1 / 38

We have a little game to play at the start

Laptops Out. We have a little game to play at the start. Programming Microsoft .NET Services. Chris J.T. Auld (@cauld) Director, Intergen Limited (Chris.auld@intergen.co.nz) New Zealand (Go All Blacks!). Azure Services Platform. Microsoft Dynamics CRM Services.

edison
Download Presentation

We have a little game to play at the start

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Laptops Out We have a little game to play at the start

  2. Programming Microsoft .NET Services Chris J.T. Auld (@cauld) Director, Intergen Limited (Chris.auld@intergen.co.nz) New Zealand (Go All Blacks!)

  3. Azure Services Platform Microsoft Dynamics CRM Services Microsoft SharePoint Services

  4. .NET Services • Extending .NET technologies to the cloud • Open and accessible • REST, SOAP, RSS, AtomPub, … • Class libraries for Java, PHP, Ruby, … • Easy-to-use from .NET – skills move forward • Initial focus on three key developer challenges • Application integration & connectivity • Access control in a federated world • Message orchestration

  5. .NET Service Bus Roll the Dice…. Win a Prize…

  6. Service Bus • Key developer challenges • Giving partners secure access to your apps • Characteristics or scale of integration unknown • Partners / customers / users have devices and services running behind firewalls • Approach • Provide a high-scale, high-available “Service Bus” that supports open Internet protocols

  7. Service Bus Application Pattern Service Orchestration Federated Identity and Access Control Naming Service Registry Messaging Fabric Your Service Clients On-Premises Cloud Services Desktop, RIA, Web Compute Storage ESB Desktop, RIA, Web Desktop, RIA, & Web … Billing Corp Service

  8. [http|sb]://{account}.servicebus.windows.net/{user-defined} Service Registry The service registry provides a mapping from URIs to services account svc Root contoso Multi-Tenant …

  9. The Beachball Demo .NET Services using expo hall balls

  10. .NET Service Bus Simple Finability – Enabling Discoverability

  11. Connectivity • Two key capabilities • Relay • Direct connect • Available via HTTP / REST / ATOM • Available in .NET via WCF Bindings

  12. Rich Set of Connectivity Bindings

  13. Relay Connections Relay http://{account}.servicebus.windows.net/a/b Outbound SSL-Secured TCP 828Connection to Relay Rendezvous Endpoint One-Way Messagesthrough TCP Tunnel Sender Receiver

  14. Direct Connections Relay http://{account}.servicebus.windows.net/a/b - Outbound SSL-Secured TCP 828Connection to Relay - Out-of-Band Protocol to negotiate Direct Connection Sender Receiver Upgrade to Direct when possible

  15. The Beachball Demo .NET Services using expo hall balls

  16. demo Real World Relay and Direct Connections

  17. Publish/Subscribe • Builds on the relay and direct connect connectivity capabilities • Initial release is “connected multicast” • Over time will provide additional delivery characteristics – anycast, reliable, …

  18. Multicast Publish/Subscribe Relay http://{account}.servicebus.windows.net/a/b Outbound SSL-Secured TCP 828Connection to Relay Rendezvous Endpoint One-Way Messagesthrough TCP Tunnel Sender Receiver Receiver Receiver Receiver

  19. demo Publish/Subscribe (Multicast)

  20. Queues Relay http://{account}.servicebus.windows.net/{user-defined} Queue is created by adding a queue policy to the tree Queue Policy HTTP(S) / net.tcp HTTP(S) Dequeue Msg Msg Sender Receiver Manager

  21. Routers Relay http://{account}.servicebus.windows.net/{user-defined} Router is created by adding a router policy to the tree RouterPolicy HTTP(S) / net.tcp HTTP(S) Dequeue Msg Msg Msg Msg Receiver Receiver Sender Manager Receiver

  22. Queues and Routers Queues and routers are composable with one another Queue Service APort 80 Msg Msg Router (Distribution: All) Service B Msg Msg Router (Distribution: One) Service C Msg Service D

  23. demo Queues and Routers

  24. .NET ACS

  25. Access Control • Key developer challenges • Many identity providers, vendors, many protocols, complex semantics – tricky to get right • Application strewn with one-off access logic • Hard to get right, not agile, not compliant, ... • Approach • Automate federation for a wide-range of identity providers and technologies through a hosted STS • Model the access control logic as rules • Easy fx that ensures correct token processing

  26. .NET Access Control Service The .NET ACS is a hosted service that externalizes the authorization policy for federated users .NET ACS (a hosted STS) Trust relationship established Return token Request token Relying Party (Your App) Requestor (Your Customer) Send message with token

  27. Access Control Interactions 3. Map input claims to output claims based on access control rules 1. Define access control rules for a customer Your Access Control Project (a hosted STS) 0. Certificate exchange; periodically refreshed 4. Send Token (output claims from 3) 6. Claims checked in Relying Party 2. Send Claims Relying Party (Your App) Requestor (Your Customer) 5. Send Message w/ token

  28. Rules and Claims Transformation • Your ACS rules define a simple claims transformation • Rules are defined within an application scope • Chained rules; e.g., bob  mgr and mgr  allowed • Simple model: the output security token is a collection of claims based on the claims in the incoming token Rules Engine claims in claims out

  29. Managing the ACS • You can use the web site or web management APIs… • Define and manage application scopes • Define and manage access control rules • Define and manage claim types • Define and manage signing and encryption keys • Standards compliant – works with Java, Ruby, … • ACS management API based on AtomPub

  30. demo Access Control

  31. Case Study: Relay Access Control • Access governed by Access Control Rules • Relay looks for Send/Listen claims • Composes cleanly with SOAP-over-HTTP • SOAP 1.1, SOAP 1.2 HTTP clients send messages through the relay with minimal extra effort • WS-Security header can be used for end-to-end application level security – optional • Composes cleanly w/ transport message protection • Support any SOAP 1.2/2.0 BP compliant client

  32. Unauthenticated Senders • Unauthenticated “Send” option • Clients do not need to acquire tokens for communicating through the relay • Supports plain Basic Profile SOAP requests • Opt-in Policy set by listening services • Enables services to choose between Relay access control and end-to-end access control

  33. Summary • .NET Services extends .NET to the cloud • It's open and accessible • It's easy to use your existing .NET skills • It comes with all cloud benefits • Initial focus on three key developer challenges • Application integration & connectivity • Access control in a federated world • Message orchestration

  34. question & answer

  35. Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online. Resources • www.microsoft.com/teched Sessions On-Demand & Community • www.microsoft.com/learning • Microsoft Certification & Training Resources • http://microsoft.com/technet • Resources for IT Professionals • http://microsoft.com/msdn Resources for Developers www.microsoft.com/learning Microsoft Certification and Training Resources

  36. Required Slide 10 pairs of MP3 sunglasses to be won Complete a session evaluation and enter to win!

  37. Required Slide © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related