Azure Authentication for Cloud Services

Similar Messages

• Authentication in Cloud Services

  Hi,
  I could not find good documentation on authentication for Cloud Services. I have a cloud service which I want to give access to just my organization. How do I achieve this?
  Thanks

  Please follow this link:
  http://www.asp.net/visual-studio/overview/2013/creating-web-projects-in-visual-studio#orgauthoptions
  Organizational account authentication options
  The Configure Authentication dialog gives you several options  for Azure Active Directory (Azure AD, which includes Office 365) or Windows Server  Active Directory (AD) account authentication:
  Cloud - Single Organization (Azure AD, or AD using
  directory integration with Azure AD)
  Cloud - Multi Organization (Azure AD, or AD using
  directory integration with Azure AD)
  On-Premises (AD)
  Frank

• SSL and custom domain configuration for cloud service

  Hi,
  I am doing custom domain mapping and SSL configuration for a cloud service web role. Another important aspect is Cloud service web role uses ADFS in between for authentication.
  I have custom domain mapped, SSL uploaded on cloud services Certificates
  tab in management portal, certificate .pfx and chaining certs .CER are added as below -
  <Certificate name="UATCert" thumbprint="A" thumbprintAlgorithm="sha1" />
  <Certificate name="Certificate1" thumbprint="B" thumbprintAlgorithm="sha1" />
  <Certificate name="Certificate2" thumbprint="C" thumbprintAlgorithm="sha1" />
  I see these certificates getting added properly to Azure cloud service web role instance VM.
  The problem is, when I access the custom domain,
  https://mysite.com/default.aspx in the browser ultimately after ADFS login I see
  https://cloudservice.cloudapp.net/default.aspx. My understanding is, cloudapp.net should not be seen in the browser to the client. Also I keep getting error of certificates stating "There is
  a problem with this website’s security certificate" when browser shows cloudapp.net url.
  How can I avoid display of cloudapp.net in browser and show only custom domain Url. Also how can I avoid this certificate error ?
  Thoughts? 
  http://sanganakauthority.blogspot.com/

  Hi kunal,
  Based what you described, I understand that you want to use the custom domain for cloud service web role and apply azure active directory authentication to the web role application.
  >>>The problem is, when I access the custom domain,
  https://mysite.com/default.aspx in the browser ultimately after ADFS login I see
  https://cloudservice.cloudapp.net/default.aspx. 
  As for above issue, I think you should make sure you have registered the web application in azure AD both "SIGN-ON URL" and "Reply URL" are
   https://mysite.com/default.aspx 
  >>>Also I keep getting error of certificates stating "There is a problem with this website’s security certificate" when browser shows cloudapp.net url.
  Try to upload a valid certificate (provided by CA) to cloud service for your custom domain.
  Best Regards,
  Fuxiang
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. <br/> Click <a
  href="http://support.microsoft.com/common/survey.aspx?showpage=1&scid=sw%3Ben%3B3559&theme=tech"> HERE</a> to participate the survey.

• How to configure Anti Malware for cloud Services

  Is there a way to enable Anti-malware monitoring of cloud service. With the latest release for enabling cloud service, should we still need to have power shell has start up for cloud Services and Power-shell will invoke XML template of anti malware.
  I could not be proper documentation of how to enable from Cloud Services solution perspective
  Here are the Some of the questions:
  Should i still need to have Power shell has startup and configure it for CSDEF file
  Where should i place xml template in cloud project, in the power shell, we need to give location of xml file, should xml file and power shell script should be @ same level i.e in the same directory
  If we enable Monitoring of Anti malware services for cloud services, we need to give storage account, is there a way where storage account pickup dynamically based on envrionment we are deploying. End of the day,I'm looking for automated way of setting
  Monitoring in Production and UAT envrionments
  Mahender

  hi Mahender,
  Thanks for your posting!
  For this issue, you could refer to this document and tutorials (Microsoft Antimalware Whitepaper ). And you need use the Azure Powershell (http://msdn.microsoft.com/en-us/library/azure/dn771718.aspx).
  Regards,
  Will
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• HT4436 Do you have to pay for cloud services?

  Do you pay for cloud services??

  No iCloud's services are free (5 GB storage for your data. Purchased music, movies, apps, books, TV shows and your Photo Stream don’t count against your free storage). If you need more storage capacity you have to pay for the additional space.
  See also: http://www.apple.com/icloud/features/ - Headline: Storage

• Server-side authentication for web services

  I was hoping to use Azure's server-side authentication for a HTML/JS web app. Some things are a bit unclear. For example, if a new user authenticates via Facebook, I want to create an associated record on the server-side and associate extra data with the
  user, irrespective of the service used to log in. If they log in again, I want the client to be able to get this extra data (eg preferences) from the server. On the back-end, I also want to be able to update particular fields of this record that the user cannot
  change themselves. I know how to go about this in a plain Node.js backend, but not sure how some of these basic things map to using Azure's services.

  Once the user logs in, you will have their information available to your server scripts. So one option is to use a custom API (or a Mobile Services Table) to insert/read/update the user data. You would protect this endpoint so that only logged-in users can
  access it, and then access the
  user object to obtain an ID an associate it in a table row. Lookups could be performed by similarly querying for the ID.
  In terms of some fields being restricted, you could remove these from the update request itself.
  Some pointers that might be helpful:
  http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-get-started-data/
  http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-call-custom-api/
  http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-authorize-users-in-scripts/

• How to get the Memory Utilization Data for Cloud Service

  Hi,
  We are planning to monitor the Performance of Cloud Services hosted onto Azure through VisualStudioOnline [TFS]. However, I couldn't find any performance metric for Memory utilization on individual Cloud Service.
  So please help how can we monitor Memory utilization on individual Cloud Service hosted through VSO.
  Thanks.
  Regards,
  Subhash Konduru
  Please remember to mark the replies as answers if they help and unmark them if they provide no help.

  If you are using the VSO then you can take a look at azure application insights which is a service hosted on azure which will help you to detect issues, solve problems and continuously improve your web applications.
  Read more about Application insights here - 
  http://azure.microsoft.com/en-us/documentation/articles/app-insights-get-started/
  https://msdn.microsoft.com/en-us/library/dn793604.aspx
  Bhushan | Blog |
  LinkedIn | Twitter

• SUP user authentication for web services

  Hi there.
  Has anyone in the comunity had any experience with building Web Service based Mobile Business Object (MBO) in SUP 1.5.2. We have built a mobile application for a blackberry device which consumes two ERP web services. The application deploys successfully and runs on the blackberry device just fine. However, untill now the user credentials needed to authenticate a consumer to a web service has been hard-coded into the mobile business object. This, from an accountability point of view, is not an acceptible model (i.e. all mobile users would be logging in to the ERP backend with 1 common user ID).
  Has anyone had any experience and could suggest an an alternative solution to this that would support accountability i.e. map SUP users to ERP users, trusted connections etc. and is this possible with SUP 1.5.2?
  S

  Actually, SUP 1.5.2 just provides the HTTP basic authentication for WS-MBO. It is enable that to create 'username' and 'password' on the WS-MBO as two input parameters. Thus, you can design your device app in SUP to prompt the dialog to accpet the username and password before you access your WS-MBO. Similar, if your web-service has input argument for username and password, you also can design a dialog like above.

• Kerberos authentication for Excel Services

  Hi,
  I am configuring Keberos for Excel Service Application and facing some issue. Things i have done so far:
  Configured web application to use Kerberos: Verified it from server authentication logs, klist and net mon that web application is using kerberos.
  Excel service Account: domain\ExcelSVA
  SQL server service account: domain\SQLSERV
  C2WTS account : domain\C2wts
   set spn on in using setspn - s sp/excelservices domain\ExcelSVA and delegated constarined authentication to domain\SQLSERV
  then setspn - s sp/c2wts domain\C2wts and delegated constrained authentication to domain\SQLSERV.
  C2WS account has impersonate identity ,logon as service and act as part of OS rights in app servers where excel and c2wt are running 
  Now when i try to refresh data i get error :The data connection uses Windows Authentication and user credentials could not be delegated.
  The following connections failed to refresh: SQLServername port, databasename
  http://technet.microsoft.com/en-us/library/ff487975.aspx
  First 3 errors don't apply to me since i cant see these errors in SP log files and my sharepoint and database servers are in same domain.
  For UPN, there is a email id assoisated with account that i am using and i have been using that email id to logon to other services in my company so UPN should be done too.
  The Excel Services service account must have Active Directory permissions to query the object. Now this got me confusing. Where do i actually
  give this? In sql server or AD? Which object does it need to query? The excel database in sql server. If it is so, then the permission needs to be granted on sql .
  Also this link http://social.msdn.microsoft.com/Forums/en-US/99a3cf4f-dabc-4ac9-9ea8-afa677199ffa/kerberos-and-excel-services?forum=sharepointgeneralprevious
  Microsoft solution described here is weired. I don't think sql server has c2wts or excel service application started on it. And from drop down list that is i don't know what is the solution talking of.
  Does any one have any idea if i am missing any delegation or any step?
  sachin

  Any idea??
  sachin

• User Authentication for Web Services

  Hi,
  I am developing a web services that resides in Intranet. Thus, would like to implement application layer of user authetication, i.e. to match the input user name and password against Database record through a web service logon() method. If authentication is passed, the client program is allowed to call subsequence web service methods, else exception needs to be thrown when calling subsequence methods.
  As understand that each method call to web services is treated seperately. Thus, how can we implement the authentication so that the client program only passes in the user name and password at once through logon() method, instead of perfoming the authentication for each method?
  Appreciate the advice. Thanks.

  Hi,
  But, I need to develop the web services logon method using WSDL which generated the LogonBindingImpl.java, instead of web services using EJB bean.
  Besides, the Web Service logon method (LogonBindingImpl.java) need to accept the input user name and password to check with the user name and password that stored in database table through the EJB bean. If checking successful, client program is allowed to invoke other WebServices method, else login failed exception need to be thrown when client calling other web services methods.
  Appreciate the advice here on how to achieve that. Thanks.

• Setting Basic Authentication for Web Service in WLS 6.1

  Hi,
  I am trying to set-up a Basic Username/Password authentication for a Web Service
  that is hosted in WLS 6.1.
  How do I go about doing that? Also once I get the username and password, how do
  I pass that info
  to the SOAP servlet to do the authentication? Can you give me some pointers on
  this?
  Thanks
  Madhu

  How do you want to do it? Through use of client.jar for the service or
  directly? Here is how I do it directly:
  String auth = "guest", pwd = "guest";
  URL url = new URL("http://localhost:7001");
  URL cmdURL = new URL(url.toString()+"/systemtest/TestWebService");
  HttpURLConnection conn = (HttpURLConnection) cmdURL.openConnection();
  String encAuth =
  new BASE64Encoder().encode((auth + ":" + pwd).getBytes());
  // BASE64Encode distributes long strings on multiple
  // lines; we don't like that, no siree
  int it = 0;
  while ((it = encAuth.indexOf('\n')) != -1
  || (it = encAuth.indexOf('\r')) != -1) {
  encAuth = encAuth.substring(0, it) +
  encAuth.substring(it + 1);
  conn.setRequestProperty("Authorization", "Basic " + encAuth);
  conn.setRequestProperty("Content-Type", "text/xml");
  conn.setRequestProperty("SOAPAction", cmdURL.toString());
  conn.setDoOutput(true);
  conn.setDoInput(true);
  conn.setUseCaches(false);
  OutputStream oStr = conn.getOutputStream();
  String cmd =
  "<?xml version=\"1.0\" ?>\n"
  + "<soap:Envelope xmlns:soap=\"http://schemas.xmls"
       + "oap.org/soap/envelope/\"><soap:Body>"
  + "<ping><arg0>false</arg0></ping>"
  + "</soap:Body></soap:Envelope>";
  oStr.write(cmd.getBytes());
  oStr.close();
  InputStream iStr = conn.getInputStream();
  byte[] buffer = new byte[1024];
  while (true) {
  int size = iStr.read(buffer);
  if (size == -1)
  break;
  System.out.println(new String(buffer, 0, size));
  ThorAAge

• Something going on with Azure Website and Cloud Service?

  Starting this morning, my website (WordPress) could not even load with Shared Plan. When I switch it to Basic plan it is running extremely slow (25s to load a page). This is a very low traffic site (100 page views/day). Even when there is only 1 connection
  it takes 25s to load. Also, just a few minutes ago, my cloud service app is getting "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed
  to respond xx.xxx.xx.xx:80" and my web app is down. We reboot the cloud service and the database VM and it is still showing the same error. All of our services are on the US West region.

  I managed to capture a few stack when it took long time.   It indicated waiting on mysql database.  Do replace {sitename} with your site name.   You might want to check cleardb status - see if anything
  stands out.
  https://{sitename}.scm.azurewebsites.net/vfs/data/DaaS/Reports/{sitename}/15-04-24/150424_0047257203/PHPProcessReportsAnalyzer/PHP-CGI-ProcessReport.htm
  https://{sitename}.scm.azurewebsites.net/vfs/data/DaaS/Reports/{sitename}/15-04-24/150424_0101200780/PHPProcessReportsAnalyzer/PHP-CGI-ProcessReport.htm
  Suwatch

• How to configure basic authentication for external services

  I have a BPM Project (11g) and within the composite I've added an external Web Service reference. This service uses basic authentication.
  I would like to deploy the composite with the username and password already configured.
  I have tried setting oracle.webservices.auth.username as a binding property and also as a property but neither seem to work. When the composite is deployed the basic authentication username is blank within Enterprise Manager.
  It also resets after updating it manually during subsequent releases.
  Any ideas?

  hi Mahender,
  Thanks for your posting!
  For this issue, you could refer to this document and tutorials (Microsoft Antimalware Whitepaper ). And you need use the Azure Powershell (http://msdn.microsoft.com/en-us/library/azure/dn771718.aspx).
  Regards,
  Will
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• HTTP Basic authentication for proxy service and its wsdl?

  Hello:
  For some reasons I needed to configure the HTTP basic authentication on a proxy service at OSB 11g. Everything was OK until I realized that, additionally to the authentication when calling the service, the OSB also asks for credentials when I try to get that proxy wsdl file.
  My requirements are to secure the proxy service when is called only, not when retrieving the wsdl.
  Is this possible to configure on OSB / WLS? How?
  Greetings!
  Edited by: user4483647 on 02-sep-2010 12:59
  Edited by: user4483647 on 02-sep-2010 13:25

  If I'm not wrong, Basic authentication is Transport level feature. So passing User/Password in SOAPHeader doesn't make sense. SOAP message can only be sent when you have a HTTP Connection open. During opening of HTTP connection User/Password is required for basic authentication.
  http://www.student.nada.kth.se/~d95-cro/j2eetutorial14/doc/Security7.html#wp156943
  Edited by: mneelapu on Apr 2, 2009 2:09 PM

• Basic Authentication for Web Services

  I have build Web Service according to the weblogic 6.1 examples
  successfully deploying the .ear file etc.
  Now I want to add security to the WebService uri.
  I have added a <web-resource-collection> tag to the web.xml file, but
  what should I put for the <url-pattern> ?
  Am I obliged to 'manually' add <servlet> tags to the web.xml file in
  order to add a security constraint to a WebService deployed thru a
  .ear ?
  Taking WebLogic's own statelessSession.Weather example, what is the
  minimum I need to add to the web.xml file to have basic authentication
  on the weatheruri ?
  Thanks,
  Adam

  Ok, now I'm confused.  Is this a Flex app (runs in the browser) or an AIR app?  This makes a difference because in the browser, Flash Player/Flex uses the browser's http mechanism for transport, while AIR implements it directly.  The original posted indicated some difference between Firefox and IE, which led me to believe it was a Flex browser app.  Difference between these two would make me think something was wrong with the server response, and the two browsers were passing it (the problem) back to Flash Player differently.
  Mark