Windows Azure Security Guidance – Focus on Identity and Access

  • Article

imageHot off the press: Windows Azure Security Guidance topic. We decided first to tackle things that are significantly different from security perspective in Windows Azure comparing to what we know in on-premises world. And that turned out to be scenarios related to identity – authentication and authorization. These are key scenarios, including graphics, that are covered in the topic:

  • ASP.NET Web Form Application with Federated Authentication. In this scenario you control access to your ASP.NET Web Forms app using either Internet identity such as Live ID / Microsoft Account or corporate identity managed in Windows Server Active Directory.
  • WCF (SOAP) Service with Federated Authentication. In this scenario you control access to your WCF (SOAP) service using Service Identities managed by Windows Azure AD Access Control.
  • WCF (SOAP) Service with Federated Authentication, Identities in Active Directory. In this scenario you control access to your WCF (SOAP) web service using identities managed by corporate Windows Server Active Directory.
  • WCF (REST) Service With Federated Authentication. In this scenario you control access to your WCF (REST) service using Service Identities managed by Windows Azure AD Access Control.
  • WCF (REST) Service With Live ID / Microsoft Account, Facebook, Google, Yahoo!, Open ID. In this scenario you control access to your WCF (REST) service using Internet identity such as Live ID / Microsoft Account.
  • ASP.NET Web App to REST WCF Service Using Shared SWT Token. In this scenario you have distributed application with front end ASP.NET web app and downstream REST service and you want to flow end user’s context through physical tiers.
  • imageRole-Based Access Control (RBAC) Authorization In Claims-Aware Applications and Services. In this scenario you want to implement authorization logic in your app based on roles.
  • Claims-Based Authorization In Claims-Aware Applications and Services. In this scenario you want to implement authorization logic in your app based on complex authorization rules.
  • Windows Azure Storage Service Identity and Access Scenarios. In this scenario you need to securely share access to Windows Azure storage blobs and containers.
  • Windows Azure SQL Database Identity and Access Scenarios. SQL Database supports only SQL Server Authentication. Windows Authentication (integrated security) is not supported. Users must provide credentials (login and password) every time they connect to SQL Database.
  • Windows Azure Service Bus Identity and Access Scenarios. In this scenario you need securely access Windows Azure Service Bus queues.
  • In-Memory Cache Identity and Access Scenarios. In this scenario you need to securely access data managed by in-memory cache.
  • Windows Azure Marketplace Identity and Access Scenarios. In this scenario you need to securely access Windows Azure Marketplace datasets.

Give it a try. Consider leaving comments and suggestions how to improve it in the comments section at the end of the topic or through this blog. Huge thank you goes to Mike Howard for the shout out, the man and the legend and the author of epic book Writing Secure Code. Mike is now principal architect in Cybersecurity team in the field continuing to fight a good fight in the trenches.