In the last post we looked at tidying up knockout and kendo grid integration. We created a knockout binding handler and made use of Knockout-Kendo to tidy the integration. This time we’ll look at extending that handler to add two nice features...

For the last six months I have spent a lot of time working on dynamic JavaScript UIs, and naturally we discovered and adopted Knockout to apply the Model-View-View Model (MVVM) pattern...

OK, so it’s been a long time since I last blogged about writing database agnostic LINQ. Over this time there have been a few other ‘issues’ we’ve encountered, and it’s time to put these down for future reference!

It is with my great pleasure to announce that I will be speaking at TechEd Australia 2012!

The title of my talk is Authentication in the cloud: Step by step.

When migrating internal applications to the cloud it is no longer possible to hide behind firewalls and windows authentication. Care needs to be taken to make sure your applications are secure. This talk will be based on a real-life example of migrating an application from an internal windows authentication style environment to the cloud. We will start with a simple WCF service that uses netTcpBinding with windows auth and change the bindings to use a Federation server via the Azure Access Control Service (ACS). Care will be taken to compare the authentication methods. Additionally different configurations of the bindings will be explored to cover a number of security implementations (For instance the differences between certificate encryption of your tokens or just running them over SSL)

Hope to see you there!

In my last post I described how to authenticate against ACS (The Azure Access Control Service) using the inbuilt username/password store in ACS. In this post I will instead look at authentication using the WS-Trust protocol with ACS being supplied with tokens by ADFS (Active Directory Federation Services). In this scenario a client will be authenticated using their windows credentials in their domain for a service that is outside the domain (ie in the cloud).

Actually, it is a bit unnessecary to go via ACS – you could authenticate straight to ADFS. But personally I find setting up relying parties much easier on ACS, also this would allow you to combine multiple identity providers.

Windows Authentication with ACS/ADFS

Let us look at the underlying steps that we want to reproduce in this example:

1. The user tries to access our service (they are currently logged into the domain)
2. The binding knows it has to get a token from ADFS using the current credentials
3. The binding sends the acquired token to ACS
4. The service gets sent the token (along with it’s appropriate claims)

The great thing is that all we have to change from the last post are the binding elements… so lets do that:

<ws2007FederationHttpBinding>
  <binding name="serviceBinding">
    <security mode="TransportWithMessageCredential">
      <message establishSecurityContext="false" issuedKeyType="BearerKey" >
        <issuerMetadata address="https://test.accesscontrol.windows.net/v2/wstrust/mex" />
        <issuer address="https://test.accesscontrol.windows.net/v2/wstrust/13/issuedtoken-symmetric" binding="ws2007FederationHttpBinding" bindingConfiguration="acsBinding" />
        <claimTypeRequirements>
          <add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" isOptional="true" />
        </claimTypeRequirements>
      </message>
    </security>
  </binding>
  <binding name="acsBinding">
    <security mode="TransportWithMessageCredential">
      <message establishSecurityContext="false" issuedKeyType="BearerKey" >
        <issuer address="https://adfs.somesite.com/adfs/services/trust/13/windowsmixed" binding="ws2007HttpBinding"  bindingConfiguration="adfsBinding" />
      </message>
    </security>
  </binding>
</ws2007FederationHttpBinding>
<ws2007HttpBinding>
  <binding name="adfsBinding">
    <security mode="TransportWithMessageCredential">
      <transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
      <message clientCredentialType="Windows" establishSecurityContext="false" algorithmSuite="Default" negotiateServiceCredential="true" />
    </security>
  </binding>
</ws2007HttpBinding>

In this case we have three bindings – the first describes the binding between the client and server. This is an ‘issued token’ type binding (from ACS) so is under ws2007FederationBinding. The next describes the binding between the client and acs, which is also an issued token binding (from ADFS). The final binding describes the binding between the client and adfs. My notes on the above:

1. TransportWithMessageCredential/BearerKey – Like the last post I am relying on https transport for my token encryption. So I also set the token type as BearerKey for both of the bindings that rely on issued tokens.
2. ClaimTypeRequirements – These are the same in the service binding, but for the acs binding I don’t have to worry about it because ACS and ADFS will work it out on their own.
3. IssuerAddress – This have changed in this scenario. Because the ACS is using an issued token we have to use the issuedtoken endpoint address (v2/wstrust/13/issuedtoken-symmetric). For the ADFS endpoint address we will be using windows authentication (over https) so we want to use the windowsmixed endpoint (adfs/services/trust/13/windowsmixed). You could actually do username authentication instead, but then it would not automatically log you in like it does with windows auth.
4. clientCredentialType – I chose windows authentication for this blog post so I could illustrate what a windows auth binding to adfs might look like. It is really easy just set the clientCredentialType to “Windows”.

You might already see how all this becomes very composable. For instance if you just wanted to authenticate against ADFS you would drop the ACS binding and have the issuer address of the service binding to point straight to the ADFS endpoint.

So go ahead and change your netTcpBindings to ws2007 bindings and push your application to the cloud just by changing the web.config. You can thank me later ;)

So you have a cool WCF app that used to use windows authentication and want to push it up to the cloud? In this case you might want to open up your bindings to use WS-Trust protocol, which would allow you to connect to your service whilst still using your windows credentials. I found a number of examples on the internet to do this via code, but nothing that was very helpful with using configuration – so I am here to fix that!

I was working on a test application for work today and I had to use OAuth to access google calendar information from a user (to ultimately display it). The documentation was pretty good, however there really wasn’t an example around that didn’t have all the google libraries attached to it. Hopefully this post will make it easier for the next person!

When updating one of our services into Azure I had a hell of a time finding a workable example that I could base my work on. The issue was that I had a WCF binding (originally net.tcp binding) that I wanted to authenticate via the ACS (Eventually to use ADFS). In this post I will go halfway and show how to set up your bindings via code to do Username authentication in ACS.

Version 0.0.4 of NodeAssets is available and I have have finally added in pure .NET compilers that can be used out of the box.

I am happy after many weeks of development to show to the world my awesome c# .net asset manager – Node Assets.

For this post you should already be familiar with using ninject for your DI needs. You would then be familiar with explicit binding and also possibly even the default convention based binding (using the Ninject.Extensions.Conventions package). We will take this a step further and see how we can define our own custom convention based bindings.

I have been working on a number of projects lately within nodejs and of course I have come across the requirement to store some data. Due to the loosely coupled nature of my data (a series of blog posts) I have gone down the NOSQL route, in particular using the redis library which is a nodejs wrapper for the redis server. In this post I hope to explore the advantages of a nosql database and make it easy using my own library redis-model.

A brief post on enhancing the user experience (in my opinion) when using the Telerik MVC Grid in batch editing mode...

Ok so I have been away for the last couple months working on a website for myself as a way to learn new things, and I thought it was about time to share some of my experiences. In this blog post I will be talking about nodejs, but more specifically to write a write a web app (from server to client) completely 100% in coffeescript.

A project I was working on had a fairly unique storage requirement: I needed a storage medium in which I could query its contents VERY quickly with Contains(), even when the set was relatively large; and when it reached a set size, it should start replacing its oldest values with incoming values – essentially a queue where the oldest values get trimmed once the queue reaches a certain size. Lets take a look at the solution achieved.

As promised at the end of Custom WCF Services in SharePoint 2010 – Part 1 we take a look at another approach to configuring our custom service. This approach also has another benefit that allows us to get around an issue that appears to exist with the Microsoft implementation of the Factories provided in the Microsoft.SharePoint.Client.Services namespace...

It has always been the case with SharePoint that you sometimes need to develop custom ‘services’ to get a particular job done, and this is no exception with 2010. The provided services have continued to expand/improve over the years when compared back to earlier versions of SharePoint, but they are obviously general and not going to perform every function we might require. Enter custom WCF Services...

I have spent some time binging for solutions to the following issue: You have a product which leverages visual studio setup and deployment packages. You wish to build the MSI as part of your automated build process in Team Build 2010, and you want the built MSI to include transformed configuration files.

I thought I would do a short but sweet blog post about getting web.config transforms (and any other XDT transform) working when automating your project builds with Team Build 2010.

Now there is a fragmented headline! The reason for it is to hopefully guide people searching on this issue to this post, because it took me about a day of flexing my Bing-Fu before I finally came up with the correct search term that directed me to a solution.