API’s are the new apps. They can be consumed by everyone using a web browser or a mobile application on their smartphone or tablet. How would you build your API if you want these apps to be a full-fledged front-end to your service without compromising security? In this session, Maarten will explain how to build an API using the ASP.NET Web API framework and how the Windows Azure Access Control service can be used to almost completely outsource all security and OAuth-related tasks.
OAuth-as-a-serviceusing ASP.NET Web API and Windows Azure Access ControlMaarten Balliauw
API’s are the new apps. They can be consumed by everyone using a web browser or a mobile application on their smartphone or tablet. How would you build your API if you want these apps to be a full-fledged front-end to your service without compromising security? In this session, Maarten will explain how to build an API using the ASP.NET Web API framework and how the Windows Azure Access Control service can be used to almost completely outsource all security and OAuth-related tasks.
This presentation provides overview of new asp.net web api, comparing with MVC, and go through features of web api such as Content Negotiation, Queryable, Html help page, and more.
OAuth-as-a-serviceusing ASP.NET Web API and Windows Azure Access ControlMaarten Balliauw
API’s are the new apps. They can be consumed by everyone using a web browser or a mobile application on their smartphone or tablet. How would you build your API if you want these apps to be a full-fledged front-end to your service without compromising security? In this session, Maarten will explain how to build an API using the ASP.NET Web API framework and how the Windows Azure Access Control service can be used to almost completely outsource all security and OAuth-related tasks.
This presentation provides overview of new asp.net web api, comparing with MVC, and go through features of web api such as Content Negotiation, Queryable, Html help page, and more.
Secure RESTful Web Services for ASP.NET Web APIRob Daigneau
Insecure software can lead to irreversible damage for companies and their customers alike. But how do we know if we're at risk? The first step is awareness. Fortunately for us, the Open Web Application Security Project (OWASP) provides an updated list of the most critical security risks facing companies each year. Join us in this session as we walk through the OWASP list, explore, and when possible, demonstrate these exploits. For each risk, we'll discuss counter-measures and provide options to mitigate these risks with ASP.NET. In the process, we'll also review options to implement authentication, authorization, and message encryption.
CamelOne 2012 - Spoilt for Choice: Which Integration Framework to use?Kai Wähner
Spoilt for Choice - Which Integration Framework to use on the Java (JVM) Platform? Apache Camel, Spring Integration, Mule ESB? Or when to use an Enterprise Service Bus (ESB) instead?
Microservices and functional programmingMichael Neale
A talk I did recently on microservices and functional programming. Microservices are small, single purpose apps that are run as a service, which are usually composed together to provide the real app.
Scaling micro-services Architecture on AWSBoyan Dimitrov
In this talk we are going to explore how Hailo evolved a monolithic LAMP stack into micro-services platform based on Go. We are going to share the challenges we faced and some of the design patterns that helped us scale our system. We will take a peek into our internal orchestration architecture and the tooling we built to help us automate and manage our platform
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
Constructing a successful and simple API is the lifeblood of your developer community, and REST is a simple standard through which this can be accomplished. As we construct our API and need to secure the system to authenticate and track applications making requests, the open standard of OAuth 2 provides us with a secure and open source method of doing just this. In this talk, we will explore REST and OAuth 2 as standards for building out a secure API infrastructure, exploring many of the architectural decisions that PayPal took in choosing variations in the REST standard and specific implementations of OAuth 2.
Companion slides for Stormpath CTO and Co-Founder Les REST API Security Webinar. This presentation covers all the RESTful best practices learned building the Stormpath APIs. This webinar is full of best practices learned building the Stormpath API and supporting authentication for thousands of projects. Topics Include:
- HTTP Authentication
- Choosing a Security Protocol
- Generating & Managing API Keys
- Authorization & Scopes
- Token Authentication with JSON Web Tokens (JWTs)
- Much more...
Stormpath is a User Management API that reduces development time with instant-on, scalable user infrastructure. Stormpath's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.
Microservice With Spring Boot and Spring CloudEberhard Wolff
Spring Boot and Spring Cloud are an ideal foundation for creating Microservices based on Java. This presentation explains basic concepts of these libraries.
Streaming Analytics Comparison of Open Source Frameworks, Products, Cloud Ser...Kai Wähner
Streaming Analytics Comparison of Open Source Frameworks, Products and Cloud Services. Includes Apache Storm, Flink, Spark, TIBCO, IBM, AWS Kinesis, Striim, Zoomdata, ...
This session discusses the technical concepts of stream processing / streaming analytics and how it is related to big data, mobile, cloud and internet of things. Different use cases such as predictive fault management or fraud detection are used to show and compare alternative frameworks and products for stream processing and streaming analytics.
The focus of the session lies on comparing
- different open source frameworks such as Apache Apex, Apache Flink or Apache Spark Streaming
- engines from software vendors such as IBM InfoSphere Streams, TIBCO StreamBase
- cloud offerings such as AWS Kinesis.
- real time streaming UIs such as Striim, Zoomdata or TIBCO Live Datamart.
Live demos will give the audience a good feeling about how to use these frameworks and tools.
The session will also discuss how stream processing is related to Apache Hadoop frameworks (such as MapReduce, Hive, Pig or Impala) and machine learning (such as R, Spark ML or H2O.ai).
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Kai Wähner
In October 2014, I had a talk at Jazoon in Zurich, Switzerland: "A New Front for SOA: Open API and API Management as Game Changer"
Open API represent the leading edge of a new business model, providing innovative ways for companies to expand brand value and routes to market, and create new value chains for intellectual property. In the past, SOA strategies mostly targeted internal users. Open APIs target mostly external partners.
This session introduces the concepts of Open API, its challenges and opportunities. API Management will become important in many areas, no matter if business-to-business (B2B) or business-to-customer (B2C) communication. Several real world use cases will discuss how to gain leverage due to API Management. The end of the session shows and compares API management products from different vendors such as TIBCO API Exchange, IBM, Apigee, 3scale, WSO2, MuleSoft, Mashery, Layer 7, Vordel
Microservices - Death of the Enterprise Service Bus (ESB)? (Update 2016)Kai Wähner
Microservices are the next step after SOA: Services implement a limited set of functions. Services are developed, deployed and scaled independently.
Continuous Integration and Continuous Delivery control deployments. This way you get shorter time to results and increased flexibility. Microservices have to be independent regarding build, deployment, data management and business domains. A solid Microservices design requires single responsibility, loose coupling and a decentralized architecture. A Microservice can to be closed or open to partners and public via APIs. This session discusses the requirements, best practices and challenges for creating a good Microservices architecture, and if this spells the end of the Enterprise Service Bus (ESB). A live demo will show how middleware and Microservices complement each other using containers, continuous integration, REST services, and open source frameworks such as Cloud Foundry.
A live demo showed a "Microservices Middleware Architecture" using Cloud Integration (with Cloud Foundry PaaS), Integration and Services (with TIBCO BusinessWorks Container Edition), API Management / Open API (with Mashery) amd Log Management / IT Operations Analytics (ITOA, with Papertrail and LogLogic / Unity).
Tour through the history of middleware from old architectures to cloud-native middleware microservices leveraging Docker, Kubernetes, Cloudfoundry.
Microservices are the next step after SOA: Services implement a limited set of functions. Services are developed, deployed and scaled independently. Continuous Delivery automates deployments. This way you get shorter time to results and increased flexibility. Containers improve these even more offering a very lightweight and flexible deployment option.
In the middleware world, you use concepts and tools such as an Enterprise Service Bus (ESB), Complex Event Processing (CEP), Business Process Management (BPM) or API Gateways. Many people still think about complex, heavyweight central brokers. However, Microservices and containers are relevant not just for custom self-developed applications, but they are also a key requirement to make the middleware world more flexible, agile and automated.
This session focuses on live coding to demonstrate how to develop, deploy and operate cloud-native microservices in the middleware world. The live demos leverage frameworks and tools such as Docker, Kubernetes, Cloud Foundry, Consul, Spring Cloud Config, Eureka and Hystrix.
Comparison of Open Source Frameworks for Integrating the Internet of ThingsKai Wähner
Session from JFokus 2017 (https://www.jfokus.se/jfokus/talks.jsp#ComparisonofOpenSour) in Stockholm, Sweden.
This session shows and compares open source frameworks built to develop very lightweight applications or microservices, which can be deployed on small devices with very low resources and wire together all different kinds of hardware devices, APIs and online services. The focus of this session is the comparison of open source projects such as Node-RED or Flogo, which offer a zero-code environment with web IDE for building and deploying integration and data processing directly onto connected devices using IoT standards such as MQTT, WebSockets or CoaP, but also other interfaces such as Twitter feeds or REST services. The end of the session compares these open source projects to other options such as SaaS offerings like AWS IoT or more powerful streaming analytics platforms.
SOA, service-oriented architectures, burst on the scene in the new millennium as the latest technology to support application growth. In concert with the Web, SOA ushered in new paradigms for structuring enterprise applications.
At the Forward Internet Group in London, we are implementing SOA in unusual ways. Rather than a few, businessrelated services being implemented per the original vision, we have developed systems made of myriads of very small, usually shortlived services.
In this workshop, we will start by exploring the evolution of SOA implementations by the speaker. In particular, lessons learned from each implementation will be discussed, and reapplication of these lessons on the next implementation. Challenges (and even failures) will be explicitly identified.
We will arrive at a model of the current systems: An environment of very small services that are loosely coupled into a complex system. We explore the demise of acceptance tests in this complex environment, and the clever replacement of business metrics in their stead.
Finally, we will conclude with the surprising programmer development process impacts of this architecture. Indeed, bedrock principles of Agile have been rendered unnecessary, something that equally surprised us. (Presented at Agile India 2013)
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...Maarten Balliauw
API’s are the new apps. They can be consumed by everyone using a web browser or a mobile application on their smartphone or tablet. How would you build your API if you want these apps to be a full-fledged front-end to your service without compromising security? In this session, Maarten will explain how to build an API using the ASP.NET Web API framework and how the Windows Azure Access Control service can be used to almost completely outsource all security and OAuth-related tasks.
Secure RESTful Web Services for ASP.NET Web APIRob Daigneau
Insecure software can lead to irreversible damage for companies and their customers alike. But how do we know if we're at risk? The first step is awareness. Fortunately for us, the Open Web Application Security Project (OWASP) provides an updated list of the most critical security risks facing companies each year. Join us in this session as we walk through the OWASP list, explore, and when possible, demonstrate these exploits. For each risk, we'll discuss counter-measures and provide options to mitigate these risks with ASP.NET. In the process, we'll also review options to implement authentication, authorization, and message encryption.
CamelOne 2012 - Spoilt for Choice: Which Integration Framework to use?Kai Wähner
Spoilt for Choice - Which Integration Framework to use on the Java (JVM) Platform? Apache Camel, Spring Integration, Mule ESB? Or when to use an Enterprise Service Bus (ESB) instead?
Microservices and functional programmingMichael Neale
A talk I did recently on microservices and functional programming. Microservices are small, single purpose apps that are run as a service, which are usually composed together to provide the real app.
Scaling micro-services Architecture on AWSBoyan Dimitrov
In this talk we are going to explore how Hailo evolved a monolithic LAMP stack into micro-services platform based on Go. We are going to share the challenges we faced and some of the design patterns that helped us scale our system. We will take a peek into our internal orchestration architecture and the tooling we built to help us automate and manage our platform
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
Constructing a successful and simple API is the lifeblood of your developer community, and REST is a simple standard through which this can be accomplished. As we construct our API and need to secure the system to authenticate and track applications making requests, the open standard of OAuth 2 provides us with a secure and open source method of doing just this. In this talk, we will explore REST and OAuth 2 as standards for building out a secure API infrastructure, exploring many of the architectural decisions that PayPal took in choosing variations in the REST standard and specific implementations of OAuth 2.
Companion slides for Stormpath CTO and Co-Founder Les REST API Security Webinar. This presentation covers all the RESTful best practices learned building the Stormpath APIs. This webinar is full of best practices learned building the Stormpath API and supporting authentication for thousands of projects. Topics Include:
- HTTP Authentication
- Choosing a Security Protocol
- Generating & Managing API Keys
- Authorization & Scopes
- Token Authentication with JSON Web Tokens (JWTs)
- Much more...
Stormpath is a User Management API that reduces development time with instant-on, scalable user infrastructure. Stormpath's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.
Microservice With Spring Boot and Spring CloudEberhard Wolff
Spring Boot and Spring Cloud are an ideal foundation for creating Microservices based on Java. This presentation explains basic concepts of these libraries.
Streaming Analytics Comparison of Open Source Frameworks, Products, Cloud Ser...Kai Wähner
Streaming Analytics Comparison of Open Source Frameworks, Products and Cloud Services. Includes Apache Storm, Flink, Spark, TIBCO, IBM, AWS Kinesis, Striim, Zoomdata, ...
This session discusses the technical concepts of stream processing / streaming analytics and how it is related to big data, mobile, cloud and internet of things. Different use cases such as predictive fault management or fraud detection are used to show and compare alternative frameworks and products for stream processing and streaming analytics.
The focus of the session lies on comparing
- different open source frameworks such as Apache Apex, Apache Flink or Apache Spark Streaming
- engines from software vendors such as IBM InfoSphere Streams, TIBCO StreamBase
- cloud offerings such as AWS Kinesis.
- real time streaming UIs such as Striim, Zoomdata or TIBCO Live Datamart.
Live demos will give the audience a good feeling about how to use these frameworks and tools.
The session will also discuss how stream processing is related to Apache Hadoop frameworks (such as MapReduce, Hive, Pig or Impala) and machine learning (such as R, Spark ML or H2O.ai).
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Kai Wähner
In October 2014, I had a talk at Jazoon in Zurich, Switzerland: "A New Front for SOA: Open API and API Management as Game Changer"
Open API represent the leading edge of a new business model, providing innovative ways for companies to expand brand value and routes to market, and create new value chains for intellectual property. In the past, SOA strategies mostly targeted internal users. Open APIs target mostly external partners.
This session introduces the concepts of Open API, its challenges and opportunities. API Management will become important in many areas, no matter if business-to-business (B2B) or business-to-customer (B2C) communication. Several real world use cases will discuss how to gain leverage due to API Management. The end of the session shows and compares API management products from different vendors such as TIBCO API Exchange, IBM, Apigee, 3scale, WSO2, MuleSoft, Mashery, Layer 7, Vordel
Microservices - Death of the Enterprise Service Bus (ESB)? (Update 2016)Kai Wähner
Microservices are the next step after SOA: Services implement a limited set of functions. Services are developed, deployed and scaled independently.
Continuous Integration and Continuous Delivery control deployments. This way you get shorter time to results and increased flexibility. Microservices have to be independent regarding build, deployment, data management and business domains. A solid Microservices design requires single responsibility, loose coupling and a decentralized architecture. A Microservice can to be closed or open to partners and public via APIs. This session discusses the requirements, best practices and challenges for creating a good Microservices architecture, and if this spells the end of the Enterprise Service Bus (ESB). A live demo will show how middleware and Microservices complement each other using containers, continuous integration, REST services, and open source frameworks such as Cloud Foundry.
A live demo showed a "Microservices Middleware Architecture" using Cloud Integration (with Cloud Foundry PaaS), Integration and Services (with TIBCO BusinessWorks Container Edition), API Management / Open API (with Mashery) amd Log Management / IT Operations Analytics (ITOA, with Papertrail and LogLogic / Unity).
Tour through the history of middleware from old architectures to cloud-native middleware microservices leveraging Docker, Kubernetes, Cloudfoundry.
Microservices are the next step after SOA: Services implement a limited set of functions. Services are developed, deployed and scaled independently. Continuous Delivery automates deployments. This way you get shorter time to results and increased flexibility. Containers improve these even more offering a very lightweight and flexible deployment option.
In the middleware world, you use concepts and tools such as an Enterprise Service Bus (ESB), Complex Event Processing (CEP), Business Process Management (BPM) or API Gateways. Many people still think about complex, heavyweight central brokers. However, Microservices and containers are relevant not just for custom self-developed applications, but they are also a key requirement to make the middleware world more flexible, agile and automated.
This session focuses on live coding to demonstrate how to develop, deploy and operate cloud-native microservices in the middleware world. The live demos leverage frameworks and tools such as Docker, Kubernetes, Cloud Foundry, Consul, Spring Cloud Config, Eureka and Hystrix.
Comparison of Open Source Frameworks for Integrating the Internet of ThingsKai Wähner
Session from JFokus 2017 (https://www.jfokus.se/jfokus/talks.jsp#ComparisonofOpenSour) in Stockholm, Sweden.
This session shows and compares open source frameworks built to develop very lightweight applications or microservices, which can be deployed on small devices with very low resources and wire together all different kinds of hardware devices, APIs and online services. The focus of this session is the comparison of open source projects such as Node-RED or Flogo, which offer a zero-code environment with web IDE for building and deploying integration and data processing directly onto connected devices using IoT standards such as MQTT, WebSockets or CoaP, but also other interfaces such as Twitter feeds or REST services. The end of the session compares these open source projects to other options such as SaaS offerings like AWS IoT or more powerful streaming analytics platforms.
SOA, service-oriented architectures, burst on the scene in the new millennium as the latest technology to support application growth. In concert with the Web, SOA ushered in new paradigms for structuring enterprise applications.
At the Forward Internet Group in London, we are implementing SOA in unusual ways. Rather than a few, businessrelated services being implemented per the original vision, we have developed systems made of myriads of very small, usually shortlived services.
In this workshop, we will start by exploring the evolution of SOA implementations by the speaker. In particular, lessons learned from each implementation will be discussed, and reapplication of these lessons on the next implementation. Challenges (and even failures) will be explicitly identified.
We will arrive at a model of the current systems: An environment of very small services that are loosely coupled into a complex system. We explore the demise of acceptance tests in this complex environment, and the clever replacement of business metrics in their stead.
Finally, we will conclude with the surprising programmer development process impacts of this architecture. Indeed, bedrock principles of Agile have been rendered unnecessary, something that equally surprised us. (Presented at Agile India 2013)
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...Maarten Balliauw
API’s are the new apps. They can be consumed by everyone using a web browser or a mobile application on their smartphone or tablet. How would you build your API if you want these apps to be a full-fledged front-end to your service without compromising security? In this session, Maarten will explain how to build an API using the ASP.NET Web API framework and how the Windows Azure Access Control service can be used to almost completely outsource all security and OAuth-related tasks.
Presentation for the NJIT OpenSocial Hackathon on OpenSocial and it's use cases, OpenSocial Templates and Proxied Content, the OpenSocial Foundation, Apache Shindig and OpenSocial 2.0
There are several platforms you can authenticate users against without using a server, among them Facebook (who provides a JavaScript SDK) and Windows Live (who provides Oauth2 and bearer tokens). With these services, we can implement authentication flows nearly entirely in Ember. With the example of a real project (http://herehere.co), let’s see how to do this using dependency injection, dependency lookup, promises, and routing hooks.
OSCamp #4 on Foreman | CLI tools with Foreman by Martin BačovskýNETWAYS
Command-line is traditional environment for sysadmins and for most of them it is also the environment of choice. Scriptable interface is a key concept for automation which is getting more importance than ever before with infrastructures growing in size and complexity. Lets look together on command line tools for Foreman and possibilities for scripting Foreman related tasks.
The talk will focus on Foreman API, available auth methods, API bindings for ruby, Foreman GraphQL interface, Hammer (the command line client), and other tools. We will discuss pros and cons of various methods along with examples and possible use cases.
Nowadays many modern web applications are solely relying on JavaScript to render their frontend. But if you want to create mashups, load data from many different places or include external widgets into your site, you are quickly running into boundaries because of browser and security restrictions. In this presentation I will talk about techniques helping you with such problems.
An introduction to the basics of the Spring MVC Web framework. The concepts of front controller, controller (handler), model and view are introduced. The whole processing pipeline is discussed, with an in-depth description of the HandlerMapping and ViewResolver strategy interfaces. The alternative representations of the Model (Map, Model and ModelMap) are presented.
A tale of queues — from ActiveMQ over Hazelcast to Disque - Philipp Krenndistributed matters
After all the attention databases have been getting over the last years, it is high time to give some thought to queues. We will kick off with some considerations why you need queues in distributed systems and what their limitations are — in particular the at-least-once and at-most-once decision. Next we discuss our specific use case and why * we started off with ActiveMQ, * it's working ok for us, * we are looking for a better solution. While looking for a better solution, we considered Amazon SQS and RabbitMQ, but finally selected Hazelcast — which seemed to do everything for us. After the initial phase of enchantment, we came to realize that Hazelcast is actually not the right tool for us and why we do not want to fully rely on it. Luckily, Disque has just been released and looks really promising. And we have already started migrating to it, even though it's currently marked as alpha code.
Bringing nullability into existing code - dammit is not the answer.pptxMaarten Balliauw
The C# nullability features help you minimize the likelihood of encountering that dreaded System.NullReferenceException. Nullability syntax and annotations give hints as to whether a type can be nullable or not, and better static analysis is available to catch unhandled nulls while developing your code. What's not to like?
Introducing explicit nullability into an existing code bases is a Herculean effort. There's much more to it than just sprinkling some `?` and `!` throughout your code. It's not a silver bullet either: you'll still need to check non-nullable variables for null.
In this talk, we'll see some techniques and approaches that worked for me, and explore how you can migrate an existing code base to use the full potential of C# nullability.
Nerd sniping myself into a rabbit hole... Streaming online audio to a Sonos s...Maarten Balliauw
After buying a set of Sonos-compatible speakers at IKEA, I was disappointed there's no support for playing audio from a popular video streaming service. They stream Internet radio, podcasts and what not. Well, not that service I want it to play!
Determined - and not knowing how deep the rabbit hole would be - I ventured on a trip that included network sniffing on my access point, learning about UPnP and running a web server on my phone (without knowing how to write anything Android), learning how MP4 audio is packaged (and has to be re-packaged). This ultimately resulted in an Android app for personal use, which does what I initially wanted: play audio from that popular video streaming service on Sonos.
Join me for this story about an adventure that has no practical use, probably violates Terms of Service, but was fun to build!
Building a friendly .NET SDK to connect to SpaceMaarten Balliauw
Space is a team tool that integrates chats, meetings, git hosting, automation, and more. It has an HTTP API to integrate third party apps and workflows, but it's massive! And slightly opinionated.
In this session, we will see how we built the .NET SDK for Space, and how we make that massive API more digestible. We will see how we used code generation, and incrementally made the API feel more like a real .NET SDK.
Microservices for building an IDE - The innards of JetBrains Rider - NDC Oslo...Maarten Balliauw
Ever wondered how IDE’s are built? In this talk, we’ll skip the marketing bit and dive into the architecture and implementation of JetBrains Rider. We’ll look at how and why we have built (and open sourced) a reactive protocol, and how the IDE uses a “microservices” architecture to communicate with the debugger, Roslyn, a WPF renderer and even other tools like Unity3D. We’ll explore how things are wired together, both in-process and across those microservices.
Indexing and searching NuGet.org with Azure Functions and Search - .NET fwday...Maarten Balliauw
Which NuGet package was that type in again? In this session, let's build a "reverse package search" that helps finding the correct NuGet package based on a public type.
Together, we will create a highly-scalable serverless search engine using Azure Functions and Azure Search that performs 3 tasks: listening for new packages on NuGet.org (using a custom binding), indexing packages in a distributed way, and exposing an API that accepts queries and gives our clients the best result.
NDC Sydney 2019 - Microservices for building an IDE – The innards of JetBrain...Maarten Balliauw
Ever wondered how IDE’s are built? In this talk, we’ll skip the marketing bit and dive into the architecture and implementation of JetBrains Rider.
We’ll look at how and why we have built (and open sourced) a reactive protocol, and how the IDE uses a “microservices” architecture to communicate with the debugger, Roslyn, a WPF renderer and even other tools like Unity3D. We’ll explore how things are wired together, both in-process and across those microservices. Let’s geek out!
JetBrains Australia 2019 - Exploring .NET’s memory management – a trip down m...Maarten Balliauw
The .NET Garbage Collector (GC) helps provide our applications with virtually unlimited memory, so we can focus on writing code instead of manually freeing up memory. But how does .NET manage that memory? What are hidden allocations? Can we do without allocations? Are strings evil? It still matters to understand when and where memory is allocated.
In this talk, we’ll go over the base concepts of .NET memory management and explore how .NET helps us and how we can help .NET – making our apps better. Expect profiling, Intermediate Language (IL), ClrMD and more!
.NET Conf 2019 - Indexing and searching NuGet.org with Azure Functions and Se...Maarten Balliauw
Which NuGet package was that type in again? In this session, let's build a "reverse package search" that helps finding the correct NuGet package based on a public type.
Together, we will create a highly-scalable serverless search engine using Azure Functions and Azure Search that performs 3 tasks: listening for new packages on NuGet.org (using a custom binding), indexing packages in a distributed way, and exposing an API that accepts queries and gives our clients the best result.
https://blog.maartenballiauw.be/post/2019/07/30/indexing-searching-nuget-with-azure-functions-and-search.html
CloudBurst 2019 - Indexing and searching NuGet.org with Azure Functions and S...Maarten Balliauw
Which NuGet package was that type in again? In this session, let's build a "reverse package search" that helps finding the correct NuGet package based on a public type.
Together, we will create a highly-scalable serverless search engine using Azure Functions and Azure Search that performs 3 tasks: listening for new packages on NuGet.org (using a custom binding), indexing packages in a distributed way, and exposing an API that accepts queries and gives our clients the best result.
NDC Oslo 2019 - Indexing and searching NuGet.org with Azure Functions and SearchMaarten Balliauw
Which NuGet package was that type in again? In this session, let's build a "reverse package search" that helps finding the correct NuGet package based on a public type.
Together, we will create a highly-scalable serverless search engine using Azure Functions and Azure Search that performs 3 tasks: listening for new packages on NuGet.org (using a custom binding), indexing packages in a distributed way, and exposing an API that accepts queries and gives our clients the best result.
Approaches for application request throttling - Cloud Developer Days PolandMaarten Balliauw
Speaking from experience building a SaaS: users are insane. If you are lucky, they use your service, but in reality, they probably abuse. Crazy usage patterns resulting in more requests than expected, request bursts when users come back to the office after the weekend, and more! These all pose a potential threat to the health of our web application and may impact other users or the service as a whole. Ideally, we can apply some filtering at the front door: limit the number of requests over a given timespan, limiting bandwidth, ...
In this talk, we’ll explore the simple yet complex realm of rate limiting. We’ll go over how to decide on which resources to limit, what the limits should be and where to enforce these limits – in our app, on the server, using a reverse proxy like Nginx or even an external service like CloudFlare or Azure API management. The takeaway? Know when and where to enforce rate limits so you can have both a happy application as well as happy customers.
Indexing and searching NuGet.org with Azure Functions and Search - Cloud Deve...Maarten Balliauw
Which NuGet package was that type in again? In this session, let's build a "reverse package search" that helps finding the correct NuGet package based on a public type.
Together, we will create a highly-scalable serverless search engine using Azure Functions and Azure Search that performs 3 tasks: listening for new packages on NuGet.org (using a custom binding), indexing packages in a distributed way, and exposing an API that accepts queries and gives our clients the best result.
Approaches for application request throttling - dotNetCologneMaarten Balliauw
Speaking from experience building a SaaS: users are insane. If you are lucky, they use your service, but in reality, they probably abuse. Crazy usage patterns resulting in more requests than expected, request bursts when users come back to the office after the weekend, and more! These all pose a potential threat to the health of our web application and may impact other users or the service as a whole. Ideally, we can apply some filtering at the front door: limit the number of requests over a given timespan, limiting bandwidth, ...
In this talk, we’ll explore the simple yet complex realm of rate limiting. We’ll go over how to decide on which resources to limit, what the limits should be and where to enforce these limits – in our app, on the server, using a reverse proxy like Nginx or even an external service like CloudFlare or Azure API management. The takeaway? Know when and where to enforce rate limits so you can have both a happy application as well as happy customers.
CodeStock - Exploring .NET memory management - a trip down memory laneMaarten Balliauw
The .NET Garbage Collector (GC) is really cool. It helps providing our applications with virtually unlimited memory, so we can focus on writing code instead of manually freeing up memory. But how does .NET manage that memory? What are hidden allocations? Are strings evil? It still matters to understand when and where memory is allocated. In this talk, we’ll go over the base concepts of .NET memory management and explore how .NET helps us and how we can help .NET – making our apps better. Expect profiling, Intermediate Language (IL), ClrMD and more!
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...Maarten Balliauw
Ever wondered how IDE’s are built? In this talk, we’ll skip the marketing bit and dive into the architecture and implementation of JetBrains Rider. We’ll look at how and why we have built (and open sourced) a reactive protocol, and how the IDE uses a “microservices” architecture to communicate with the debugger, Roslyn, a WPF renderer and even other tools like Unity3D. We’ll explore how things are wired together, both in-process and across those microservices. Let’s geek out!
ConFoo Montreal - Approaches for application request throttlingMaarten Balliauw
Speaking from experience building a SaaS: users are insane. If you are lucky, they use your service, but in reality, they probably abuse. Crazy usage patterns resulting in more requests than expected, request bursts when users come back to the office after the weekend, and more! These all pose a potential threat to the health of our web application and may impact other users or the service as a whole. Ideally, we can apply some filtering at the front door: limit the number of requests over a given timespan, limiting bandwidth, ...
In this talk, we’ll explore the simple yet complex realm of rate limiting. We’ll go over how to decide on which resources to limit, what the limits should be and where to enforce these limits – in our app, on the server, using a reverse proxy like Nginx or even an external service like CloudFlare or Azure API management. The takeaway? Know when and where to enforce rate limits so you can have both a happy application as well as happy customers.
Microservices for building an IDE – The innards of JetBrains Rider - TechDays...Maarten Balliauw
Ever wondered how IDE’s are built? In this talk, we’ll skip the marketing bit and dive into the architecture and implementation of JetBrains Rider. We’ll look at how and why we have built (and open sourced) a reactive protocol, and how the IDE uses a “microservices” architecture to communicate with the debugger, Roslyn, a WPF renderer and even other tools like Unity3D. We’ll explore how things are wired together, both in-process and across those microservices. Let’s geek out!
JetBrains Day Seoul - Exploring .NET’s memory management – a trip down memory...Maarten Balliauw
The .NET Garbage Collector (GC) is really cool. It helps providing our applications with virtually unlimited memory, so we can focus on writing code instead of manually freeing up memory. But how does .NET manage that memory? What are hidden allocations? Are strings evil? It still matters to understand when and where memory is allocated. In this talk, we’ll go over the base concepts of .NET memory management and explore how .NET helps us and how we can help .NET – making our apps better. Expect profiling, Intermediate Language (IL), ClrMD and more!
The .NET Garbage Collector (GC) is really cool. It helps providing our applications with virtually unlimited memory, so we can focus on writing code instead of manually freeing up memory. But how does .NET manage that memory? What are hidden allocations? Are strings evil? It still matters to understand when and where memory is allocated. In this talk, we’ll go over the base concepts of .NET memory management and explore how .NET helps us and how we can help .NET – making our apps better. Expect profiling, Intermediate Language (IL), ClrMD and more!
VISUG - Approaches for application request throttlingMaarten Balliauw
Speaking from experience building a SaaS: users are insane. If you are lucky, they use your service, but in reality, they probably abuse. Crazy usage patterns resulting in more requests than expected, request bursts when users come back to the office after the weekend, and more! These all pose a potential threat to the health of our web application and may impact other users or the service as a whole. Ideally, we can apply some filtering at the front door: limit the number of requests over a given timespan, limiting bandwidth, ...
In this talk, we’ll explore the simple yet complex realm of rate limiting. We’ll go over how to decide on which resources to limit, what the limits should be and where to enforce these limits – in our app, on the server, using a reverse proxy like Nginx or even an external service like CloudFlare or Azure API management. The takeaway? Know when and where to enforce rate limits so you can have both a happy application as well as happy customers.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
The Art of the Pitch: WordPress Relationships and Sales
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control - TechDays Belgium 2013
1.
2.
3. Who am I?
Maarten Balliauw
Technical Evangelist, JetBrains
MyGet.org
AZUG
Focus on web
ASP.NET MVC, Windows Azure, SignalR, ...
MVP Windows Azure & ASPInsider
Buy me a beer! http://amzn.to/pronuget
http://blog.maartenballiauw.be
Shameless self promotion: Pro NuGet -
@maartenballiauw
http://amzn.to/pronuget
4. Agenda
Why would I need an API?
API characteristics
ASP.NET MVC Web API
Windows Azure ACS
6. Consuming the web
2000-2008: Desktop browser
2008-2012: Mobile browser
2008-2012: iPhone and Android apps
2010-2014: Tablets, tablets, tablets
2014-2016: Your fridge (Internet of Things)
14. What is an API?
Software-to-Software interface
Contract between software and developers
Functionalities, constraints (technical / legal) Programming instructions and
standards
Open services to other software developers (public or private)
15. Flavours
Transport Message contract
HTTP SOAP
Sockets XML
Binary
JSON
HTML
…
16. Technical
Most API’s use HTTP and REST extensively
Addressing
HTTP Verbs
Media types
HTTP status codes
Hypermedia (*)
18. HTTP Verbs
GET – return data
HEAD – check if the data exists
POST – create or update data
PUT – put data
MERGE – merge values with existing data
DELETE – delete data
19. Status codes
200 OK – Everything is OK, your expected data is in the response.
401 Unauthorized – You either have to log in or you are not allowed to
access the resource.
404 Not Found – The resource could not be found.
500 Internal Server Error – The server failed processing your request.
…
22. ASP.NET Web API
Part of ASP.NET MVC 4
Framework to build HTTP Services (REST)
Solid features
Modern HTTP programming model
Content negotiation (e.g. xml, json, ...)
Query composition (OData query support)
Model binding and validation (conversion to .NET objects)
Routes
Filters (e.g. Validation, exception handling, ...)
And more!
23. ASP.NET Web API is easy!
HTTP Verb = action
“Content-type” header = data format in
“Accept” header = data format out
Return meaningful status code
31. TechDays badges
“I received a ticket with a Barcode I can hand to
the Reception which gives me a Badge stating
Microsoft gives Me access to Kinepolis as a
Speaker on 5-7 March”
32. TechDays badges
+--------+ +---------------+
| |--(A)– Register for TechDays-->| Resource |
| | | Owner |
| |<-(B)-Sure! Here’s an e-ticket-| Microsoft |
| | +---------------+
| | .
| | +---------------+
| Client |--(C)----- Was invited! ------>| Authorization |
| Me | | Server |
| |<-(D)---- Here’s a badge! -----| Reception |
| | (5-7 March;speaker) +---------------+
| | .
| | +---------------+
| |--(E)------ Show badge ------->| Resource |
| | | Server |
| |<-(F)-- Enter speakers room ---| Kinepolis |
+--------+ +---------------+
Next year, I will have to refresh my badge
33. TechDays badges
“I received a ticket with a Barcode I can hand to the Reception which gives me a
Badge stating Microsoft gives Me access to Kinepolis as a Speaker on 5-7 March”
Me = Client
Delegation
Barcode = Access Code
Reception = Authorization Server
Microsoft = Resource Owner
Kinepolis = Resource Server
Badge = Access Token
Speaker = Scope
5-7 March = Token Lifetime
41. Access tokens / Refresh tokens
In theory: whatever format you want
Widely used: JWT (“JSON Web Token”)
Less widely used: SWT (“Simple Web Token”)
Signed / Encrypted
43. Is OAuth2 different from OpenID?
Yes.
OpenID = authN
OAuth2 = authN (optional) + authZ
http://softwareas.com/oauth-openid-youre-barking-up-the-wrong-tree-if-you-think-theyre-the-same-thing
http://blogs.msdn.com/b/vbertocci/archive/2013/01/02/oauth-2-0-and-sign-in.aspx
44. What you have to implement
OAuth authorization server
Keep track of supported consumers
Keep track of user consent
OAuth token expiration & refresh
Oh, and your API
47. ACS - Identity in Windows Azure
Active Directory federation
Graph API
Web SSO
Link apps to identity providers using rules
Support WS-Security, WS-Federation, SAML
Little known feature: OAuth2 delegation
50. OAuth2 delegation?
You: OAuth authorization server
ACS: Keep track of supported consumers
ACS: Keep track of user consent
ACS: OAuth token expiration & refresh
You: Your API
A couple of years ago, having a web-based application was enough. Users would navigate to it using their computer’s browser, do their dance and log out again. Nowadays, a web-based application isn’t enough anymore. People have smartphones, tablets and maybe even a refrigerator with Internet access on which applications can run. Applications or “apps”. We’re moving from the web towards apps.
A great example of an API is Twitter. They have a massive data store containing tweets and data related to that. They have user profiles. And a web site. And an API. Are you using www.twitter.com to post tweets? I am using the website, maybe once a year. All other tweets come either from my Windows Phone 7’s Twitter application or through www.hootsuite.com, a third-party Twitter client which provides added value in the form of statistics and scheduling. Both the app on my phone as well as the third-party service are using the Twitter API. By exposing an API, Twitter has created a rich ecosystem which drives their real value: data.
If you want to expose your data and services to external third-parties, you may want to think about building an API. Having an API gives you a giant advantage on the Internet nowadays. Having an API will allow your web application to reach more users. App developers will jump onto your API and build their app around it. Other websites or apps will integrate with your services by consuming your API. The only thing you have to do is expose a valuable, managed and supported API and get people to know it. Apps will come. Integration will come.
The mainidea of API’s is tobroadenyourreach. Youcan’tcreateappsthatcanbeused on every fridge out there, it’s way toocostly. But ifyou have a valuable service which is supported, peoplewillbuildappsaround it. Andifitmakes sense toanyonetocreate a fridge app on top of your API, itwill happen.
You’renot the onlyone. Thenumber of API’s is growing at a fast pace and the number of appsandmashups on different devicesgrowswiththat. Ifyou want market share, your best chance of growingit is in building a valuable API.
An API is simply a software-to-software interface, defined by whoever is exposing the API to public or private users. It defines constraints, both technical as well as legal. Twitter for example defines a usage constraint: if you are using their API without paying you will be limited to a certain number or requests.
We can inform the server of what we intend to do using one of the standard HTTP verbs. There are more verbs if you like, but these are the most widely used.
There’s a large number possible status codes you can use. Here are some you will most commonly encounter:200 OK – Everything is OK, your expected data is in the response.401 Unauthorized – You either have to log in or you are not allowed to access the resource.404 Not Found – The resource could not be found.500 Internal Server Error – The server failed processing your request.See the theme? 1XX are informational. 2XX codes mean “successful”. 3XXX tell you to go elsewhere, like our 302 example above. 4XX means the client has done something wrong. A wrong address or a wrong request. 5XX means the server has had a problem, like the feared error 500 – Internal Server Error you see on some websites.
Here are four basic conventions for ASP.NET Web API:Requests have an HTTP verb defined. This maps to the API controller’s action method.Requests have an Accept header. This is handled by ASP.NET Web API’s MediaTypeFormatter and will transform the request to your controller from JSON, XML or whatever format you want to add as a MediaTypeFormatter.Responses have an HTTP status code.Responses are formatted by ASP.NET Web API’s MediaTypeFormatter into JSON, XML or whatever format you want to add as a MediaTypeFormatter.
If you decide that your API isn’t public or specific actions can only be done for a certain user (get me my tweets, Twitter!), you’ll be facing authentication and authorization problems. With ASP.NET Web API, this is simple: add an [Authorize] attribute on top of a controller or action method and you’re done, right? When using the out-of-the-box authentication/authorization mechanisms of ASP.NET Web API, you are relying on either forms authentication or Windows authentication. Both require the user to log in. And as your API user isn’t really your user, but an application acting on behalf of a user, that means that the application should know the user’s credentials. Would you give your username and password to a third-party website to access your Twitter account? I don’t think so.
I want you to remember one sentence: “your API user isn’t really your user, but an application acting on behalf of a user”. It has implications. It means you are “delegating” access to an API to a consuming application.
As anexample, take lanyrd.com. They keep track of conferences you’llbespeaking at and conferences thepeopleyou follow on Twitter are speaking at. To get that data, theyneed access to the list of peopleyou follow on Twitter. Here’swhathappens:You want to log in on Lanyrd, theyredirectyoutoTwitter’s login page. Notice the token in the address bar: itidentifies the callingapplicationtoTwitter.You log in on Twitterandgive consent with a limited scope: Lanyrdwillbeabletoseeyourtimelineand get the list of peopleyou follow. The scope is limitedtothat: Lanyrdcan’ttweet on mybehalf. Theycan’tfavoritetweets. Or sendmessages. Or do anythingelse.Twitterredirects me back toLanyrd, posting back a “refresh” tokenWhatyoudon’tsee:Lanyrdusesthat token torequestan “access token” fromTwitter.Twitter checks the validity of the incoming token and checks the origin, to make sure no otherapplication but Lanyrdcomes in withthat token.Whenvalid, Twitter returns an access token toLanyrd, containing:An access keyA new refresh tokenThe allowed scopeValiditydurationA signature- When the token expires, Lanyrduses the new refresh token to go throughthisprocessagain.
There’s a lot toimplement.
One of the interesting components in the Windows Azure platform is the Access Control Service (ACS). ACS allows you to outsource your authentication and authorization woes and have Microsoft handle those. At www.myget.org, an application me and a colleague have been working on, you’ll find that you can log in through a variety of identity providers (Windows Live ID, Google, Facebook, GitHub, …). We don’t have to do anything for that: ACS solves this and presents us with a set of claims about the user, such as his username on GitHub. If we want to add another identity provider, we simply configure it in ACS and without modifying our code, you can login through that new identity provider.Next to that, ACS provides a little known feature: OAuth2 delegation support. The idea with that is that your application’s only job is to ask the user if a specific application can act on his or her behalf and store that decision in ACS. From then on, the client application will always have to go to ACS to fetch an access token and a refresh token which can be presented to your API.
This approach comes in very handy! Every client application will only have to ask our Authorization server once for user consent, after which ACS will take care of handing out access tokens, expiring tokens, renewing tokens and so on. ACS handles all the authentication and authorization load for us, even with 1 billion apps and users consuming my API. And all of that for just 19 US$ per million actions on ACS (see pricing calculator).
There’s a lot toimplement. Whynot outsource itto Windows Azure ACS?You: OAuthauthorization server youdecidewho is granted access andwho’snot. You’ll have totell ACS aboutthis, but apart fromthatyou have nothingto do.ACS: Keep track of supportedconsumers based on your inputACS: Keep track of user consent based on the user’s inputACS: OAuth token expiration & refresh based on all of the aboveYou: Your API of course!
API’s are the new apps. They can be consumed by everyone using a web browser or a mobile application on their smartphone or tablet. How would you build your API if you want these apps to be a full-fledged front-end to your service without compromising security? In this session, Maarten will explain how to build an API using the ASP.NET Web API framework and how the Windows Azure Access Control service can be used to almost completely outsource all security and OAuth-related tasks.We’re moving from the web towards apps. Next to your website, apps are becoming more and more popular as an alternative manner to consume your data and services. Why not use that as a lever to reach more users? By exposing an API, you’re giving third party app developers the opportunity to interface with your services and at the same time, they are the advocate of them. Embrace them, give them a good API.Of course, that API should be protected. OAuth2 is becoming the de-facto standard for that but requires some server-side coding on your part. If you just want to focus on the API and delegate the heavy lifting and scaling of the OAuth2 protocol, you may as well delegate it to the Windows Azure Access Control Service. WindowsAzure.Acs.Oauth2 will help you with that.