Move To Cloud – Platform Website

In the previous post we summed up the components for the Cloud Platform. In this post lets get started with building an Azure Website that will host our Cloud Platform pages and services. This site will also provide Tokens to clients for authenticated access to hosted services and resources. To keep it really simple I will make it as a simple web application with an aspx pages and Ajax enabled REST web service endpoints. I will not use the MVC pattern or WEB API as I do not want to add all the extras that  gets included using the MVC templates.

So first things first we need to go to the Azure Management Portal and provision a website, and add two Applications in the Azure Active Directory. ( as follows.


our website named “platformservices” at


Add two applications in our Active Directory


1 – Platform Services (Enabling Sign On at:
2 – Platform Toolkit Client (Enabling Azure Management Services)


With the above setup in place we are ready to build the web application that will be hosted on this site and will provide an aspx page that will enable single sign on, in our case we will just get the user’s identity. Visual Studio 2012 use to provide an add-on for Identity And Access enabling single Sign On to a web application, this has been changed in Visual Studio 2013, we will use Visual Studio 2013 to create a web.config file with the required markup needed to enable Federated Authentication.



By downloading the publish profile from the Azure Management Portal for the Platform Services Azure website that we put together earlier we can now publish our Visual Studio Solution. This solution only has a page called identitytoken.aspx. This page provides authenticated access using the Azure Active Directory user credentials. If the user is logged into Office 365 or Azure, it will print the user name and if not logged in; will be redirected to the login page.


After publishing the solution and navigating to we will be getting a login screen like this and if we are already signed then the user name will be displayed.


Great progress – we now have a web site that can be used to add Platform Services that can be securely accessed by client application. In the next post we will put together some use cases for using this platform. We will build a REST service endpoint and an app that will communicate with each other and exchanging Tokens for authentication and authorization.

Good luck.. Stay tuned. Tomorrow is Sunday so I may get some time to move this further.



Move To Cloud – Cloud Platform

In the last post we narrowed down on what is in our bag towards building a cloud platform. We identified Office 365 and Microsoft Azure as the base for the Cloud Platform. This platform will provide patterns for implementing  mid tier web services, jobs, cache, storage and of-course cloud identity based authentication and authorization, in short everything that an enterprise developers team will use as a framework to build custom solutions. We will be making use of the following:

  • Azure Active Directory
  • Azure Web Sites
  • Azure Redis Cache
  • Azure SQL Storage
  • Azure Job Scheduler

Additionally I will be using Office 365 – SharePoint and Exchange online to build following

  • SharePoint Apps
  • Email Notifications

We will break this framework as follows:

  • Cloud Platform Toolkit (.net dll)
  • Cloud Platform Services (WCF REST Services)
  • Cloud Platform App (SharePoint App)

Cloud Platform Toolkit:
The toolkit will provide .net developers a collection of classes and methods to access SharePoint and Azure securely from WCF service endpoints. This approach will also enforce the abstraction of sensitive credential information as service accounts, connection string etc. Just to make clear that we are not building a composite Cloud App but instead we will be building atomic REST Web Services that can be consumed by Apps for SharePoint and mobile devices.


Above image highlights a summary of classes that the toolkit will provide. I will talk about the first aspect of the Cloud Platform in the next post that will cover storing of Credentials (Service Accounts), we will store them as Connection Strings in Azure Websites with Encryption and Expiration, that almost all Enterprise Security Officers ask for. We will be tapping into Azure Management APIs and will provide some REST endpoints to achieve this functionality.

Link to Azure Management Services for Azure websites.

There are also a handful of NUGET packages wrapping these REST services and providing a .NET wrapper, it will be easy to use them but I am not sure how flexible they are so I will try to use the REST APIs directly using the HTTP GET/PUT/POST.