Thursday, October 4, 2012

SQL Azure and Entity Framework

Recently I was asked by a friend “How to deal the Transient Fault handling framework against SQL Azure while using Entity Framework?”. How really?

Here are a bunch of resources that describe in detail what the Transient faults are, how to deal with them, and in particular how to use the TFHF (Transient Fault Handling Framework) along with Entity Framework:

A concrete sample from the Windows Azure CAT (CAT states for Customer Advisory Team) team site:

// Define the order ID for the order we want.
int orderId = 43680;

// Create an EntityConnection.
EntityConnection conn = new EntityConnection("name=AdventureWorksEntities");

// Create a long-running context with the connection.
AdventureWorksEntities context = new AdventureWorksEntities(conn);

// Explicitly open the connection inside a retry-aware scope.
sqlAzureRetryPolicy.ExecuteAction(() =>
if (conn.State != ConnectionState.Open)

// Execute a query to return an order. Use a retry-aware scope for reliability.
SalesOrderHeader order = sqlAzureRetryPolicy.ExecuteAction<SalesOrderHeader>(() =>
return context.SalesOrderHeaders.Where("it.SalesOrderID = @orderId",
new ObjectParameter("orderId", orderId)).Execute(MergeOption.AppendOnly).First();

// Change the status of the order.
order.Status = 1;

// Delete the first item in the order.

// Save changes inside a retry-aware scope.
sqlAzureRetryPolicy.ExecuteAction(() => { context.SaveChanges(); });

SalesOrderDetail detail = new SalesOrderDetail
SalesOrderID = 1,
SalesOrderDetailID = 0,
OrderQty = 2,
ProductID = 750,
SpecialOfferID = 1,
UnitPrice = (
UnitPriceDiscount = 0,
LineTotal = 0,
rowguid =
ModifiedDate =


// Save changes again inside a retry-aware scope.
sqlAzureRetryPolicy.ExecuteAction(() => { context.SaveChanges(); });
// Explicitly dispose of the context and the connection.

Well, this is the raw source provided. To be hones, I would extract it / encapsulate in some more generalized way (for instance create some Extension methods to call for all CRUD operations; or even better – create my own DataService on top of the EF, so my code will never work with the bare boned EF context, but some contract instead.

Wednesday, October 3, 2012

SQL Azure Federations Talk at SQL Saturday 152 / Bulgaria

Last Saturday we had the first edition of SQL Saturday for Bulgaria – SQL Saturday 152. I submitted my talk in the early stages of event preparation. It is “An intro to SQL Azure Federations”. I rated it as “beginners”, as it is intended to put the grounds on scaling out with SQL Azure. However it turned out that the content is for at least level 300 technical talk, and the audience shall have foundations for SQL Azure to attend the talk. Anyway, I think it went smoothly and funny. You can find the slides here. And I hope to pack a GitHub project soon for the extensions on EF Code First I used to get data out from Federation Members and perform Fan-out Queries.

Already looking forward for the next appearance of SQL Saturday in Bulgaria.

Friday, June 8, 2012

Windows Azure v.Next–Azure Websites, Linux on Azure, Persistent VM and much more …

Building Cloud applications has never been easier! Ever! The recent news announced at MEET Windows Azure event just proved it! The most exciting, the most anticipating, the most wanted release of Windows Azure is now here! Check out the samples, get the tools and dive in the clouds!

Azure Websites

Did you want to run your Drupal site in Windows Azure? Or maybe your Joomla project, or the new Umbraco 5, don’t forget your small WordPress site. Now you can either built it from scratch, or just deploy it. How to deploy? Do you like Git, or FTP ? Whatever you like, whatever you are confortable with – Windows Azure Websites is the platform to run your site, be it small or large scale enterprise site! Here is just a screenshot showing you the sample gallery, where you can chose how to start your site, if you haven’t yet:

You say that Joomla runs on PHP and MySQL! You are correct, Windows Azure supports PHP for quite some time, actually (almost) since the beginning, but it is easier now. What about MySQL? Well have you heard of ClearDB? A company that have been providing database-as-a-service for MySQL based applications. Globally distributed, fault tolerant database as a service. They have been partnering with Microsoft to provide MySQL-as-a-service within the Windows Azure data centers. Well, ironically enough their site is down for the time I write this blog post. But, trust me, since the MySQL is running in Windows Azure, it will not be down Smile.
Oh, you have noticed – the Windows Azure Portal – reimagined! The whole portal now runs on HTML5 with METRO style interface. I have to admit that I like it much better than the old Silverlight based portal!

Persistent VM

It is not a replacement for Windows Azure VM Role, which still is stateless. It is a whole new feature, named Persistent VM. Having said that – it means, that all change you made to your VM after you deploy it to Windows Azure, will be reliably persisted across VM reboots, healings, recycling. How cool is that? Not only that, now with the Persistent VM feature, you would get a SLA for just 1 instance! What could you use that Persistent VM for? Just imagine – SQL Server, SharePoint, Linux …


What else you could do with Windows Azure now? You can, for example  run your Linux based VM! Yes, Linux on Azure! How cool is that, ah? Currently there are 4 distros you can chose from:
  • OpenSUSE 12.1
  • CentOS-6.2
  • Ubuntu 12.04
  • SUSE Linux Enterprise Server 11 SP2
But I am sure more will come soon!

Virtual Network

Connecting your own infrastructure to the cloud has never been easier. Windows Azure Virtual Network lets you configure network topology, including configuration of IP addresses, routing tables and security policies. It uses IPSEC protocol to provide a secure connection between your corporate VPN gateway and Windows Azure.
If I were you, I would go through the new Windows Azure Fact Sheet, go for the free trial to check out the Websites, and maybe even try the Linux VMs!
As a side note, something that is really on my head for quite a few years – finally we, in Bulgaria, will officially have Windows Azure!

Thursday, May 17, 2012

Secure your ASMX WebServices with SWT and Claims

I was recently involved into interesting project, that was using the plain old ASMX web services. We wanted to migrate it to the Windows Azure Access Control Service and make use of Claims.

The way we achieved that is to add additional Soap Header to the client requests that includes Simple Web Token (SWT). On the server side, we make a check for this specific header existence, then extract the token, perform some validation checks and inject a fresh new Claims Identity into the Service instance. One thing to look out for is that you have to think of a workaround, if your ASMX WebService is a Singleton object. My implementation works with non-singleton implementations. And I currently get my Simple Web Tokens from Windows Azure Access Control Service’s WRAP endpoint. I have configured a “Password” service identities and I play with the RuleGroups to add additional claims, based on identity used. It is pretty flexible!

The result is on … GitHub. I initially wanted to be on CodePlex, because I have other projects there and am more used to TFS style of working. But CodePlex’s TFS is down for quite some time, which was a good excuse to use GitHub. There is some explanations in the Readme.txt file, as well as comments in the code. So feel free to get the code, play around with it, ping me if it is not working for some reason, and so on!

The project makes extensive use of SWT Implementation, done by the Two10Degrees’ team. But I added a compiled assembly reference for convenience.

Wednesday, May 16, 2012

MEET Windows Azure on June the 7th

I’m following Windows Azure since its first public CTP at PDC’2008. It was amazing then, it is even more amazing now, and more exciting to come (I’m really, really excited!) …

Get ready to MEET Windows Azure live on June the 7th. Register to watch live (June the 7th 1PM PDT) here. Be informed by following the conversation @WindowsAzure, #MEETAzure, #WindowsAzure

And, if you want to be more social, register for the Social meet up on Twitter event, organized by fellow Azure MVP Magnus Martensson.

What I can tell you for sure, without breaking my NDA, is that you don’t want to miss that event!

See you there!

MEET Windows Azure Blog Relay:

Tuesday, May 1, 2012

Introduction to Claims

It is 21st century! We live in a digital world where we can do almost everything online. While you might think this is an amazing, let me ask you a question: How many online identities do you have? And here I don’t only mean your Google or FaceBook account. I mean every single username and password you had to ever create. I personally, have about 8 (eight!) that I actively use (including a digital signature), another 10 or even more that are used fairly rare and maybe over 20, which I had to create by some reason, and then abandon. For me, as a consumer this drives me crazy. Just couple a weeks ago, I rejected an invitation to the next business social networking site, from a person who I really trust, just because that new network did not offer me an option to use any of mine existing identities. They required from me to create another user name, another minimum 6 symbols password containing upper and lowercase characters and numbers. No thanks. I’m done with creating online identities!

As being a developer, I also know that the easiest way to go with a site, which offers some kind personalization, is to use my own authentication and authorization mechanism! But this thinking I have left behind me. I decided to step into the present (not even the future!) and pay attention to terms like Identity Provider, Claims, Trust, Relying party application, and similar. Fortunately for me, there is the Windows Azure Access Control Service (or just ACS) on the market, that really helps me build applications that respond to the needs of the customers. Combining the power of ACS with Windows Identity Foundation (or WIF) I can easily create applications that would offer the consumers, the option to use some of their existing online identities (such as Microsoft Live ID, Google, Yahoo, Facebook and others).

If you want to join me, let me first list out the terms which you will begin working with on a daily basis:

Take a closer look to the following sentence: “I claim that my name is Anton Staykov, and I can prove it by showing you my personal Identification card, issued by the Bulgarian Government”. It represents almost all the terms and objects you will work with, when working with ACS.

Claim – this is an assertion about an object issued by an Identity Provider. In the given sentence, the Claim is “Name” and it value is “Anton Staykov”

Identity Provider – an authority, which issues security tokes, that contain claims. Bulgarian or any Government is an Identity Provider, which issues Passports. And the passports are

Security Tokens – this is a digitally signed object, which contains claims. A Token may contain one or more claims.

And last, but not least, you, dear reader are the Relying Party to which I present my token that contains claims.

There is one more player on the scene, and it is the Federation Provider. This, in essence is an Identity provider. It stays as mediator between mine application and your Facebook identity. When I want to give you the chance of using your FaceBook account to identify in front of mine application, I don’t want to bother with implementation details, which might (or might not) be very different from the details I need to know when I give you the option to sign with your Live ID. In my application I have a piece of code, where I say – look, I only trust Tokens and Claims that come from that federation provider. And that very federation provider takes care of implementation details around FaceBook, Live ID, Google, OpenID, WS-Federation, etc. And not only it takes care of these details, but even more. If, one day I decide that I no longer trust Google as Identity Provider, I just uncheck a checkbox, do nothing in my code, and you will no longer be able to use your Google account to present yourself in front of mine application.

As some final words, I want to share with you details from some studies conducted amongst online users about their perceptions about online shopping experience.

· 3 out 4 online shoppers avoid creating new user accounts

· 76% of online shoppers admit to have given incomplete or wrong information when required to create new user account

· 24 % of online shoppers abandon the site, when it requires a registration

With this said, I hope I made you believe (at least a bit) that Claims is the way to identify online user. And if you happen to be a developer, I really hope I have lighted up a small fire, which will drive you to at least investigate a bit more about Claims and social sign-in.

Thursday, March 15, 2012

Windows Azure Basics (part 2 of n)–networking

In my previous post on Windows Azure Basics, I tried to introduce you the cloud computing concept and explain the Windows Azure Platform with not so technical terms. It is time now to get over the networking. What is happening behind the scenes? What we can or cannot (currently) use?
Lets first take a look at the following picture, which tries to show almost complete Windows Azure hosted service:

Here are the terms/abbreviations you see on the illustration:
  • LB – Load Balancer. It is the Windows Azure software Load Balancer, which routes the Internet traffic to and from your hosted service;
  • VIP – virtual IP address. This is the internet facing public IPv4 (currently) network address for your hosted service. You have to pay attention to it, as you only have one single internet facing IP address per hosted service;
  • DIP – direct IP address. This is an internal subnet IPv4 network address that each single instance of your roles has. You have one of these DIPs for every single instance, and there is only one per instance. This IP address in internal subnet and cannot be used to directly access a specific instance from outside the Windows Azure hosted service. You can, however use this address for internal communication between instances of your roles within the whole Windows Azure deployment (hosted service)t;
Any Windows Azure Hosted service is considered a closed environment, meaning that no Internet traffic is routed to your service, unless you explicitly say so (we will later understand how)! And not only that, but any single instance is considered a closed environment. That means two things:
  1. The LB (Load Balancer) will not route any Internet traffic to the instances of your roles;
  2. The Windows Firewall of all your instances is set to default block everything (Effectively blocking even communication between different instances in a single deployment);
Of course the hosted service can access the Internet.
Couple of words on protocols. Currently the Windows Azure hosted service only supports the TCP/IP stack of protocols. Meaning that you can only have TCP traffic to/from/within your instances. UDP is not currently supported (thus excluding  IPSec also). What about web roles? Well, web roles are using HTTP protocol, which essentially lives over TCP. HTPS is also supported, because it also relies on TCP/IP. I very often see questions on whether sending/receiving mails is supported in Windows Azure, and the answer is yes. Before all, SMTP, POP(3), IMAP protocol families are all stacked over TCP. So we can have everything within the TCP stack, and (yet) nothing on the UDP stack (no SMB, no IPSec, no RTMP, etc).
Now, how can we route the Internet traffic to our instances in Windows Azure. The platform introduces an entity called Endpoint.
Endpoint is a combination of protocol type + port number, which effectively expose your instance to the internet at the given port number. What about protocol types? Well, currently you can only choose from “tcp” and “http/https”. There are two kind of endpoints: Input Endpoint and Internal Endpoint.  While the Input Endpoint will expose your instance to the Internet, by routing all Internet traffic on selected port to your instance, the Internal Endpoint will only open communication between instances in a single deployment.
Side note: you maybe already noticed that I am using “instances” more often then “roles”. I hope that you’ve read my first post and already know the difference. The key difference is that the instance is the actual VM (Virtual Machine) where your code lives, while the Role only defines the “footprint” for what to be instantiated on the Virtual Machine.
The catch. There is always a catch, and the current one is on the constraints put on the Endpoints:
  • You can have a maximum of 25 Endpoints per hosted service (Input + Internal);
  • You define your endpoints by a Role! Meaning that two different roles cannot share a single Endpoint;
  • All your Endpoints within a Hosted Service must be unique. Meaning that you cannot have an Input Endpoint (i.e. “EndpointWeb") serving HTTP protocol on port 80 for one Role and have another Input Endpoint (i.e. EndpointWebMVC) serving again HTTP protocol on port 80 for another Role. Here I stress that we define Endpoints at Role level, so every instance of this role will have the endpoints defined;
Behind the scenes: When you add a Web Role in your cloud project, the Visual Studio Tools for Windows Azure automatically create an HTTP endpoint on port 80 for your WebRole. It is named “Endpoint1” (but this might change in the future). Having in mind last of the constraints, if you add a second WebRole to your cloud project, a new Endpoint (Endpoint2) will be automatically created with protocol HTTP and port 8080! So be aware of that fact and do not let it surprise you Winking smile
Something more on Windows Azure networking – the LB (Load Balancers) do not use sticky sessions. That means that every single request is routed on its own. So and end user can open a page on your website hitting Instance 0 of Web Role (check the illustration at the top), that page may create several AJAX requests and all AJAX request will go on their own route. Any of the requests may either hit Instance 0, but they may also Instance 1, and so on. That requires us to build a fully stateless applications. The application logic shall be fully operational and aware that some user’s requests may end up in one instance, other in other instances. So we have to always use a common storage (Azure Storage or SQL Azure or AppFabric Caching service) for all the data that needs to be persisted across user’s requests.
Remote Desktop? Yes, it is supported! Remote desktop operates on port 3389 over TCP protocol. Again the catch: Be aware that enabling a Remote Desktop for all your roles in your deployment (which just a checkbox), will automatically create an Input Endpoint for your service. This affects the total number of Endpoints per service (remember, it is 25)!.
What about sending mails, again? As I already wrote, the common mailing protocols are supported (SMTP, POP, IMAP), however Windows Azure does not provide a “Email-as-a-service” service. Luckily enough, a great collaboration was announced, and every Windows Azure subscription receives a complimentary free account on SendGrid with a limit of 10000 e-mails monthly (I think, this you can check Winking smile). So you can use the SendGrid service to send your application / service e-mails. You get it for free for the first 10k e-mails in the month. If your needs exceed this limit, you can upgrade your account for a very reasonable price!