Thursday, April 4, 2013

Identity Federation and Sign-Out

We live in 21st century, don’t we! I am a firm believer that from now on no user shall ever create a new username/password combination again. Ever! There are already enough existing online identity providers – such as Google, Yahoo, Facebook, Microsoft Account (formerly know as Live ID), Office365, OpenId, Twitter, LinkedIn, national identity providers such as NemID in Denmark, and so on, and so on.

I do believe that every single internet user has profile with at least one of these Identity Providers. And if you, dear reader, do not have any existing online profile, please do leave a comment, but be honest!

All of the developers, architects, decision makers, by all means we shall respect this fact!

I do respect it. In every single project I face I do my best to convince decision makers that it is always better to respect users and give them opportunity to use an existing online identity when there is a need to protect some parts of the application we develop. And way I do it, is by evangelizing Windows Azure Access Control Service, which is now part of Windows Azure Active Directory. I’ve written a number of articles on that subject (Introduction to Claims, Securing ASMX web services with Claims and SWT tokens, Online Identity Management via Windows Azure ACS, Unified Identity for Web Apps – the easy wayCreating custom login page for Federated Authentication with Windows Azure ACS)  and yet I see people unaware of such service and do want to implement their own ASP.NET Membership Provider.

I also see people willing to embrace the service. They go their way through the Identity and Access Tool for Visual Studio 2012 and create their first web application with federated login. While the tool is great in its core – by doing what it is supposed to do, it yet hides a lot of process information and does not give you a complete log of what it did. There is one very neat option – create a local Controller with custom Login View:

While this option is great, it misses one very core feature – the log off feature! So you happily created your federated sign in, configured Identity Providers, etc. Now you login to test. Next you click the default [log off] link in your web app. And … you are still logged in! What the hack? You will ask.

Well, when using Federated Log-in, we also have to use a Federated Log-Off (or Sign Out). For this, we have to edit our default log-off method and add one single line. Imagine the default Log Off method looks like:

[HttpPost] 
[ValidateAntiForgeryToken] 
public ActionResult LogOff() 
{ 
    WebSecurity.Logout(); 
    return RedirectToAction("Index", "Home"); 
}

We only have to add:

    FederatedAuthentication.WSFederationAuthenticationModule.SignOut();

So the final Log Off will be like this:

[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult LogOff()
{
    WebSecurity.Logout();
    FederatedAuthentication.WSFederationAuthenticationModule.SignOut();
    return RedirectToAction("Index", "Home");
}

And voliah! We are done. Now we can also successfully log off the web application. Note that FederatedAuthentication type is part of the System.IdentityModel.Services assembly and you must add a reference to it.


Couple of things to pay attention to and remember:



  • Identity And Access menu item (result of Identity and Access tool installation) will only be visible for web projects targeting 4.5 Framework!
  • You have to reference System.IdentityModel.XX (4.0.0.0) assemblies and not Microsoft.IdentityModel.XX (3.5.0.0) assemblies in your project. Failing to do so, you may see unexpected behavior and even errors and failures. Very often if you upgrade your project from .NET Framework prior 4.5 to .NET Framework 4.5 there are references left to Microsoft.IdentityModel.XX – remove them explicitly!
  • Do respect your users’ existing online identities! The users will respect you, too!
Posted by Anton Staykov at 09:28 0 comments
Labels: ,

Wednesday, April 3, 2013

A journey with Windows Azure Media Services–Smooth Streaming, HLS

Back in January Scott Gu announced the official release of Windows Azure Media Services. It is amazing platform that was out in the wild (as a CTP, or Community Technology Preview) for less then an year. Before it was RTW, I created a small project to demo out its functionality. The source code is public on GitHub and the live site is public on Azure Web Sites. I actually linked my GitHub repo with the Website on Azure so that every time I push to the Master branch, I got a new deployment on the WebSite. Pretty neat!

At its current state Windows Azure Media Services  does support the VOD (or Video On Demand) scenario only. Meaning that you can upload your content (also known as ingest), convert it into various formats, and deliver to audience on demand. What you cannot currently do is publish Live Streaming – i.e. from your Web Cam, or from your Studio.

This blog post will provide no direct code samples. Rather then code samples, my aim is to outline the valid workflows for achieving different goals. For code samples you can take a look at the official getting started guide, my code with web project, or the MediaServicesCommandLineTools project on GitHub, which I also contribute to.

With the current proposition from Azure Media Services you can encode your media assets into ISO-MP4 / H.264 (AVC) video with AAC-LC Audio, Smooth Streaming format to deliver greatest experience to your users, or even to Apple HTTP Live Streaming format (or just HLS). Everything from the comfort of your chair at home or in the office. Without the big overspend in expensive hardware. Getting the results however may be tricky sometime, and the platform does not help you with very detailed error messages (which I hope will change in the very near future).

You can achieve different tasks (goals) in different ways sometime. Windows Azure Media Services currently works with 4 Media Processors:

  • Windows Azure Media Encryptor
  • Windows Azure Media Encoder
  • Windows Azure Media Packager
  • Storage Decryption

When you want to complete some task you always provide a task preset and a media processor which will complete the given task. It is really important to pay attention to this detail, because giving a task preset to the wrong processor will end up in error and task failure.

So, how to get (create/encode to) a Smooth Streaming Content?

Given we have an MP4 video source - H.264 (AVC) Video Codec + AAC-LC Audio Codec. The best will be if we have multiple MP4 files representing same content but with different bitrates. Now we can use the Windows Azure Media Packager and the MP4 To Smooth Streams task preset.

If we don’t have MP4 source, but we have any other supported import format (unfortunately MOV is not a supported format), we can use Windows Azure Media Encoder to transcode our media into either an MP4 (H.264) single file, or directly into Smooth Streaming Source. Here is a full list of a short-named task presets that can be used with Windows Azure Media Encoder. To directly create a Smooth Streaming asset, we can use any of the VC1 Smooth Streaming XXX task presets, or any of the H264 Smooth Streaming XXX task presets. That will generate a Smooth Streaming asset encoded with either VC-1 Video profile, or H.264(AVC) Video Codec.

OK, how about Apple HTTP Live Streaming (or HLS)?

Well, Apple HLS is similar to Smooth Streaming. However, there is a small detail, it only supports H.264 Video codec! The most standard way of creating Apple HLS asset is by using Windows Azure Media Packager and the XML task preset for “Convert Smooth Streams to Apple HTTP Live Streams”. Please take a note on the media processor – it is the Windows Azure Media Packager. This also will accept an input asset to be valid Smooth Streaming Asset encoded with H.264 (AVC) video codec! Do not forget that you could have created Smooth Streams with VC-1 Video Profile codec, which are totally valid and running Smooth Streams, but they will fail to convert to Apple HTTP Live Streams.

Hm, can’t we get all-in-one?

I mean, can’t I have a single media asset and deliver either Apple HTTP Live Streams or Smooth Streams, depending on my client? Sure we can. However this is CPU intensive process. It is called “dynamic packaging”. The source must be a multi-bitrate MP4 asset. This one consists of multiple MP4 files of same content with different bitrates. And it requires an on-demand streaming reserved units from Media Services. You can read more about dynamic packaging here.

Posted by Anton Staykov at 14:05 0 comments
Labels: ,

Thursday, October 4, 2012

SQL Azure and Entity Framework

Recently I was asked by a friend “How to deal the Transient Fault handling framework against SQL Azure while using Entity Framework?”. How really?

Here are a bunch of resources that describe in detail what the Transient faults are, how to deal with them, and in particular how to use the TFHF (Transient Fault Handling Framework) along with Entity Framework:

http://blogs.msdn.com/b/appfabriccat/archive/2010/12/11/sql-azure-and-entity-framework-connection-fault-handling.aspx

http://blogs.msdn.com/b/appfabriccat/archive/2010/10/28/best-practices-for-handling-transient-conditions-in-sql-azure-client-applications.aspx

http://windowsazurecat.com/2010/10/best-practices-for-handling-transient-conditions-in-sql-azure-client-applications/

A concrete sample from the Windows Azure CAT (CAT states for Customer Advisory Team) team site:

// Define the order ID for the order we want.
int orderId = 43680;

// Create an EntityConnection.
EntityConnection conn = new EntityConnection("name=AdventureWorksEntities");

// Create a long-running context with the connection.
AdventureWorksEntities context = new AdventureWorksEntities(conn);

try
{
    // Explicitly open the connection inside a retry-aware scope.
    sqlAzureRetryPolicy.ExecuteAction(() =>
    {
        if (conn.State != ConnectionState.Open)
        {
            conn.Open();
        }
    });

    // Execute a query to return an order. Use a retry-aware scope for reliability.
    SalesOrderHeader order = sqlAzureRetryPolicy.ExecuteAction<SalesOrderHeader>(() =>
    {
        return context.SalesOrderHeaders.Where("it.SalesOrderID = @orderId",
                new ObjectParameter("orderId", orderId)).Execute(MergeOption.AppendOnly).First();
    });

    // Change the status of the order.
    order.Status = 1;

    // Delete the first item in the order.
    context.DeleteObject(order.SalesOrderDetails.First());

    // Save changes inside a retry-aware scope.
    sqlAzureRetryPolicy.ExecuteAction(() => { context.SaveChanges(); });

    SalesOrderDetail detail = new SalesOrderDetail
    {
        SalesOrderID = 1,
        SalesOrderDetailID = 0,
        OrderQty = 2,
        ProductID = 750,
        SpecialOfferID = 1,
        UnitPrice = (decimal)2171.2942,
        UnitPriceDiscount = 0,
        LineTotal = 0,
        rowguid = Guid.NewGuid(),
        ModifiedDate = DateTime.Now
    };

    order.SalesOrderDetails.Add(detail);

    // Save changes again inside a retry-aware scope.
    sqlAzureRetryPolicy.ExecuteAction(() => { context.SaveChanges(); });
}
finally
{
    // Explicitly dispose of the context and the connection.
    context.Dispose();
    conn.Dispose();
}

Well, this is the raw source provided. To be hones, I would extract it / encapsulate in some more generalized way (for instance create some Extension methods to call for all CRUD operations; or even better – create my own DataService on top of the EF, so my code will never work with the bare boned EF context, but some contract instead.

Posted by Anton Staykov at 22:02 1 comments
Labels: , ,

Wednesday, October 3, 2012

SQL Azure Federations Talk at SQL Saturday 152 / Bulgaria

Last Saturday we had the first edition of SQL Saturday for Bulgaria – SQL Saturday 152. I submitted my talk in the early stages of event preparation. It is “An intro to SQL Azure Federations”. I rated it as “beginners”, as it is intended to put the grounds on scaling out with SQL Azure. However it turned out that the content is for at least level 300 technical talk, and the audience shall have foundations for SQL Azure to attend the talk. Anyway, I think it went smoothly and funny. You can find the slides here. And I hope to pack a GitHub project soon for the extensions on EF Code First I used to get data out from Federation Members and perform Fan-out Queries.

Already looking forward for the next appearance of SQL Saturday in Bulgaria.

Posted by Anton Staykov at 21:52 0 comments
Labels:

Friday, June 8, 2012

Windows Azure v.Next–Azure Websites, Linux on Azure, Persistent VM and much more …

Building Cloud applications has never been easier! Ever! The recent news announced at MEET Windows Azure event just proved it! The most exciting, the most anticipating, the most wanted release of Windows Azure is now here! Check out the samples, get the tools and dive in the clouds!

Azure Websites

Did you want to run your Drupal site in Windows Azure? Or maybe your Joomla project, or the new Umbraco 5, don’t forget your small WordPress site. Now you can either built it from scratch, or just deploy it. How to deploy? Do you like Git, or FTP ? Whatever you like, whatever you are confortable with – Windows Azure Websites is the platform to run your site, be it small or large scale enterprise site! Here is just a screenshot showing you the sample gallery, where you can chose how to start your site, if you haven’t yet:

You say that Joomla runs on PHP and MySQL! You are correct, Windows Azure supports PHP for quite some time, actually (almost) since the beginning, but it is easier now. What about MySQL? Well have you heard of ClearDB? A company that have been providing database-as-a-service for MySQL based applications. Globally distributed, fault tolerant database as a service. They have been partnering with Microsoft to provide MySQL-as-a-service within the Windows Azure data centers. Well, ironically enough their site is down for the time I write this blog post. But, trust me, since the MySQL is running in Windows Azure, it will not be down Smile.
Oh, you have noticed – the Windows Azure Portal – reimagined! The whole portal now runs on HTML5 with METRO style interface. I have to admit that I like it much better than the old Silverlight based portal!

Persistent VM

It is not a replacement for Windows Azure VM Role, which still is stateless. It is a whole new feature, named Persistent VM. Having said that – it means, that all change you made to your VM after you deploy it to Windows Azure, will be reliably persisted across VM reboots, healings, recycling. How cool is that? Not only that, now with the Persistent VM feature, you would get a SLA for just 1 instance! What could you use that Persistent VM for? Just imagine – SQL Server, SharePoint, Linux …

Linux

What else you could do with Windows Azure now? You can, for example  run your Linux based VM! Yes, Linux on Azure! How cool is that, ah? Currently there are 4 distros you can chose from:
  • OpenSUSE 12.1
  • CentOS-6.2
  • Ubuntu 12.04
  • SUSE Linux Enterprise Server 11 SP2
But I am sure more will come soon!

Virtual Network

Connecting your own infrastructure to the cloud has never been easier. Windows Azure Virtual Network lets you configure network topology, including configuration of IP addresses, routing tables and security policies. It uses IPSEC protocol to provide a secure connection between your corporate VPN gateway and Windows Azure.
If I were you, I would go through the new Windows Azure Fact Sheet, go for the free trial to check out the Websites, and maybe even try the Linux VMs!
As a side note, something that is really on my head for quite a few years – finally we, in Bulgaria, will officially have Windows Azure!
Posted by Anton Staykov at 03:00 3 comments
Labels: , , , , ,
Subscribe to: Posts (Atom)