How to add security for Azure Cloud Service?

Hi,
We have build some API's in azure cloud service.
We want to add security for Azure Cloud Service.
How to add security for Azure Cloud Service?

Hi Santhosh,
You may add security for your API's by using:
Mutual certificate authentication
Using OAuth 2.0
Manage developer accounts
Regards,
Manu Rekhar

Similar Messages

  • Can a Worker Role process call Antimalware for Azure Cloud Services programmatically?

    I'm trying to find a solution that I can use to perform virus scanning on files that have been uploaded to Azure blob storage.  I wanted to know if it is possible to copy the file to local storage on a Worker Role instance, call Antimalware for Azure
    Cloud Services to perform the scan on that specific file, and then depending on whether the file is clean, process the file accordingly.  If the Worker Role cannot call the scan programmatically, is there a definitive way to check if a file has been scanned
    and whether it is clean or not once it has been copied to local storage (I don't know if the service does a real-time scan when new files are added, or only runs on a schedule)?  

    Hi,
    I would suggest you have a look at this article:
    http://azure.microsoft.com/blog/2014/10/30/microsoft-antimalware-for-azure-cloud-services-and-virtual-machines/, please note the Microsoft Antimalware Client and Service is not installed by default in cloud service, please try to use the PowerShell
    cmdlet, Set-AzureServiceAntimalwareExtension to enable antimalware in your cloud service. Here's some more info:http://msdn.microsoft.com/en-us/library/azure/dn771718.aspx
    Best Regards,
    Jambor
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • Is it possible to do Continuous deployment for azure cloud services(website,web and worker roles) using VSO Release management?

    Hi,
    I am trying to do continuous deployment using visual studio online and release management for Azure cloud services. But not able to find the way to do it(with the help of different blogs, those are describing using VM only).
    I tried using Release management visual studio extension also. But no Luck.
    Please help me if it is possible to do continuous deployment using release management.
    Thanks,
    Phani

    Hi,
     Please refer to the following Forum Thread with similar question which has been answered. Let us know if this helps.
     https://social.msdn.microsoft.com/Forums/en-US/9d8322f6-36e5-4cca-a982-d420d34d2072/realease-management-deployment-to-azure-websites-webworker-roles?forum=tfsbuild
    Regards,
    Nithin Rathnakar

  • Is there a list of best practices for Azure Cloud Services?

    Hi all;
    I was talking with a Sql Server expert today and learned that Azure Sql Server can take up to a minute to respond to a query that normally takes a fraction of a second. This is one of those things where it's really valuable to learn it when architecting as
    opposed to when we go live.
    Cloud Services are not Sql Server (obviously) but that led to the question - Is there a list of best practices for Azure Cloud Services? If so, what are they?
    We will be placing the cloud services in multiple datacenters and using traffic manager to point people to the right one. The cloud service will set between an IMAP client & server, pretending to be the mail client to the server, and the server to the client.
    Mostly it will pass all requests & responses across from one to the other.
    thanks - dave
    What we did for the last 6 months -
    Made the world's coolest reporting & docgen system even more amazing

    hi dave,
    >>Cloud Services are not Sql Server (obviously) but that led to the question - Is there a list of best practices for Azure Cloud Services? If so, what are they?
    For this issue, I have collected some blogs and document about best practices for azure cloud service, you can view them, but I am not sure they are your need.
    http://msdn.microsoft.com/en-us/library/azure/xx130451.aspx
    http://gauravmantri.com/2013/01/11/some-best-practices-for-building-windows-azure-cloud-applications/
    http://www.hanselman.com/blog/CloudPowerHowToScaleAzureWebsitesGloballyWithTrafficManager.aspx
    http://msdn.microsoft.com/en-us/library/azure/jj717232.aspxhttp://azure.microsoft.com/en-us/documentation/articles/best-practices-performance/
    >>The cloud service will set between an IMAP client & server, pretending to be the mail client to the server, and the server to the client. Mostly it will pass all requests & responses across from one to the other.
    For your scenarioes, If you'd like to communicate with each instances, I recommend you refer to this document (
    http://msdn.microsoft.com/en-us/library/azure/hh180158.aspx ). And generally, if we want connect the client to server on Azure, the service bus is a good choice (http://azure.microsoft.com/en-us/documentation/articles/cloud-services-dotnet-multi-tier-app-using-service-bus-queues/
    If I misunderstood, please let me know.
    Regards,
    Will
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • How to add security for webservice invoke

    Hi All,
    Please let me know how to invoke the webservice in BPEL process with security details.
    Thanks,
    Suresh

    Hi Santhosh,
    You may add security for your API's by using:
    Mutual certificate authentication
    Using OAuth 2.0
    Manage developer accounts
    Regards,
    Manu Rekhar

  • Office 2013 - How to Add Dropbox as a Cloud Service

    Office 2013 has a great new feature where cloud storage services can register as a place within the open/save menu, and within the user's account. While we wait for Dropbox to officially support this, I have a workaround for those people using Office 2013
    who need to see the Dropbox icon beside SkyDrive.
    The script that you can download and run is here:
    https://dl.dropbox.com/u/46565/dropbox_service_add.bat
    It modifies the registry based on Microsoft's document, "Integrating additional cloud storage services in Office 2013" found at http://www.microsoft.com/en-us/download/details.aspx?id=35474
    I've only tested this on Windows 8, so if somebody on Windows 7 can let me know how it works that would be fantastic.
    The thread where I'll be posting any updates or changes is:
    https://forums.dropbox.com/topic.php?id=93098
    Cheers,
    -Philip

    Great thing to have, but executing batch files is not secure.
    Try to install new for Microsoft Office that embeds Dropbox integration into it in the same way but has nice and simple installer.
    There is one more killing feature currently. Our plugin allows to load and review change history of the document right from Microsoft Word and Excel.
    Give it a try at http://www.codocuments.com

  • Visual Studio cannot remote debug Azure cloud service: There was a failure to launch the remote debugger

    I am trying to invoke remote debugger on an Azure worker role cloud service, following the example of
    http://msdn.microsoft.com/en-us/library/azure/ff683670.aspx
    But on attaching the remote debugger for the cloud service instance
    Microsoft Visual Studio
    There was a failure to launch the remote debugger.
    OK  
    According to somebody else's extra coverage on the topic, there are extra ports 4016/4017 that need to be taken care of (but do they have to be exposed externally)?
    http://developers.de/blogs/damir_dobric/archive/2014/02/04/behind-windows-azure-remote-debugger.aspx
    So servicedefinition.csdef gets
        <Endpoints>
          <InputEndpoint name="Endpoint1" protocol="http" port="80" />
          <InputEndpoint name="RemoteDebugger" protocol="tcp" port="4016" localPort="4016" />
          <InputEndpoint name="RemoteDebugger2" protocol="tcp" port="4017" localPort="4017" />
          <InstanceInputEndpoint name="Microsoft.WindowsAzure.Plugins.RemoteDebugger.Connector" protocol="tcp" localPort="30398">
            <AllocatePublicPortFrom>
              <FixedPortRange min="30400" max="30424" />
            </AllocatePublicPortFrom>
          </InstanceInputEndpoint>
          <InstanceInputEndpoint name="Microsoft.WindowsAzure.Plugins.RemoteDebugger.Forwarder" protocol="tcp" localPort="31398">
            <AllocatePublicPortFrom>
              <FixedPortRange min="31400" max="31424" />
            </AllocatePublicPortFrom>
          </InstanceInputEndpoint>
        </Endpoints>
    Serviceconfiguration.cscfg gets
          <Setting name="Microsoft.WindowsAzure.Plugins.RemoteDebugger.Connector.Enabled" value="true" />
          <Setting name="Microsoft.WindowsAzure.Plugins.RemoteDebugger.Connector.Version" value="2.3" />
          <Setting name="Microsoft.WindowsAzure.Plugins.RemoteDebugger.ClientThumbprint" value="THUMBNAIL" />
          <Setting name="Microsoft.WindowsAzure.Plugins.RemoteDebugger.ServerThumbprint" value="THUMBNAIL" />
        </ConfigurationSettings>
        <Certificates>
          <Certificate name="Microsoft.WindowsAzure.Plugins.RemoteDebugger.TransportValidation" thumbprint="THUMBNAIL" thumbprintAlgorithm="sha1"
    />
        </Certificates>
    But all these are to no avail; the same error still pops for Visual Studio 2013 Update 4; Azure SDK 2.3
    Anybody regularly perform remote debugging for Azure cloud services?
    The melody of logic will always play out the truth. ~ Narumi Ayumu, Spiral

    And, how do I control that in Visual Studio?
    All I get is the Attach Debugger... context menu option in the Azure cloud service nodes in Server Explorer. That is where it is failing. There are no customisable options.
    Because of that, the Attach to Process dialog box is unable to retrieve the list of processes (to debug) in the remote worker role instance server.
    I tested a blank-template worker role project and published to a new cloud project, and this simplistic copy had no problems with the Remote debugger.
    Now the question is, what is it about this real-world project/cloud service that is different from blank sample? From what I compare between what I think are the relevant settings, there are none.
    ServiceDefinition.csdef
    <Imports>
    <Import moduleName="Diagnostics" />
    <Import moduleName="RemoteAccess" />
    <Import moduleName="RemoteForwarder" />
    <Import moduleName="RemoteDebuggerConnector" />
    </Imports>
    <Contents>
    <Content destination=".\">
    <SourceDirectory path="D:\Projects\experiments\workerrole1\workerrole1\rcf\Debug\RemoteDebuggerContent\" />
    </Content>
    </Contents>
    <Endpoints>
    <InstanceInputEndpoint name="Microsoft.WindowsAzure.Plugins.RemoteDebugger.Connector" protocol="tcp" localPort="30398">
    <AllocatePublicPortFrom>
    <FixedPortRange min="30400" max="30424" />
    </AllocatePublicPortFrom>
    </InstanceInputEndpoint>
    <InstanceInputEndpoint name="Microsoft.WindowsAzure.Plugins.RemoteDebugger.Forwarder" protocol="tcp" localPort="31398">
    <AllocatePublicPortFrom>
    <FixedPortRange min="31400" max="31424" />
    </AllocatePublicPortFrom>
    </InstanceInputEndpoint>
    </Endpoints>
    ServiceConfiguration.cscfg
    <ConfigurationSettings>
    <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="DefaultEndpointsProtocol=https;AccountName=storage;AccountKey=" />
    <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Enabled" value="true" />
    <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUsername" value="" />
    <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword" value="" />
    <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountExpiration" value="2015-12-31T23:59:59.0000000+08:00" />
    <Setting name="Microsoft.WindowsAzure.Plugins.RemoteForwarder.Enabled" value="true" />
    <Setting name="Microsoft.WindowsAzure.Plugins.RemoteDebugger.Connector.Enabled" value="true" />
    <Setting name="Microsoft.WindowsAzure.Plugins.RemoteDebugger.Connector.Version" value="2.4" />
    <Setting name="Microsoft.WindowsAzure.Plugins.RemoteDebugger.ClientThumbprint" value="" />
    <Setting name="Microsoft.WindowsAzure.Plugins.RemoteDebugger.ServerThumbprint" value="" />
    </ConfigurationSettings>
    <Certificates>
    <Certificate name="Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" thumbprint="" thumbprintAlgorithm="sha1" />
    <Certificate name="Microsoft.WindowsAzure.Plugins.RemoteDebugger.TransportValidation" thumbprint="" thumbprintAlgorithm="sha1" />
    </Certificates>
    The melody of logic will always play out the truth. ~ Narumi Ayumu, Spiral

  • How do I tell my clients to configure the connectionstrings for a cloud service?

    I have an application that exists in two forms
    A Windows Service
    A Clouse Service with a Web Worker Role
    Both applications have an encrypted connection string in the app.config;
    for clients using the Windows Service I know how to tell them to change the config file.
    For a cloud service is it possible to edit the configuration file?
    I read something about Azure Settings, but I can't find any good information about that, is that the preferred method for setting environment settings in a Cloud Service?
    Can you remote in to a VM or whatever hosts the Cloud Service?
    Thank you for any help. I am writing the documentation about how to setup the Azure environment and I realized I don't know myself, I only know how to publish with Visual Studio to a cloud service with the values already set. That works, but I can't
    tell a client to use Visual Studio.

    Hi,
    For a cloud service, though it is possible to access instance VMs and do changes on their file system by RDP sessions, but it is not recommended, as you will end up loosing your changes if role instance VMs are restarted.
    If you really want to keep certain settings configurable and which will be shared by all your role instances, best way to do is to utilise the cloud service configurations, typically you mention these settings in .cscfg file and you can also edit those using
    azure management portal.
    You can also access those from your code 
    string settingValue = CloudConfigurationManager.GetSetting("SettingString");
    Read more about it here - http://msdn.microsoft.com/en-us/library/azure/ee405486.aspx
    http://haishibai.blogspot.in/2012/09/windows-azure-cloud-service.html
    Bhushan | Blog |
    LinkedIn | Twitter

  • "Failed to debug the Windows Azure Cloud Service project. The Output directory .... does not exist" - Looking for Solution Config Name Folder?

    Good evening,
    I've been working on and with a VS2013 Update 2 / Azure SDK 2.3 Cloud Service project for a while now and never had a problem debugging it (setting the .ccproj Project as Startup Project) but at the moment I cannot Debug it anymore - I always get the following
    error message:
    Failed to debug the Windows Azure Cloud Service project.  The output directory 'D:\Workspace\Development\Sources\AzureBackend\csx\Backend - Debug' does not exist.
    Now what's odd here, is the last part - the "Backend - Debug" is the Solution configuration name, ALL projects in that particular solution configuration are set to the Debug Configuration. The .ccproj file also only specifies Debug|Any CPU (and
    Release|Any CPU respectively) as its output folder(s). Why is the Solution config appearing up there?
    And more importantly.. why is this happening and what can I do?!
    Thanks,
    -Jörg
    Ps: there seems to be a related
    connect bug and these sorts of issues do appear around the forums but none contains a solution (neither reinstalling the Azure SDK nor cloaking the workspace/re-retrieving & building everything worked).

    Good morning Jambor,
    I already tried de-installing everything Azure-Tooling related including the Azure SDK, Restarting my machine and re-installing the SDK.
    Same result. I can build the .ccproj perfectly fine and the cspack file IS generated perfectly fine, only debugging does not work and there's NO information in the VS output window (again - all projects succeed to build).
    I tried explicitely running VS as Administrator, no change. I removed all IIS Express sites (as the ccproj has one web worker role), remapped my local TFS workspace.. nothing helped.
    As building works, deploying to Azure Cloud Service (manually and via Publish inside VS) all works -perfectly-, I am pretty sure this IS a bug and I'd LOVE to help to get this fixed. As I said, currently I cannot debug and/or run & test my work, hence
    I cannot do ANY work.

  • How to develop and deploy multiple worker roles in single azure cloud services?

    I am Manikandan, From Myeasydocs.com.
    We have developed our application as web projects.  Now we are going to move to azure cloud services, i have successfully migrated our application in cloud services and it worked fine. I am having difficulties with back ground task. i have nearly 12
    schedule tasks in our applications. I need assist on creating multiple worker role creation and deployment.
    Is there is any site on explaining the worker role process in details?
    Thanks in advance .. !!

    Hi,
    In Worker role, Applications hosted within worker roles can run asynchronous, long-running or perpetual tasks independent of user interaction or input. It is a service component that is useful for generalized development, and may perform background processing
    for a web role. A worker role is frequently used for long-running tasks that are non-interactive, but you can host any type of workload.
    I suggest you to follow the below article which explains about Creating and Deploying of Web Roles and Worker Roles in Azure Cloud Service using Visual Studio.
    https://msdn.microsoft.com/en-us/magazine/jj618299.aspx
    Hope this helps !
    Regards,
    Sowmya

  • Is there a way for converting WCF service into Azure Cloud Service without dealing with project files.

    Here is my situation.
    We provide Platform and SDK to other people where they can build WCF services and deploy that on site. We have a  many ISVs who has built wcf services, packaged them and ship them.
    Packaging consist of couple of manifest file and .dll file that make up wcf service. Now we want to go on cloud with our platform.
    Long story short - I have all the dlls for my wcf service but no project file.
    Is there a way to generate cloud service package from this dll files?

    Hi,
    You can't simply package your dlls and deploy it as a azure cloud service deployment package - you will need to have your project as well as service definition file which will define your role and instances.
    You can read more about packaging an Application by Using the CSPack Command-Line Tool here -http://msdn.microsoft.com/en-us/library/azure/gg433133.aspx
    another way to go to cloud platform is by making use of azure web sites, however you will still need your service files do deploy.
    If you have the dlls and the service files with you - then you can simply use the web site publish wizard and deploy to azure web site.
    Read more about it here - http://azure.microsoft.com/en-us/documentation/articles/web-sites-deploy/
    Bhushan | Blog |
    LinkedIn | Twitter

  • Can't publish to Azure Cloud Service from Visual Studio 2013

    I have a VS project that I upgraded from VS 2012 to VS 2013. I can run it locally, and had no issues publishing to Azure when I was using VS 2012. When I attempt to publish the upgraded app to an Azure Cloud Service that already exists, I am getting this
    error.  Note that I have checked the Service Config files and did a search on the entire solution and can not find any reference to "LocalStorage1" anywhere in the Project or Solution. I have another VS 20113 Project that publishes just fine
    to Azure Cloud Service. Any ideas on how to fix this?
    PUBLISH ERROR:
    Windows Azure could not find the resource LocalStorage1 in the service package. To upgrade the deployment, you must add the resource. Otherwise, perform a new deployment.

    That's actually what I meant in my first post. When publishing to a new service, it is fine, because the deployment does not have to compare what is already there (it is a new service, so nothing is there) and what is in your package. But while upgrading
    a service, bunch of settings have to match between an existing service and the package you are trying to upload. So the error you got wasn't about you having something extra in your package, but having something extra in your existing service and missing in
    the package you were uploading. Hope that helps.
    Anyway, please move this question to cloud services forums (this one is for web sites only), as there are experts in that area and they might be able to help you better.
    Thanks,
    Petr

  • OWSM security for a OSB service- authenticate from weblogic security realms

    Hello,
    I have a requirement to add security to a OSB service.
    The user details are configured in weblogic security realms. lets say there are ten different users.
    I need to protect my osb service using OWSM policy & the policy should be configured to authenticate the user from realms.
    I am new to OWSM & wondering if this is possible?
    Can the experts please direct me to any docs or steps?
    Thanks
    Ganesh

    Hi,
    Thanks for the links.
    I followed the blog and configured it using oracle/wss_username_token_service_policy.
    Now my requirement is to send the username,password from proxy to business and to the BPEL. (the bpel needs this username /password & and in header)
    The issue I am facing is the proxy service is not sending the soap header details to business service.
    I dont want to make the proxy as passthrough. (ie set Process WS-Security Header to NO)
    I have to authorize on proxy level and then send the same credential details to business service?
    So the question is, how can I retrieve the header after osb process it?
    Can anyone please help me here?
    Thanks
    Ganesh

  • Windows Azure Cloud Service with MVC4WebRole template giving "Not running in a hosted service or the Development Fabric." Error.

    Azure SDK used - 1.7 & 2.0
    When we create new project for Windows Azure Cloud Service with MVC4WebRole template & try to run it locally its giving error as "Not running in a hosted service or the Development Fabric."
    We are aware that making Azure project as start up project will resolve this error but we want to run the application locally before testing it with cloud.
    It’s not working with Cassini so we have tried with IIS but still it’s giving the same error.
    In another project when we added ASP.Net MVC4 Application & then for that project we have generated the Azure cloud service project using "Add Windows Azure Cloud Service Project". By this way debugging it locally works fine.
    Is there something additional settings present in Windows Azure Cloud Service with MVC4WebRole template which is causing this issue?

    hello,
    According your description, I try to reproduce it in my PC.
    >1. I create a could project and add a MVC4 web role into project.
    >2. I set the azure project as a start project and run, it works fine.
    >3. I change the MVC4 web role as a startup project and run, it works fine too. Of course before this, I exited the Azure Simulator.
    But this project was a empty project. It didn't included azure DLL file, such as Diagnostics file. So I think you could comment out the "system.diagnostics" node and try again. Also, you could refer to this same thread:http://stackoverflow.com/questions/13879443/not-running-in-a-hosted-service-or-the-development-fabric-production-not-debug
    Regards,
    Will
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • Configure commonly used settings for a cloud service

    Hi All,
    Have a question regarding Azure Cloud Service.  If I change a cloud service setting (Cloud Service -> Configure) in the portal, does the change persist if or when an instance is re-imaged?  For example, if I change the "DatabaseRetryCount"
    parameter from 5 to 10 and save it, this change will update the runtime configuration.  However, when Azure rebuild this role, is this change get carried over?
    Thanks

    In azure cloud services nothing is persistent, meaning that every time role instances are restarted or created, it will be created from the scratch and will pick up only those settings which you either have done in the role start up or defined as a start
    up activity.
    About azure cloud service configuration files, i.e. cscfg - you can specify the settings similar to what you define in web configuration file of your application, these settings can be read at run time and can be reffered in your custom code. If you add
    / update any setting from the portal - you should also do similar in cscfg file in your solution so that next time you upgrade the deployment, the updated settings will be deployed.
    Read more information here - https://msdn.microsoft.com/en-us/library/azure/ee758710.aspx
    Bhushan | Blog |
    LinkedIn | Twitter

Maybe you are looking for

  • How can i use automator to change my browsers home page

    Hello there, I am a junior web developer currently using a macbook, i have wamp server installed on my machine for testing the code that i produce. Currently i have 2 browsers on my machine firefox and safari. I would like to create a script that wou

  • Is anybody else experiencing problems accessing the itunes store?

    i'm on a macbook pro 10.6.8. my itunes is 10.3.1. i haven't experienced problems before, just today when i was trying to update some iphone apps.  the updates wouldn't download and it kept giving me the network timeout error.  i checked my connection

  • Credit block should not require for Credit card paid sales order

    Dear friends, my client want that sales oder with credit card payment should not block sales order for credit management reasons. Hoe can it be configured. Regards rdc

  • Operations are not visible

    Hi All, I am in CE 7.1.1 EHP1. I have declared the DC usage dependency of a composite application project in another composite application project. At development time I can find the application service of the used project but unable to get any publi

  • I am a lost Photoshop Soul....

    Ok. I could not open my NEF files. I looked at what version I was using and it was 4.0 I shoot with a Nikon D300.....so I need the 4.3 version or above. This much I know. But when I pull 4.0 onto my desktop and replaced it with 4.3 (tried 4.6 but tha