![Page 1: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/1.jpg)
An introduction to .Net Services
Pedro Félix(pedrofelix em cc.isel.ipl.pt)
![Page 2: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/2.jpg)
.NET Services
• Set of services
– Service Bus (SB)
– Access Control Service (ACS)
• Running in the cloud
– Based on Windows Azure
• Providing
– SB : Service Addressability, Connectivity and Discoverability
– ACS : Service Access Control2
![Page 3: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/3.jpg)
A Motivating Scenario
CloudTrack
.
FabrikamContoso
Create/view issuesView/manage issues
3
• Issue Tracker web app.• Cloud-based• Multi-tenant
![Page 4: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/4.jpg)
Connectivity challenges
CloudTrack
.
Notify new issue
4
Fetch log data
FW, NAT, …FW, NAT, …
Create new issue
![Page 5: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/5.jpg)
Connectivity Challenges
• Addressability
– Private addresses and Network Address Translation (NAT)
– Dynamic addresses (e.g. ISP)
• Connectivity
– Firewalls
• Discoverability
5
![Page 6: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/6.jpg)
Service Bus Relay
6
FW, NAT, …
RegistryOutbound TCP connection
Relay
Query via HTTP + ATOM
Public Name
• Connectivity - public projection of private endpoints
• Addressability and discoverability
![Page 7: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/7.jpg)
Service Bus
• Naming
– Public namespace
– {scheme}://{solution}.servicebus.windows.net/{relpath}
• Registry
– Mapping between URIs and services
– Readable via HTTP+ATOM
• Connectivity and eventing
– Relaying between public (SB) and private endpoints7
![Page 8: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/8.jpg)
Demo
http://felixdemos.servicebus.windows.net/remix09
8
![Page 9: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/9.jpg)
Service Bus Security
9
FW, NAT, …ACS
Send Listen
• DMZ externalization
– Public endpoints hosted on the cloud
• Flexible Access Control with ACS
– Claims-based model
![Page 10: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/10.jpg)
Connectivity
10
FW, NAT, …
• WCF integration via transport binding elements
• Bidirectional (similar to NetTcpBinding)
• Request-reply (similar to *HttpBinding)
TCP TCP
HTTP
![Page 11: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/11.jpg)
Datagram multicast (pub-sub)
11
TCP TCP
• NetEventRelayBinding (oneway)
– Multiple opened service hosts on the same URI
– Multicast – message delivered to all listeners
– Support for HTTP pooling
CloudTrack
.
![Page 12: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/12.jpg)
Access Control Service
• Identity and access control
• Distributed systems
– Decentralized authority
– Heterogeneous technologies
• Claims-based model
• SB integration
12
![Page 13: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/13.jpg)
Identity and Authorization
credsContoso::
Alicewebapp::IssueView
Contoso::LeadDev
webapp::IssueMgr
13
![Page 14: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/14.jpg)
webapp (IssueTracker)
Centralized Solution
credsContoso::
Alicewebapp::IssueView
Contoso::LeadDev
webapp::IssueMgr
14
MembershipProvider
RoleProvider
IPrincipal.IsInRole(...)
![Page 15: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/15.jpg)
webapp (IssueTracker)
Decentralized Authority
credsContoso::
Alicewebapp::IssueView
Contoso::LeadDev
webapp::IssueMgr
15
Contoso Authority
![Page 16: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/16.jpg)
Contoso Identity Provider webapp
Decentralized Authority
credsContoso::
Alicewebapp::IssueView
Contoso::LeadDev
webapp::IssueMgr
16
IdentityDirectory
![Page 17: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/17.jpg)
Contoso webapp
Decision Enforcement
credsContoso::
Alicewebapp::IssueView
Contoso::LeadDev
webapp::IssueMgr
17
ServiceBus
webapp::SB.Listen
AuthorizationDecision
AuthorizationEnforcement
IdentityInformation
![Page 18: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/18.jpg)
webappAccess Control ServiceContoso
Access Control Service
credsContoso::LeadDev
Alice
webapp::IssueView
SBwebapp::SB.Listen
18
Identity Provider Authorization Decision
Authorization Enforcement
![Page 19: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/19.jpg)
Access Control Service
• Claims-based Identity and Access Control
• Claims transformer (“claims in, claims out”)
– Consumes claims from federated issuers
– Provides claims to applications and services
• Rule based issuance policy
– Rule: If has claim1 then output claim2
• Not an identity provider
– Does not manage user’s identities19
![Page 20: An introduction to .Net Services · An introduction to .Net Services Pedro Félix (pedrofelix em cc.isel.ipl.pt).NET Services •Set of services –Service Bus (SB) –Access Control](https://reader034.vdocuments.mx/reader034/viewer/2022042321/5f0af1067e708231d42e1861/html5/thumbnails/20.jpg)
Protocols and technologies
20
CloudTrack
.
WIF
Active DirectoryAccess Control
Service
CardSpace
LeadDevAlice
IssueView
ADFS v2
WS-*SAMLP
WS-*SAMLP
WS-* ?