Skip to main content

Posts

Showing posts from November, 2011

MVC 3 and Azure ACS–Protect parts of the site

If you have worked with ADFS 2.0 or other claims based security models Azure’s Access Control Service (ACS) should not seem all the new to you. It is basically Azure’s hosted Secure Token Service (STS). Recently I have been building an MVC 3 application and did not want my application to be forums protected. My personal opinion is that no one wants to create one off logins on the web anymore. To solve this I decided to use MVC 3 with ACS. Adding ACS to your MVC 3 project is not very hard and is explained in a few blogs on the net (here is a good one). You basically just use Visual Studio’s “Add STS” functional like you would for any other STS. When you add the STS to your project it updates your web.config with information it needs for federation to work. By default it protects your entire website. This means you cannot even hit the login page without signing in. But what if I want unauthenticated people to read parts of my website, like the homepage? Well this is what I had to figure…

Windows Phone and HTTPS service calls

If you have been working with Windows Phone and trying to make HTTPS based calls to other services there are a couple things you will want to know. Since these HTTPS calls happen over a secure connection there are a few nuances you have to be aware of. Windows Phone is pretty touchy about HTTPS certificates. Normally on a web page you can just create a self-signed cert and either bypass the cert trust warning or install the cert in to the machines trusted CA list. However, Windows Phone does not have this flexibility. During development or test you probably are using a self-signed cert. If your Windows Phone app calls a HTTPS service using a self-signed cert you will get an error saying “service not found” or “remote server returned a error: not found.” This is because the call is causing a certificate error since the cert is not in the phones trusted cert tree. To solve this problem the emulator or device needs to install the certificate. To do this just navigate to the .cer file in …

Understanding Azure Marketplace event flow

In working with the sample projects in the the Azure SDK I wanted to make sure I understood how the Marketplace event flow was happening. If you do the tutorial in the Azure 1.4 it helps you connect an application so it can handle subscription events from the marketplace. There is a lot of code created for you though. Once I got it working I still did not really understand what the event flow was happening from the Marketplace to my application. The solution? Spend some time digging through all the code and application flow and create a nice little Visio to help visualize it. Below is the diagram I created. Hopefully, if you have used the tutorial this will help you understand how the components you created and configured actually get wired together.

Azure Access Control - ACS50000: There was an error issuing a token.

I have been playing with the Azure Access control solution and how to put an application into the Azure Marketplace SaaS offering. The first issue I ran into was getting ACS to work. I had developed a solution with Microsoft’s Active Directory Federation services 2.0 before some the concept was familiar to me. Even through the topic was familiar to me federation errors are often still a pain to resolve. The first thing you have to do is understand if the error is coming from the provider or client. In this case even though ACS is throwing the error the error is actually coming from the client as it is rejecting the token. It can be rejecting the token for a few reasons.1) The certificate thumbprint the website is looking to validate against does not match. Check the sites web.config trusted issuers section and make sure the thumbprint matches what ACS has. <issuerNameRegistrytype="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Ver…