SlideShare une entreprise Scribd logo

Using Windows Azure for Solving Identity Management Challenges (Visual Studio Live, Las Vegas 2013)

Michael Collier
Michael Collier

Identity management for cloud deployed applications can be a challenge. Often users will want to leverage an existing social network or corporate identity. Now we have to worry about dealing with multiple APIs, any updates to those APIs, or the addition of new identity providers. Windows Azure Access Control Services offers a better way! ACS allows for federated user authentication via popular social networks and Active Directory. In this session we’ll provide a crash course in claims as they relate to identity management. We’ll discuss why claims are important and how to add additional claims beyond what is provided by the identity providers. We'll also take a look at Windows Azure Active Directory and see how to manage corporate identities in the cloud.

Technologie
1  sur  45
Télécharger pour lire hors ligne
Using Windows Azure for Solving Identity Management Challenges Michael S. Collier National Architect, Cloud Level: Intermediate
About Me Michael S. Collier National Architect, Cloud michael.collier@neudesic.com @MichaelCollier www.MichaelSCollier.com http://www.slideshare.net/buckeye01
Agenda • Identity Management Challenges • Access Control Services – Claims – Setup tips – Gotcha’s • Windows Azure Mobile Services – Quickly leverage social identities • Windows Azure Active Directory – What it is – Quick setup – Exploring the directory graph
Who Are You? • Personalization • Business Rules • Functionality / Features
Traditional Identity Management • Windows Integrated Authentication (Active Directory) • Membership Provider • Proven Approach • Leverage WIF? SQL AD My Enterprise
Cloud? We Have a Problem • Multiple islands of identity • Environment not under our physical control • Disconnected from the enterprise (potentially)
Options • Social Networks • Membership Provider – They change . . . Often – SQL Database – The right one? – Table Storage – Another? – Pros – More work! Mostly known entity Migrate existing data – Cons Microsoft Account User management Security leak New
Windows Azure Access Control Service • No need to build your own identity management solution. • Authenticate (WIF – OAuth and WS-Federation) • Claims-based authorization • Multiple Identity Providers (ADFSv2, Google, Live ID, etc.) • Ability to bring your own via membership • One to rule them all! • Easy for your users Windows Azure icons courtesy of David Pallmann.
Key ACS Concepts • Relying Party (RP): Web application that outsources authentication. The RP trusts that authority. The RP is your app. • Identity Provider (IP): Authenticates users and issues tokens • Token: Digitally signed security data issued after user authenticated. Used to gain access to the RP (your app). • Claim: Attributes about the authenticated user (age, birthdate, email address, name, etc.) • Federation Provider: Intermediary between the RP and IP. ACS is a Federation Provider. • STS: Simple Token Service – issues tokens containing claims. ACS is an STS
Authentication Workflow Identity Access Browser Application Provider Control 1. Request Resource 2. Redirect to Identity Provider 4. Authenticate & 3. Login Issue Token 5. Redirect to AC service 7. Validate Token, Run Rules Engine, 6. Send Token to ACS Issue Token 8. Redirect to RP with ACS Token 10. Validate Token 9. Send ACS Token to Relying Party 11. Return resource representation Courtesy Windows Azure Boot Camp
Claims Enrichment • Identity Providers only provide a few claims – Microsoft Account / Live ID provides just one (Name Identifier) – Facebook, Google and Yahoo! Provide at least three (email, name, named identifier) – ADFSv2 – http://msdn.microsoft.com/en- us/library/windowsazure/gg185971.aspx • Add more claims that are known to your application – ClaimsAuthenticationManager
Getting Started with ACS DEMO
Recap 1. Create a new ASP.NET 4.5 Web Site a) Capture User.Identity.Name 2. Create a ACS namespace a) Portal b) Visual Studio tooling 3. Configure site using ‘Identity and Access’ tool in Visual Studio a) Provide ACS namespace and management password b) Enable desired Identity Providers (i.e. Google) c) Configure realm, reply to address, etc. 4. Optional: Add ClaimsAuthenticationManager 5. Run it
Tips & Tricks • WIF relies on the web.config file • Problematic for staging deployments – don’t know the URL until deployed • Add logic to WebRole’s OnStart() to update the WIF settings in web.config – Read in configuration settings from .cscfg – Update and save the web.config – Changing .cscfg settings can cause a role recycle . . . causing web.confg to update
Tips & Tricks • Staging vs. Production – WIF configuration in web.config – Staging URL unknown until deployment – Change WIF configuration in web.config during role startup See Vittorio Bertocci’s blog post at http://blogs.msdn.com/b/vbertocci/archive/2011/05/31/edit- and-apply-new-wif-s-config-settings-in-your-windows-azure-webrole-without-redeploying.aspx
Tips & Tricks • Cookie Encryption – DPAPI used to protect cookies sent to the client. – DPAPI not supported in Windows Azure – Use RsaEncryptionCookieTransform to encrypt with same cert used for SSL.
Tips & Tricks
Tips & Tricks • Change request validation • Use ASP.NET 2 validation (<httpRuntime requestValidationMode=“2.0”/> • Custom validator
Tips & Tricks <httpRuntime requestValidationType=“AccessControlRequestValidator" /> // Source: http://social.technet.microsoft.com/wiki/contents/articles/1725.windows-identity-foundation-wif-a-potentially-dangerous-request-form- value-was-detected-from-the-client-wresult-t-requestsecurityto.aspx
Gotchas • Single sign-out not currently supported – Provide a sign-out link for the specific Identity Provider • Windows Azure co-admin cannot administer an ACS namespace – Add Live ID, WAAD, Google, etc. • WIF not installed on Windows Azure roles (.NET 3.5) – Microsoft.IdentityModel CopyLocal = true – Install WIF via a startup task (recommended)
The Impact for Mobile Apps • Social Networks – Important – Users likely already have at least one – Quick and easy signup – Potential for rapid user base expansion • Multiple identity provider choices via Windows Azure Mobile Services
Windows Azure Mobile Services DEMO
Recap • Windows Azure Mobile Services app • Developer accounts for social networks – Microsoft Account – Facebook – Twitter – Google • Add key/secret to WAMS app • Prompt for user authentication await App.MobileService.LoginAsync (MobileServiceAuthenticationProvider.Twitter); • Optional – Live SDK to use SSO in Windows Store apps
Windows Azure Active Directory • Extends AD into the cloud • Started as directory for Office365 • Provides single sign-on for cloud applications • Query-able social graph (native apps too) • Connect from any device and platform – RESTful access to the directory – XML/JSON request/response • Can sync or federate on-premises AD to cloud WAAD is in a Developer Preview status. ☺
The Directory DirectReports MemberOf
The Directory Windows Azure Active Directory Multi-tenant directory
The Directory WAAD Tenant DirSync On-Premises Active Directory
Getting Started • Organization ID – Office365 – Dev/Test Tenant http://aka.ms/WAADSignup <tenant>.onmicrosoft.com • Windows Azure Subscription • Microsoft ASP.NET Tools for Windows Azure Active Directory – Visual Studio 2012 – http://go.microsoft.com/fwlink/?LinkID=282306 • Office365 / Windows Azure Active Directory Management Cmdlets – http://aka.ms/aadposh
Windows Azure Active Directory – Setup and Connect to WAAD DEMO
Recap 1. Pre-reqs a) Windows Azure AD Powershell cmdlets b) Windows Azure AD tenant c) Visual Studio tools 2. Create new ASP.NET 4.5 web site 3. ‘Enable Windows Azure Authentication’ a) Under ‘Project’ menu in Visual Studio b) Authenticate with WAAD administrative account 4. Run
Graph API • RESTful interface for Windows Azure AD – Compatible with OData V3 – Use latest WCF 5.3 update (API v0.9) – OAuth 2.0 for authentication • Programmatic access to the directory – DirectoryObject – User, Group, Role, Licenses, Tenant, etc. – Links – memberOf, directReports • Standard HTTP methods – GET, POST, PATCH, DELETE for directory objects – HTTP status codes
Directory Permissions • The application has rights to the directory, not the authenticated user • Your application == service principal • Application Roles – Partner Tier1 Support – Partner Tier2 Support – Company Administrator – Helpdesk Administrator – Directory Readers – Directory Writers – Billing Administrator – Service Support Administrator – User Account Administrator
Request GET https://graph.windows.net/michaelcollier.onmicrosoft.com/directoryObjects/$/Micro soft.WindowsAzure.ActiveDirectory.User()?%24filter=userPrincipalName+eq+%27mi chael%40michaelcollier.onmicrosoft.com%27&%24top=2&api-version=0.9 HTTP/1.1 User-Agent: Microsoft ADO.NET Data Services DataServiceVersion: 3.0;NetFx MaxDataServiceVersion: 3.0;NetFx Accept: application/atom+xml,application/xml Accept-Charset: UTF-8 DataServiceUrlConventions: KeyAsSegment Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1THdqcHd BSk9NOW4tQSJ9.eyJhdWQiOiIwMDAwMDAwMi0wMDAwLTAwMDAtYzAwMC0wMD AwMDAwMDAwMDAvZ3JhcGgud2luZG93cy5uZXRAMTEyNzExNTktYWJjOC00ZTBl LWIzYzItYzJhMDg1OGEwMzZiIiwiaXNzIjoiMDAwMDAwMDEtMDAwMC0wMDAwLWM wMDAtMDAwMDAw…… Host: graph.windows.net
Response <?xml version="1.0" encoding="utf-8"?> <feed xml:base="https://graph.windows.net/michaelcollier.onmicrosoft.com/" xmlns="http://www.w3.org/2005/Atom" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:georss="http://www.georss.org/georss" xmlns:gml="http://www.opengis.net/gml"> <id>https://graph.windows.net/michaelcollier.onmicrosoft.com/directoryObjects/$/Microsoft.WindowsAzure.ActiveDirectory.User</id> <title type="text">Microsoft.WindowsAzure.ActiveDirectory.User</title> <updated>2013-03-21T00:58:34Z</updated> <link rel="self" title="Microsoft.WindowsAzure.ActiveDirectory.User" href="Microsoft.WindowsAzure.ActiveDirectory.User" /> <entry> <id>https://graph.windows.net/michaelcollier.onmicrosoft.com/directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6</id> <category term="Microsoft.WindowsAzure.ActiveDirectory.User" scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme" /> <link rel="edit" title="User" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/manager" type="application/atom+xml;type=entry" title="manager" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/manager" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/directReports" type="application/atom+xml;type=feed" title="directReports" href="directoryObjects/23dc9514-64ec-4c94-8f03- 4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/directReports" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/members" type="application/atom+xml;type=feed" title="members" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/members" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/memberOf" type="application/atom+xml;type=feed" title="memberOf" href="directoryObjects/23dc9514-64ec-4c94-8f03- 4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/memberOf" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/permissions" type="application/atom+xml;type=feed" title="permissions" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/permissions" />
Response <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/edit-media/thumbnailPhoto" title="thumbnailPhoto" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/thumbnailPhoto" /> <m:action metadata="https://graph.windows.net/michaelcollier.onmicrosoft.com/$metadata#DirectoryDataService.assignLicense" title="assignLicense" target="https://graph.windows.net/michaelcollier.onmicrosoft.com/directoryObjects/23dc9514-64ec-4c94-8f03- 4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/assignLicense" /> <content type="application/xml"> <m:properties> <d:objectType>User</d:objectType> <d:objectId>23dc9514-64ec-4c94-8f03-4edf9016b2a6</d:objectId> <d:accountEnabled m:type="Edm.Boolean">true</d:accountEnabled> <d:assignedLicenses m:type="Collection(Microsoft.WindowsAzure.ActiveDirectory.AssignedLicense)" /> <d:assignedPlans m:type="Collection(Microsoft.WindowsAzure.ActiveDirectory.AssignedPlan)" /> <d:city m:null="true" /> <d:displayName>Michael Collier</d:displayName> <d:givenName>Michael</d:givenName> <d:mailNickname>michael</d:mailNickname> <d:mobile>+1 6142883146</d:mobile> <d:otherMails m:type="Collection(Edm.String)"> <d:element>michaelscollier@gmail.com</d:element> </d:otherMails> <d:userPrincipalName>michael@michaelcollier.onmicrosoft.com</d:userPrincipalName> </m:properties> </content> </entry> * Some elements removed for readability. </feed>
Windows Azure Authentication Library (WAAL) • Simplifies authentication • Client-side only – Used to obtain an authentication token only; no token validation – Web apps/services or rich clients • Server-side token authentication – JSON Web Token Handler (JWT Handler) – Samples http://code.msdn.com Search “aal” Filter – Technology = Windows Azure Visual Studio Version = VS2012 (AAL > Windows Azure > Visual Studio 2012)
Registering You App with WAAD • AppPrincipalId (ServicePrincipal) – identityConfiguration/audienceUris – system.identityModel.services/federationConfiguration /wsFederation • Read this blog post by Vittorio Bertocci – http://www.cloudidentity.com/blog/2013/01/22/group- amp-role-claims-use-the-graph-api-to-get-back- isinrole-and-authorize-in-windows-azure-ad-apps/
Registering You App with WAAD Import-Module MSOnlineExtended -force # Connect to the WAAD tenant. Use tenant admin credentials (same used in the MVC VS2012 tools). <user>@<tenant>.onmicrosoft.com Connect-MsolService # The AppPrincipalId from the web.config $AppPrincipalId = '9a90ed83-acff-44d7-813f-d7e724fef1aa' # Get the Service Principal object $servicePrincipalId = (Get-MsolServicePrincipal -AppPrincipalId $AppPrincipalId) # Add the service principal to the appropriate role in WAAD. Add-MsolRoleMember -RoleMemberType "ServicePrincipal" -RoleName "User Account Administrator" - RoleMemberObjectId $servicePrincipalId.ObjectId # Dates for which the credential is valid (1 year) $timeNow = Get-Date $expiryTime = $timeNow.AddYears(1) #Generating the symmetric key $cryptoProvider = new-object System.Security.Cryptography.RNGCryptoServiceProvider $byteArr = new-object byte[] 32 $cryptoProvider.GetBytes($byteArr) $signingKey = [Convert]::ToBase64String($byteArr) Write-Output $signingKey | Out-File signingKey.txt # Create a new service principal credential, with the created key, and assign to the service principal. New-MsolServicePrincipalCredential -AppPrincipalId $AppPrincipalId -Type symmetric -StartDate $timeNow -EndDate $expiryTime -Usage Verify -Value $signingKey
WAAD and Expense Application (Code Walkthrough) DEMO
Going Further • Multitenant applications – Leverage identity from other WAAD tenants – http://www.windowsazure.com/en- us/develop/net/tutorials/multitenant-apps-for-active- directory/ • Phone 2FA – Additional administrative users – Username/pwd + text message code – ONLY for WAAD users and applications now • Configure as an Identity Provider in ACS
Windows Azure Virtual Network Windows Azure Site-to-Site VPN Tunnel Currently in Preview Image courtesy of the Windows Azure Training Kit
Summary • Traditional identity management in the cloud is hard – Many external islands of identity – Current technology hard or not interoperable • ACS provides standards-based approach – Integrates with Windows Identity Foundation – Claims-based authorization – Built-in support for ADFSv2, Google, Live ID, Yahoo!, & Facebook • Enrich functionality using WIF • Leverage Windows Azure Mobile Services for mobile apps • Windows Azure Active Directory shows the future direction
Resources • Windows Azure ACS Guide – http://www.windowsazure.com/en-us/develop/net/how-to-guides/access- control/#config-trust • Programming Windows Identity Foundation, Vittorio Bertocci • CloudIdentity.com, Vittorio Bertocci’s blog • “Claims-Based Authorization with WIF”, Michele Bustamante – http://msdn.microsoft.com/en-us/magazine/ee335707.aspx • ACS Cheat Sheet - http://bit.ly/ACSCheatSheet • ACS How To’s - http://bit.ly/ACSHowTo • ACS Tips - http://bit.ly/HYhxjY • Publishing a ACS v2 Federated Identity Web Role - http://bit.ly/HPT6rk • MVC Sample App for Windows Azure Active Directory Graph – http://code.msdn.microsoft.com/Write-Sample-App-for-79e55502 • Windows Azure Active Directory Graph Team – http://blogs.msdn.com/b/aadgraphteam/
Ask your questions
Thank You!! Michael S. Collier National Architect, Cloud michael.collier@neudesic.com @MichaelCollier www.MichaelSCollier.com http://www.slideshare.net/buckeye01 Please fill out your session evals!

Recommandé

Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Michael Collier
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesMichael Collier
 
What's New for the Windows Azure Developer? Lots! (July 2013)
What's New for the Windows Azure Developer? Lots! (July 2013)What's New for the Windows Azure Developer? Lots! (July 2013)
What's New for the Windows Azure Developer? Lots! (July 2013)Michael Collier
 
Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)Michael Collier
 
Automating Your Azure Environment
Automating Your Azure EnvironmentAutomating Your Azure Environment
Automating Your Azure EnvironmentMichael Collier
 
More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)Michael Collier
 
Windows Azure for Developers - Service Management
Windows Azure for Developers - Service ManagementWindows Azure for Developers - Service Management
Windows Azure for Developers - Service ManagementMichael Collier
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerMichael Collier
 

Recommandé

Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Michael Collier
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesMichael Collier
 
What's New for the Windows Azure Developer? Lots! (July 2013)
What's New for the Windows Azure Developer? Lots! (July 2013)What's New for the Windows Azure Developer? Lots! (July 2013)
What's New for the Windows Azure Developer? Lots! (July 2013)Michael Collier
 
Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)Michael Collier
 
Automating Your Azure Environment
Automating Your Azure EnvironmentAutomating Your Azure Environment
Automating Your Azure EnvironmentMichael Collier
 
More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)Michael Collier
 
Windows Azure for Developers - Service Management
Windows Azure for Developers - Service ManagementWindows Azure for Developers - Service Management
Windows Azure for Developers - Service ManagementMichael Collier
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerMichael Collier
 
More Cache for Less Cash
More Cache for Less CashMore Cache for Less Cash
More Cache for Less CashMichael Collier
 
Windows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block ServicesWindows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block ServicesMichael Collier
 
What's New for the Windows Azure Developer? Lots!!
What's New for the Windows Azure Developer? Lots!!What's New for the Windows Azure Developer? Lots!!
What's New for the Windows Azure Developer? Lots!!Michael Collier
 
10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will Fail10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will FailMichael Collier
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Kris Wagner
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTRadhakrishnan Govindan
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerMichael Collier
 
Windows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldWindows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldMichael Collier
 
Inside Azure Resource Manager
Inside Azure Resource ManagerInside Azure Resource Manager
Inside Azure Resource ManagerMichael Collier
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure ADNew Horizons Ireland
 
The Hybrid Windows Azure Application
The Hybrid Windows Azure ApplicationThe Hybrid Windows Azure Application
The Hybrid Windows Azure ApplicationMichael Collier
 
Windows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the CloudWindows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the CloudMichael Collier
 
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...MSDEVMTL
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure PlatformDavid Chou
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryPavel Revenkov
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD ConnectSasha Rosenbaum
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 
Understanding the Windows Azure platform - june
Understanding the Windows Azure platform - juneUnderstanding the Windows Azure platform - june
Understanding the Windows Azure platform - juneDavidGristwood
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active DirectoryThurupathan Vijayakumar
 

Contenu connexe

Tendances

More Cache for Less Cash
More Cache for Less CashMore Cache for Less Cash
More Cache for Less CashMichael Collier
 
Windows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block ServicesWindows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block ServicesMichael Collier
 
What's New for the Windows Azure Developer? Lots!!
What's New for the Windows Azure Developer? Lots!!What's New for the Windows Azure Developer? Lots!!
What's New for the Windows Azure Developer? Lots!!Michael Collier
 
10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will Fail10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will FailMichael Collier
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Kris Wagner
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTRadhakrishnan Govindan
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerMichael Collier
 
Windows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldWindows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldMichael Collier
 
Inside Azure Resource Manager
Inside Azure Resource ManagerInside Azure Resource Manager
Inside Azure Resource ManagerMichael Collier
 
The Hybrid Windows Azure Application
The Hybrid Windows Azure ApplicationThe Hybrid Windows Azure Application
The Hybrid Windows Azure ApplicationMichael Collier
 
Windows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the CloudWindows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the CloudMichael Collier
 
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...MSDEVMTL
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure PlatformDavid Chou
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryPavel Revenkov
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 
Understanding the Windows Azure platform - june
Understanding the Windows Azure platform - juneUnderstanding the Windows Azure platform - june
Understanding the Windows Azure platform - juneDavidGristwood
 

Tendances (20)

More Cache for Less Cash
More Cache for Less CashMore Cache for Less Cash
More Cache for Less Cash
 
Windows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block ServicesWindows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block Services
 
What's New for the Windows Azure Developer? Lots!!
What's New for the Windows Azure Developer? Lots!!What's New for the Windows Azure Developer? Lots!!
What's New for the Windows Azure Developer? Lots!!
 
10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will Fail10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will Fail
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPT
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect Partner
 
Windows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldWindows Azure: Lessons From the Field
Windows Azure: Lessons From the Field
 
Inside Azure Resource Manager
Inside Azure Resource ManagerInside Azure Resource Manager
Inside Azure Resource Manager
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure AD
 
The Hybrid Windows Azure Application
The Hybrid Windows Azure ApplicationThe Hybrid Windows Azure Application
The Hybrid Windows Azure Application
 
Windows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the CloudWindows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the Cloud
 
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a service
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure Platform
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD Connect
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s Assets
 
Understanding the Windows Azure platform - june
Understanding the Windows Azure platform - juneUnderstanding the Windows Azure platform - june
Understanding the Windows Azure platform - june
 

En vedette

EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnPeter Selch Dahl
 
Identity and o365 on Azure
Identity and o365 on AzureIdentity and o365 on Azure
Identity and o365 on AzureMostafa
 
Inside Azure Diagnostics (DevLink 2014)
Inside Azure Diagnostics (DevLink 2014)Inside Azure Diagnostics (DevLink 2014)
Inside Azure Diagnostics (DevLink 2014)Michael Collier
 
Information security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioAntonioMaio2
 

En vedette (6)

EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-OnEWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
 
Identity and o365 on Azure
Identity and o365 on AzureIdentity and o365 on Azure
Identity and o365 on Azure
 
Inside Azure Diagnostics (DevLink 2014)
Inside Azure Diagnostics (DevLink 2014)Inside Azure Diagnostics (DevLink 2014)
Inside Azure Diagnostics (DevLink 2014)
 
Identity in the cloud using Microsoft
Identity in the cloud using MicrosoftIdentity in the cloud using Microsoft
Identity in the cloud using Microsoft
 
Information security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maio
 

Similaire à Using Windows Azure for Solving Identity Management Challenges (Visual Studio Live, Las Vegas 2013)

Session 3c The SF SaaS Framework
Session 3c The SF SaaS FrameworkSession 3c The SF SaaS Framework
Session 3c The SF SaaS FrameworkCode Mastery
 
CTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricCTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricSpiffy
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Joris Poelmans
 
Expandindo seu Data Center com uma infraestrutura hibrida
Expandindo seu Data Center com uma infraestrutura hibridaExpandindo seu Data Center com uma infraestrutura hibrida
Expandindo seu Data Center com uma infraestrutura hibridaAlexandre Santos
 
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bO Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bBruce O'Dell
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with EverythingDave Hay
 
Build and Deploy LightSwitch Application on Windows Azure
Build and Deploy LightSwitch Application on Windows AzureBuild and Deploy LightSwitch Application on Windows Azure
Build and Deploy LightSwitch Application on Windows AzureK.Mohamed Faizal
 
Brewing Beer with Windows Azure - ASPConf
Brewing Beer with Windows Azure - ASPConfBrewing Beer with Windows Azure - ASPConf
Brewing Beer with Windows Azure - ASPConfMaarten Balliauw
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraMorgan Simonsen
 
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...Amazon Web Services
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsamitchachra
 
Skype for business mobility
Skype for business mobilitySkype for business mobility
Skype for business mobilityFabrizio Volpe
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Danny Jessee
 

Similaire à Using Windows Azure for Solving Identity Management Challenges (Visual Studio Live, Las Vegas 2013) (20)

Session 3c The SF SaaS Framework
Session 3c The SF SaaS FrameworkSession 3c The SF SaaS Framework
Session 3c The SF SaaS Framework
 
CTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricCTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App Fabric
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011
 
Expandindo seu Data Center com uma infraestrutura hibrida
Expandindo seu Data Center com uma infraestrutura hibridaExpandindo seu Data Center com uma infraestrutura hibrida
Expandindo seu Data Center com uma infraestrutura hibrida
 
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bO Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10b
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything
 
Build and Deploy LightSwitch Application on Windows Azure
Build and Deploy LightSwitch Application on Windows AzureBuild and Deploy LightSwitch Application on Windows Azure
Build and Deploy LightSwitch Application on Windows Azure
 
Brewing Beer with Windows Azure - ASPConf
Brewing Beer with Windows Azure - ASPConfBrewing Beer with Windows Azure - ASPConf
Brewing Beer with Windows Azure - ASPConf
 
Andy Malone - The new office 365 for it pro's
Andy Malone - The new office 365 for it pro'sAndy Malone - The new office 365 for it pro's
Andy Malone - The new office 365 for it pro's
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud Era
 
Net Services
Net ServicesNet Services
Net Services
 
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
 
Deep Dive: Hybrid Architectures
Deep Dive: Hybrid ArchitecturesDeep Dive: Hybrid Architectures
Deep Dive: Hybrid Architectures
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
 
Federation
FederationFederation
Federation
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfs
 
Demystifying identity on AWS
Demystifying identity on AWSDemystifying identity on AWS
Demystifying identity on AWS
 
Skype for business mobility
Skype for business mobilitySkype for business mobility
Skype for business mobility
 
Federation
FederationFederation
Federation
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010
 

Dernier

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Dernier (20)

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Using Windows Azure for Solving Identity Management Challenges (Visual Studio Live, Las Vegas 2013)

  • 1. Using Windows Azure for Solving Identity Management Challenges Michael S. Collier National Architect, Cloud Level: Intermediate
  • 2. About Me Michael S. Collier National Architect, Cloud michael.collier@neudesic.com @MichaelCollier www.MichaelSCollier.com http://www.slideshare.net/buckeye01
  • 3. Agenda • Identity Management Challenges • Access Control Services – Claims – Setup tips – Gotcha’s • Windows Azure Mobile Services – Quickly leverage social identities • Windows Azure Active Directory – What it is – Quick setup – Exploring the directory graph
  • 4. Who Are You? • Personalization • Business Rules • Functionality / Features
  • 5. Traditional Identity Management • Windows Integrated Authentication (Active Directory) • Membership Provider • Proven Approach • Leverage WIF? SQL AD My Enterprise
  • 6. Cloud? We Have a Problem • Multiple islands of identity • Environment not under our physical control • Disconnected from the enterprise (potentially)
  • 7. Options • Social Networks • Membership Provider – They change . . . Often – SQL Database – The right one? – Table Storage – Another? – Pros – More work! Mostly known entity Migrate existing data – Cons Microsoft Account User management Security leak New
  • 8. Windows Azure Access Control Service • No need to build your own identity management solution. • Authenticate (WIF – OAuth and WS-Federation) • Claims-based authorization • Multiple Identity Providers (ADFSv2, Google, Live ID, etc.) • Ability to bring your own via membership • One to rule them all! • Easy for your users Windows Azure icons courtesy of David Pallmann.
  • 9. Key ACS Concepts • Relying Party (RP): Web application that outsources authentication. The RP trusts that authority. The RP is your app. • Identity Provider (IP): Authenticates users and issues tokens • Token: Digitally signed security data issued after user authenticated. Used to gain access to the RP (your app). • Claim: Attributes about the authenticated user (age, birthdate, email address, name, etc.) • Federation Provider: Intermediary between the RP and IP. ACS is a Federation Provider. • STS: Simple Token Service – issues tokens containing claims. ACS is an STS
  • 10. Authentication Workflow Identity Access Browser Application Provider Control 1. Request Resource 2. Redirect to Identity Provider 4. Authenticate & 3. Login Issue Token 5. Redirect to AC service 7. Validate Token, Run Rules Engine, 6. Send Token to ACS Issue Token 8. Redirect to RP with ACS Token 10. Validate Token 9. Send ACS Token to Relying Party 11. Return resource representation Courtesy Windows Azure Boot Camp
  • 11. Claims Enrichment • Identity Providers only provide a few claims – Microsoft Account / Live ID provides just one (Name Identifier) – Facebook, Google and Yahoo! Provide at least three (email, name, named identifier) – ADFSv2 – http://msdn.microsoft.com/en- us/library/windowsazure/gg185971.aspx • Add more claims that are known to your application – ClaimsAuthenticationManager
  • 13. Recap 1. Create a new ASP.NET 4.5 Web Site a) Capture User.Identity.Name 2. Create a ACS namespace a) Portal b) Visual Studio tooling 3. Configure site using ‘Identity and Access’ tool in Visual Studio a) Provide ACS namespace and management password b) Enable desired Identity Providers (i.e. Google) c) Configure realm, reply to address, etc. 4. Optional: Add ClaimsAuthenticationManager 5. Run it
  • 14. Tips & Tricks • WIF relies on the web.config file • Problematic for staging deployments – don’t know the URL until deployed • Add logic to WebRole’s OnStart() to update the WIF settings in web.config – Read in configuration settings from .cscfg – Update and save the web.config – Changing .cscfg settings can cause a role recycle . . . causing web.confg to update
  • 15. Tips & Tricks • Staging vs. Production – WIF configuration in web.config – Staging URL unknown until deployment – Change WIF configuration in web.config during role startup See Vittorio Bertocci’s blog post at http://blogs.msdn.com/b/vbertocci/archive/2011/05/31/edit- and-apply-new-wif-s-config-settings-in-your-windows-azure-webrole-without-redeploying.aspx
  • 16. Tips & Tricks • Cookie Encryption – DPAPI used to protect cookies sent to the client. – DPAPI not supported in Windows Azure – Use RsaEncryptionCookieTransform to encrypt with same cert used for SSL.
  • 18. Tips & Tricks • Change request validation • Use ASP.NET 2 validation (<httpRuntime requestValidationMode=“2.0”/> • Custom validator
  • 19. Tips & Tricks <httpRuntime requestValidationType=“AccessControlRequestValidator" /> // Source: http://social.technet.microsoft.com/wiki/contents/articles/1725.windows-identity-foundation-wif-a-potentially-dangerous-request-form- value-was-detected-from-the-client-wresult-t-requestsecurityto.aspx
  • 20. Gotchas • Single sign-out not currently supported – Provide a sign-out link for the specific Identity Provider • Windows Azure co-admin cannot administer an ACS namespace – Add Live ID, WAAD, Google, etc. • WIF not installed on Windows Azure roles (.NET 3.5) – Microsoft.IdentityModel CopyLocal = true – Install WIF via a startup task (recommended)
  • 21. The Impact for Mobile Apps • Social Networks – Important – Users likely already have at least one – Quick and easy signup – Potential for rapid user base expansion • Multiple identity provider choices via Windows Azure Mobile Services
  • 22. Windows Azure Mobile Services DEMO
  • 23. Recap • Windows Azure Mobile Services app • Developer accounts for social networks – Microsoft Account – Facebook – Twitter – Google • Add key/secret to WAMS app • Prompt for user authentication await App.MobileService.LoginAsync (MobileServiceAuthenticationProvider.Twitter); • Optional – Live SDK to use SSO in Windows Store apps
  • 24. Windows Azure Active Directory • Extends AD into the cloud • Started as directory for Office365 • Provides single sign-on for cloud applications • Query-able social graph (native apps too) • Connect from any device and platform – RESTful access to the directory – XML/JSON request/response • Can sync or federate on-premises AD to cloud WAAD is in a Developer Preview status. ☺
  • 25. The Directory DirectReports MemberOf
  • 26. The Directory Windows Azure Active Directory Multi-tenant directory
  • 27. The Directory WAAD Tenant DirSync On-Premises Active Directory
  • 28. Getting Started • Organization ID – Office365 – Dev/Test Tenant http://aka.ms/WAADSignup <tenant>.onmicrosoft.com • Windows Azure Subscription • Microsoft ASP.NET Tools for Windows Azure Active Directory – Visual Studio 2012 – http://go.microsoft.com/fwlink/?LinkID=282306 • Office365 / Windows Azure Active Directory Management Cmdlets – http://aka.ms/aadposh
  • 29. Windows Azure Active Directory – Setup and Connect to WAAD DEMO
  • 30. Recap 1. Pre-reqs a) Windows Azure AD Powershell cmdlets b) Windows Azure AD tenant c) Visual Studio tools 2. Create new ASP.NET 4.5 web site 3. ‘Enable Windows Azure Authentication’ a) Under ‘Project’ menu in Visual Studio b) Authenticate with WAAD administrative account 4. Run
  • 31. Graph API • RESTful interface for Windows Azure AD – Compatible with OData V3 – Use latest WCF 5.3 update (API v0.9) – OAuth 2.0 for authentication • Programmatic access to the directory – DirectoryObject – User, Group, Role, Licenses, Tenant, etc. – Links – memberOf, directReports • Standard HTTP methods – GET, POST, PATCH, DELETE for directory objects – HTTP status codes
  • 32. Directory Permissions • The application has rights to the directory, not the authenticated user • Your application == service principal • Application Roles – Partner Tier1 Support – Partner Tier2 Support – Company Administrator – Helpdesk Administrator – Directory Readers – Directory Writers – Billing Administrator – Service Support Administrator – User Account Administrator
  • 33. Request GET https://graph.windows.net/michaelcollier.onmicrosoft.com/directoryObjects/$/Micro soft.WindowsAzure.ActiveDirectory.User()?%24filter=userPrincipalName+eq+%27mi chael%40michaelcollier.onmicrosoft.com%27&%24top=2&api-version=0.9 HTTP/1.1 User-Agent: Microsoft ADO.NET Data Services DataServiceVersion: 3.0;NetFx MaxDataServiceVersion: 3.0;NetFx Accept: application/atom+xml,application/xml Accept-Charset: UTF-8 DataServiceUrlConventions: KeyAsSegment Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1THdqcHd BSk9NOW4tQSJ9.eyJhdWQiOiIwMDAwMDAwMi0wMDAwLTAwMDAtYzAwMC0wMD AwMDAwMDAwMDAvZ3JhcGgud2luZG93cy5uZXRAMTEyNzExNTktYWJjOC00ZTBl LWIzYzItYzJhMDg1OGEwMzZiIiwiaXNzIjoiMDAwMDAwMDEtMDAwMC0wMDAwLWM wMDAtMDAwMDAw…… Host: graph.windows.net
  • 34. Response <?xml version="1.0" encoding="utf-8"?> <feed xml:base="https://graph.windows.net/michaelcollier.onmicrosoft.com/" xmlns="http://www.w3.org/2005/Atom" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:georss="http://www.georss.org/georss" xmlns:gml="http://www.opengis.net/gml"> <id>https://graph.windows.net/michaelcollier.onmicrosoft.com/directoryObjects/$/Microsoft.WindowsAzure.ActiveDirectory.User</id> <title type="text">Microsoft.WindowsAzure.ActiveDirectory.User</title> <updated>2013-03-21T00:58:34Z</updated> <link rel="self" title="Microsoft.WindowsAzure.ActiveDirectory.User" href="Microsoft.WindowsAzure.ActiveDirectory.User" /> <entry> <id>https://graph.windows.net/michaelcollier.onmicrosoft.com/directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6</id> <category term="Microsoft.WindowsAzure.ActiveDirectory.User" scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme" /> <link rel="edit" title="User" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/manager" type="application/atom+xml;type=entry" title="manager" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/manager" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/directReports" type="application/atom+xml;type=feed" title="directReports" href="directoryObjects/23dc9514-64ec-4c94-8f03- 4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/directReports" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/members" type="application/atom+xml;type=feed" title="members" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/members" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/memberOf" type="application/atom+xml;type=feed" title="memberOf" href="directoryObjects/23dc9514-64ec-4c94-8f03- 4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/memberOf" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/permissions" type="application/atom+xml;type=feed" title="permissions" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/permissions" />
  • 35. Response <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/edit-media/thumbnailPhoto" title="thumbnailPhoto" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/thumbnailPhoto" /> <m:action metadata="https://graph.windows.net/michaelcollier.onmicrosoft.com/$metadata#DirectoryDataService.assignLicense" title="assignLicense" target="https://graph.windows.net/michaelcollier.onmicrosoft.com/directoryObjects/23dc9514-64ec-4c94-8f03- 4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/assignLicense" /> <content type="application/xml"> <m:properties> <d:objectType>User</d:objectType> <d:objectId>23dc9514-64ec-4c94-8f03-4edf9016b2a6</d:objectId> <d:accountEnabled m:type="Edm.Boolean">true</d:accountEnabled> <d:assignedLicenses m:type="Collection(Microsoft.WindowsAzure.ActiveDirectory.AssignedLicense)" /> <d:assignedPlans m:type="Collection(Microsoft.WindowsAzure.ActiveDirectory.AssignedPlan)" /> <d:city m:null="true" /> <d:displayName>Michael Collier</d:displayName> <d:givenName>Michael</d:givenName> <d:mailNickname>michael</d:mailNickname> <d:mobile>+1 6142883146</d:mobile> <d:otherMails m:type="Collection(Edm.String)"> <d:element>michaelscollier@gmail.com</d:element> </d:otherMails> <d:userPrincipalName>michael@michaelcollier.onmicrosoft.com</d:userPrincipalName> </m:properties> </content> </entry> * Some elements removed for readability. </feed>
  • 36. Windows Azure Authentication Library (WAAL) • Simplifies authentication • Client-side only – Used to obtain an authentication token only; no token validation – Web apps/services or rich clients • Server-side token authentication – JSON Web Token Handler (JWT Handler) – Samples http://code.msdn.com Search “aal” Filter – Technology = Windows Azure Visual Studio Version = VS2012 (AAL > Windows Azure > Visual Studio 2012)
  • 37. Registering You App with WAAD • AppPrincipalId (ServicePrincipal) – identityConfiguration/audienceUris – system.identityModel.services/federationConfiguration /wsFederation • Read this blog post by Vittorio Bertocci – http://www.cloudidentity.com/blog/2013/01/22/group- amp-role-claims-use-the-graph-api-to-get-back- isinrole-and-authorize-in-windows-azure-ad-apps/
  • 38. Registering You App with WAAD Import-Module MSOnlineExtended -force # Connect to the WAAD tenant. Use tenant admin credentials (same used in the MVC VS2012 tools). <user>@<tenant>.onmicrosoft.com Connect-MsolService # The AppPrincipalId from the web.config $AppPrincipalId = '9a90ed83-acff-44d7-813f-d7e724fef1aa' # Get the Service Principal object $servicePrincipalId = (Get-MsolServicePrincipal -AppPrincipalId $AppPrincipalId) # Add the service principal to the appropriate role in WAAD. Add-MsolRoleMember -RoleMemberType "ServicePrincipal" -RoleName "User Account Administrator" - RoleMemberObjectId $servicePrincipalId.ObjectId # Dates for which the credential is valid (1 year) $timeNow = Get-Date $expiryTime = $timeNow.AddYears(1) #Generating the symmetric key $cryptoProvider = new-object System.Security.Cryptography.RNGCryptoServiceProvider $byteArr = new-object byte[] 32 $cryptoProvider.GetBytes($byteArr) $signingKey = [Convert]::ToBase64String($byteArr) Write-Output $signingKey | Out-File signingKey.txt # Create a new service principal credential, with the created key, and assign to the service principal. New-MsolServicePrincipalCredential -AppPrincipalId $AppPrincipalId -Type symmetric -StartDate $timeNow -EndDate $expiryTime -Usage Verify -Value $signingKey
  • 39. WAAD and Expense Application (Code Walkthrough) DEMO
  • 40. Going Further • Multitenant applications – Leverage identity from other WAAD tenants – http://www.windowsazure.com/en- us/develop/net/tutorials/multitenant-apps-for-active- directory/ • Phone 2FA – Additional administrative users – Username/pwd + text message code – ONLY for WAAD users and applications now • Configure as an Identity Provider in ACS
  • 41. Windows Azure Virtual Network Windows Azure Site-to-Site VPN Tunnel Currently in Preview Image courtesy of the Windows Azure Training Kit
  • 42. Summary • Traditional identity management in the cloud is hard – Many external islands of identity – Current technology hard or not interoperable • ACS provides standards-based approach – Integrates with Windows Identity Foundation – Claims-based authorization – Built-in support for ADFSv2, Google, Live ID, Yahoo!, & Facebook • Enrich functionality using WIF • Leverage Windows Azure Mobile Services for mobile apps • Windows Azure Active Directory shows the future direction
  • 43. Resources • Windows Azure ACS Guide – http://www.windowsazure.com/en-us/develop/net/how-to-guides/access- control/#config-trust • Programming Windows Identity Foundation, Vittorio Bertocci • CloudIdentity.com, Vittorio Bertocci’s blog • “Claims-Based Authorization with WIF”, Michele Bustamante – http://msdn.microsoft.com/en-us/magazine/ee335707.aspx • ACS Cheat Sheet - http://bit.ly/ACSCheatSheet • ACS How To’s - http://bit.ly/ACSHowTo • ACS Tips - http://bit.ly/HYhxjY • Publishing a ACS v2 Federated Identity Web Role - http://bit.ly/HPT6rk • MVC Sample App for Windows Azure Active Directory Graph – http://code.msdn.microsoft.com/Write-Sample-App-for-79e55502 • Windows Azure Active Directory Graph Team – http://blogs.msdn.com/b/aadgraphteam/
  • 45. Thank You!! Michael S. Collier National Architect, Cloud michael.collier@neudesic.com @MichaelCollier www.MichaelSCollier.com http://www.slideshare.net/buckeye01 Please fill out your session evals!