Learn about the next generation building block services available in Windows Azure that help to create connected, secure, and reliable services. ​With services such as Caching, Service Bus (relay, queues, and topics), and Access Control Services (ACS) developers can focus more on building great solutions and less on plumbing services necessary to do so. In this webcast, we will take a look at many of the additional services offered as part of Windows Azure. We'll see just how easy it can be to add scalable caching with Windows Azure Caching, create robust connected solutions with the Service Bus, and secure applications with ACS.

1. Windows Azure for Developers
Building Block Services
Wednesday, March 7th 2012

2. About Me
Michael S. Collier
National Architect,
Windows Azure
michael.collier@neudesic.com
@MichaelCollier
www.MichaelSCollier.com

3. Today’s Agenda
• Windows Azure Overview
• Building Block Services
– Access Control Services
– Caching
– Service Bus
• Q&A

4. Windows Azure Core Components
VM
DataMarket Service WEB
Service Bus Cache Service
WORKER VM
ROLE ROLE ROLE
Access Control Service
DATABASE DATA SYNC IMPORT REPORTING
BLOB QUEUE TABLE
SERVICE SERVICE EXPORT SERVICE
SERVICE SERVICE SERVICE
SERVICE
Windows Azure Connect Windows Azure Traffic Manager
Windows Azure graphics courtesy of David Pallmann (http://davidpallmann.blogspot.com/)

5. Building Block Services
• Additional platform services for advanced functionality
• Use with “core” services or own their own
• Enhance developer productivity
• Consume cloud services – initial move to the cloud
• Services
– Access Control Services – federated identity management
service
– Caching – distributed caching service
– Service Bus – messaging and routing service

6. Access Control Services
• No need to build your own identity management
– Another component to maintain
– Likely not a distinguishable part of your application
– Deal with user management
• User support
• Password management (including resets)

7. Federated Identity Management
• Authenticate
– Windows Identity Foundation (WIF)
– OAuth and WS-Federation
• Authorize
– Claims-based
• Identity Providers
– Corporate via Active Directory (ADFSv2)
– Social
• Windows Live, Yahoo!, Google, Facebook
– Build your own using membership (identityserver.codeplex.com)
• Write to ACS and let Microsoft worry about the rest

8. ACS – How Does It Work?
Identity Access
Browser Application
Provider Control
1. Request Resource
2. Redirect to ACS
3. Auth/N 4. Home-realm
Discovery
5. Redirect to IdP
7. Authenticate &
Diagram courtesy of Windows Azure Boot Camp
6. Login
Issue Token
8. Redirect to AC service
10. Validate
9. Send Token to ACS Token, Run Rules
Engine,
11. Redirect to RP with ACS Token Issue Token
13. Send ACS Token to Relying Party
12. Validate
14. Return resource representation
Token

9. Windows Azure Access Control Service
DEMO

10. ACS – Final Tips
• Update session cooking handling
– WIF uses Data Protection API (DPAPI) by default.
– DPAPI not support in Windows Azure.
– Encrypt cookies with RSA using a certificate (SSL or self-signed
(dev))
– Windows Azure Training Kit has full example
– http://davidpallmann.blogspot.com/2011/12/mobile-global-with-
html5-mvc-windows_27.html
• Put WIF configuration params in ServiceConfiguration
– WIF uses web.config
– Read in params from ServiceConfiguration.cscfg on role start and
rewrite web.config
– http://blogs.msdn.com/b/vbertocci/archive/2011/05/31/edit-and-
apply-new-wif-s-config-settings-in-your-windows-azure-webrole-
without-redeploying.aspx

11. Caching
• Distributed, in-memory caching for Windows Azure apps
• Scalable, low latency, and high throughput
• Very similar to Windows Server AppFabric Caching
• Ability to enable a local cache
• Limits
– 8MB per object
– No serialization for local caching
• Security via ACS

12. Caching
• Easy to plug in as provider for ASP.NET session state
and page output
• Sample client configuration XML provided in portal

13. Caching
• Add the following assemblies
– Microsoft.ApplicationServer.Caching.Client.dll
– Microsoft.ApplicationServer.Caching.Core.dll
– Microsoft.WindowsFabric.Common.dll
– Microsoft.WindowsFabric.Data.Common.dll
– Microsoft.Web.DistributedCache.dll (for ASP.NET web projects)
• Write the code

14. Service Bus
• Robust messaging and routing services
• Ability to connect services across networks
– Defeats NATs and firewalls
– Great for hybrid application scenarios!
• Uses ACS for security

15. Message Relay
sb://namespace.servicebus.windows.net/service
Service Bus
Upgrade connection – NAT traversal connection
Sender Receiver

16. Message Relay
• Use SB addressing and bindings
• Simply use new „relay‟ bindings
• Behavior for ACS authorization
• Not new . . . Been in Service Bus for a while! 

17. Service Bus Message Queues
• Reliable and durable – backed by SQL Azure
• Store up to 1GB per queue
• No TTL – unlike Windows Azure queues
• 256KB maximum message size
• Messaging API, WCF, and REST interfaces
Publisher Queue Receiver

18. Service Bus Topics (pub/sub)
• Takes SB Queues to the next level
• 2,000 subscriptions on a single Topic
• Subscription is a virtual queue – gets a copy of each message
• Filters
– Use SQL92 syntax to configure Subscription to receive only messages
with matching properties
• Actions
– Modify message properties as they‟re selected
Receiver
Subscription
Receiver
Publisher Topic
Subscription Receiver

19. Windows Azure Service Bus Queues & Topics
SHOW ME THE CODE!

20. Summary
• Compute roles, storage, and SQL Azure get a lot of
attention.
• Don‟t forget about the building block services
Robust service relay and messaging
Service Bus
Easy to configure Cache-as-a-Service
Cache Service
Federated identity management
Access Control Service (authentication and authorization)

21. Resources
• How To Guides for .NET
– http://www.windowsazure.com/en-us/develop/net/
• Managing Caches in Windows Azure
– http://msdn.microsoft.com/en-us/library/windowsazure/gg618005.aspx
• Windows Azure Service Bus Best Practices
– http://windowsazurecat.com/2011/09/best-practices-leveraging-windows-
azure-service-bus-brokered-messaging-api/
• Service Bus Explorer
– http://code.msdn.microsoft.com/windowsazure/Service-Bus-Explorer-
f2abca5a
• Rick Garibay – “Azure AppFabric Service Bus Brokered Messaging
GA & Rude CTP Diffs”
– http://www.rickgaribay.net/archive/2011/09/14/azure-appfabric-service-bus-
brokered-messaging-ga-amp-rude-ctp.aspx
• Vitorrio Bertocci‟s Blog
– http://blogs.msdn.com/b/vbertocci/