Successfully reported this slideshow.

More Related Content

More from Maarten Balliauw

Related Books

Free with a 14 day trial from Scribd

See all

How it's made - - AzureConf

  1. 1. Over 60 community-led Windows Azure training events worldwide!
  2. 2. @maartenballiauw Shameless self promotion: Pro NuGet -
  3. 3. NuGet? MyGet?
  4. 4. How we started
  5. 5. What we did not know…
  6. 6. Our first architecture
  7. 7. Or not? Speed of light! USA was slow! Sync issues, downtime, … Seems not every ISP follows DNS standards
  8. 8. • Syncing data kept being slow • Populating cache was a nightmare • CDN kept having issues • Of 3 instances, only 1 was being used with enough load (~60%)
  9. 9. Our second architecture
  10. 10. Windows Azure Access Control Service
  11. 11. production tenants * other domain names localhost:1196 development Windows Azure Access Control Service
  12. 12.
  13. 13. Tough times Learning moments
  14. 14. Full story at
  15. 15. Full story at
  16. 16. Full story at
  17. 17. Full story at
  18. 18.
  19. 19. Bonus tip
  20. 20. this is why we built username/password registration, seems a lot of people prefer typing instead of one click we must keep investing in Build Services feed discovery is more popular than we imagined from zero reactions on our blog and Twitter the technical fear we had about “download as ZIP” consuming too much server resources? That thing doesn’t show up in our stats, that’s how successful it is…
  21. 21. Conclusion
  22. 22. Thank you! @maartenballiauw
  23. 23. @maartenballiauw
  24. 24.

Editor's Notes

  • Maarten
  • Demo:Show people around in ACS management portal and whos how easy it is to add another identity providerShow Visual Studio and how easy it is to add a federation identity provider in thereStress the fact that the app only know about ONE identity, and that’s the one from ACS. The others are transformed at the ACS level.Show the incoming claims in the accountcontroller
  • Demo:Web.config contains multiple audiences:      <audienceUris>        <add value="http://localhost:1196/" />        <add value="http://localhost:81/" />        <add value="" />      </audienceUris>Realmis the same for every audience, ACS uses the audience to do the home realmdiscoveryDemonstrate a login on prod and one on dev
  • Demo:Demonstrate login via RealDolmen ADFSAgain, demonstrate the audience URI’s and how this should in theory never workShow the dynamic configuration happening on login:                if (TenantContext.Tenant != null)                 {                     signInRequestMessage.Realm = TenantContext.Tenant.Realm;                     var allowedAudienceUris =                         FederatedAuthentication.ServiceConfiguration.AudienceRestriction.AllowedAudienceUris;                     if (!allowedAudienceUris.Contains(new Uri(TenantContext.Tenant.Realm)))                     {                         allowedAudienceUris.Add(new Uri(TenantContext.Tenant.Realm));                     }                 }
  • ×