and Passive Scenarios

As I mentioned in my last post, ACS features a number of ways to transition between protocol and token types. One not so widely known transition is between passive sign ins (browser) and active service...

View Article

Image may be NSFW.
Clik here to view.

Access Control Service: Programmatically Accessing Identity Provider...

In my last post I showed you that different redirect URLs trigger different response behaviors in ACS. Where did I actually get these URLs from? The answer is simple – I asked ACS ACS publishes a JSON...

View Article


Image may be NSFW.
Clik here to view.

Access Control Service: Passive/Active Transition Sample

Here you can find my updated ACS2 sample. In addition to the existing front ends (web [WS-Federation], console [SOAP & REST], Silverlight [REST]) and error handling, it now also includes a WPF...

View Article

Image may be NSFW.
Clik here to view.

Claims-based Identity & Access Control Training in February

I just got email confirming the February run of the “identity course” in Oslo. great! There are seats left and you can book here. Cu!   Filed under: .NET Security, ASP.NET, Azure, IdentityModel,...

View Article


Image may be NSFW.
Clik here to view.

Claims-based Identity & Access Control Pre-Conference Workshop at NDC 2013

This is great news! If you are going to NDC, you can take my identity & access control training as a pre-conference workshop. I have divided the content in a “web apps” day and a “services &...

View Article

Image may be NSFW.
Clik here to view.

Going to NDC? Get two extra Days of Identity and Access Control!

Claims, WS-Federation, WS-Trust, WS-Security, ASP.NET, Federation, Single Sign-On, Home Realm Discovery, WCF, SAML, JWT, Web API, OAuth2, Thinktecture IdentityServer & IdentityModel, ADFS, Windows...

View Article


Image may be NSFW.
Clik here to view.

Annual Identity Update on DotNetRocks

It’s this time of the year again! http://www.dotnetrocks.com/default.aspx?ShowNum=863 “Dominick Baier returns to talk to Carl and Richard about the current state of security in .NET 4.5. Dom starts out...

View Article

Image may be NSFW.
Clik here to view.

IdentityServer v3 and Azure WebSites (and other Deployment Simplifications)

(applies to preview 1) A common request for IdentityServer was being able to run on Azure WebSites (or other constrained deployment environments where you don’t have machine level access). This was...

View Article

Image may be NSFW.
Clik here to view.

My Sessions from NDC 2012

All videos from NDC are online now. This is great content, go check it out! Authentication & Authorization in .NET 4.5 – Claims & Tokens become the standard Model Securing ASP.NET Web APIs...

View Article

Image may be NSFW.
Clik here to view.

Taking Control over Azure Access Control Service HRD (without the Help from...

Vittorio wrote a post earlier today showing how to fetch the identity provider feed from ACS and use it to drive the sign-in handshake from within your application and UI. This is indeed a very useful...

View Article


Image may be NSFW.
Clik here to view.

WIF & .NET 4.5 Identity and Access Control Training

Just a quick update – I will run my public WIF class for the last time on the 14th/15th November in Oslo (the dates on the page are not correct anymore). After that there will be a brand new .NET 4.5...

View Article


Image may be NSFW.
Clik here to view.

“Windows Azure, Identity & Access – and you” Talk from Cloudburst 2012

My talk from Cloudburst 2012 is available here: http://www.streamshed.com/microsoft/cloudburst.htm# This was a nice little conference. recommended. (make sure to also watch Christian’s ServiceBus talk,...

View Article

Image may be NSFW.
Clik here to view.

Azure Authentication Library

Azure Authentication Library (AAL) is slowly turning into a really useful “easy to use” library to write client code against Microsoft identity back-ends like Windows Azure Active Directory and Access...

View Article

Image may be NSFW.
Clik here to view.

Compatibility between Thinktecture.IdentityModel JWT and Microsoft JWT

I just did a quick test – the JWT token handler in Thinktecture.IdentityModel can consume and validate JWTs coming from Access Control Service. Thought I let you know ;) Nice.Filed under: Azure,...

View Article


Image may be NSFW.
Clik here to view.

More Compatibility between Thinktecture.IdentityModel JWT and Microsoft JWT

Reader centralbin comments: “In fact the reverse is also true : You can configure TT-STS as an IP-STS in ACS. The JWT tokens issued by TT-STS can also be consumed in ACS. The only “gotcha” is that you...

View Article

Image may be NSFW.
Clik here to view.

Federating IdentityServer with Windows Azure Active Directory

Vittorio describes here in great detail how to provision a WAAD tenant as an identity provider in an ACS namespace. Since we are all using the same technology under the bonnet, this should also work...

View Article

Image may be NSFW.
Clik here to view.

Two Weeks to go: NDC Identity & Access Control Workshop

…really looking forward to it! http://www.ndcoslo.com/Article/Workshops/claims Also announcing a special guest: Pedro Felix will do a introduction lecture on OpenID Connect! See you there!Filed under:...

View Article

Image may be NSFW.
Clik here to view.

Using IdentityServer to issue tokens for Windows Server ServiceBus

Windows Server ServiceBus supports SWT tokens to authorize actions on a SB namespace or entity (e.g. listen, send or manage). In the Azure version of ServiceBus you would use the Azure Access Control...

View Article


Browsing latest articles
Browse All 39 View Live