Scott Guthrie has been announcing yesterday some really cool things about Windows Azure :

• Windows Azure Active Directory (WAAD) is now GA, which means it comes with all platform availablility constraints that other Windows Azure Services comply to; GREAT!
• Windows Azure Backup: enables you to backup your servers into the Cloud, and also restore them.
• IaaS default disk size increase: in some cases, having a lot of installed binaries on the VM default disk was getting things complicated, not anymore !

These updates are effective since Scott’s annoucement, so go ahead and use them now

Hello everyone,

My video demonstrating how to provide best secured way to log onto Windows Azure Websites using a QR Code is now online on Channel9, in the Web Camps Show.

Happy viewing

Microsoft is now adding Git support for Visual Studio and TFS, so that you can open, clone and commit projects directly with you preferred Git provider.

More details on the Channel9 video here;

Happy coding

I was working these days on deploying a few sites built on MVC4 Web API, using Entity Framework along with Spatial types (Geometry and Geopraphy types).

Everything was fine on my dev box, unless I started to deploy the solution on Azure.

Most of my WebAPIs calls were giving me a {“Message”:”An error has occurred.”}

That comes from a miss in the binaries coming along with your site once deploying it; just open your Nuget Package Manager interface, search for the “Microsoft.SqlServer.Types” package and add it to your site project.

Tada

Our session don on the Swiss Techdays on November 6th is now available on Channel 9 website.

You can find the video of the session here, and the slides here.

happy coding!

In quite some projects, I had to localize some SharePoint 2010 pages or WebPart resources, which custom code can handle pretty well.

But when it comes to localize titles of WebPart, SharePoint does actually not provide anything but a single string for any language.

I then built an abstract class named LocalizableWebPart, which with a few helper classes helps you set the WebPart title by editing it and changing the current site display language.

Here is the content of this class so that you can have a look:

public abstract class LocalizableTitleWebPart : WebPart
{
    [WebPartStorage(Storage = Storage.Shared)]
    public string LocalizedTitle { get; set; }

    private LangageContainer langContainer = null;

    protected string GetLocalizedProperty(LangageContainer container, string content)
    {
        if (container != null)
        {
            return container.GetOrInsertLanguage().EncodedLanguageContent;
        }
        else
        {
            container = LocalizationHelper.GetLanguagesContent(content);
            return container.GetOrInsertLanguage().EncodedLanguageContent;
        }
    }

    protected string SetLocalizedProperty(LangageContainer container, string content, string value)
    {
        container = LocalizationHelper.GetLanguagesContent(content);
        var lang = container.GetOrInsertLanguage();

        if (this.Page != null && this.Page.IsPostBack)
        {
            container.UpdateLanguage(lang.LanguageCode, value);
            return LangageContainer.Serialize(container);
        }
        return content;
    }

    public override string Title
    {
        get
        {
            return GetLocalizedProperty(langContainer, this.LocalizedTitle);
        }
        set
        {
            this.LocalizedTitle = SetLocalizedProperty(langContainer, this.LocalizedTitle, value);
        }
    }
}

What you can see in the code above is:

• one webpart property for all localized titles serialized as Xml (LocalizedTitle),
• Methods to get and set localized content from and to the serialized string containing the title.

You can find the code of this class and all required classes as a GitHub repo here:

https://github.com/JaYmZ666/localizableTitleWebPart

Happy coding!

Hi dear visitor,

This year Microsoft Techdays will be held at Conrès Beaulieu in Lausanne, on the 6th and 7th of November.

Yves Peneveyre and myself will be presenting a topic around SharePoint 2013 (in French )

As I will be available between sessions on the CTP booth, please feel free to come and visit us, and ask questions about our work and Windows Azure for example

See you there!

In this article series, I am going to address how to create you own custom Security Token Service (STS) to authenticate your users using claims, and using it through ACS to offer more  Identity Providers to your Azure app.

This article series is composed of:

1. Build you STS as a Web App (and not a Website)
2. Create and configure your certificates in your STS
3. Understand the FederationMetadata.xml file
4. Use your STS in the cloud through ACS
5. Put your web app + your STS in Windows Azure ← You are here!

5. Put your web app + your STS in Windows Azure

Now that the solution is configured to use ACS, let’s deploy and configure your web app + your STS in Azure.

As a first step, of course you will first need to create your STS as a Windows Azure Cloud Service (but not uploading it!), e.g. mystsdemo.cloudapp.net as part of my FederationMetadata.xml example.

I will not have this process described, there is plenty of examples over the web on how to publish your Cloud service.

Second step is to upload referring certificates onto the defined Cloud service. This is the point that would stop you from uploading your package (your package deployment would be stopped, as referred certificates have to be added to the role BEFORE uploading it).

Here is a screenshot of where to add those certificates in the Windows Azure new portal:

For the SSL certificate, portal will ask you to provide the private key password in order to properly import it.

Third step is to load the package into your Cloud service, to make it available to your website or to your ACS namespace to proxy it behind a multiple identity tenant.

Done with part 5, you are now the owner of a great STS !

In this article series, I am going to address how to create you own custom Security Token Service (STS) to authenticate your users using claims, and using it through ACS to offer more Identity Providers to your Azure app.

This article series is composed of:

1. Build you STS as a Web App (and not a Website)
2. Create and configure your certificates in your STS
3. Understand the FederationMetadata.xml file
4. Use your STS in the cloud through ACS ← You are here!
5. Put your web app + your STS in Windows Azure

4. Use your STS in the cloud through ACS

Now that the FederationMetadata.xml file is set, we need to  link our STS with ACS, so that ACS can transfert users to the new STS and also decrypt tokens coming from it.

The idea here is to set your STS Identity Provider behind ACS, so that your web apps have only to trust ACS as an IdP, which will then take care of transforming your STS IdP tokens (along with OOB IdPs such as Live ID or Google account) and send it to your app.

Here is a small schema that illustrate the role of ACS in that particular case:

Again, the great thing a bout this is that you will just need to set your STS once in ACS, and then map it to one or multiple sites; it is also great because you will be able to benefit it, but also provide OOB Identity providers at the same time, which will make your ACS namespace very useful for multiple identity stores trust.

Step 1: setting your STS as an IdP in ACS:

Open your ACS namesapce , go ahead to Identity Provider and select “Add”; once done, select AFDS, as the STS we built is generating Claim based tokens:

Now we are on the screen configuring your STS; you need here to either upload the FederatioMetadata.xml file you built or to point to it using the URL field.

This is where ACS will build its trust of tokens signed with your STS public key will happen; after this, your STS will be able to send back toekns to ACS which will then redirect user into your site.

Please refer to the screenshot below to set other values:

Step 2: setting your web site in ACS (a.k.a. Relying Party):

Now let’s set your website to be known by ACS, so that ACS will let your site call him asking for Tokens.

This step does 2 things:

1. Allowing your site to receive Tokens from ACS (this is to avoid any website would like to get tokens from your service),
2. Settings which Identity Providers your site will be able to use upon login request (like Facebook, Live ID, your own…).

To do so, go tin tthe ACS portal section named “Relying Party applications” and select add to create a new one.

Once in Please set the info of your site in there:

Please have a look at Red highlighted boxes on this screenshot, reflecting important parameters:

• Realm: this is the root of your website you will have to specify that SCS will check when being aksed to process for auth fora specific site; if the site requesting does not have the right Realm, its will not be able to get anything from ACS.
• Return URL: once your user will be through ACS, authenticated in one IdP and coming back to your site, this is where ACS will post the token; the “validateToken.aspx” page has a scpecial code to to this validation and log the user with received claims.
• Identity Providers: using the Realm url, this is how ACS will know which Identity Providers it should propose to a user trying to authenticate from your website; this way, you can have a different mapping of Identity Providers available to each of your Relying Party applications.
• Rule Groups: here we will leave the config to create a new Rule Group; by default, ACS will look at all selected IdPs, and will map them into “pass-through claims” that just maps claims found in selected IdPs into what ACS will expose to your Relying Party app.

Step 3: uploading your Encryption certs (if needed):

Here we will upload certificates used for Token encryption sent from your STS to ACS (so that ACS will be able to open it).

As per code given example earlier, your don’t need to set Encryption from your STS, as Token Signing is already in place; but still having more security here really doesn’t hurt

Let’s go to the Certificates and Keys section, and click “Add” on the Token Encryption part:

Then, select the Relying party you want this certificate to use, and then upload the cert used to encrypt tokens in your STS:

Ok now we are done with ACS setup and your STS, next step: put your web app into Windows Azure!