Google+

//Build 2014 Ultimate Recap - with Links!

  • Windows Phone - Lots of industry excitement!
    • 8.1 developer preview will be available soon. Joe Belfiore said check back next week :-)
    • Action center + notification center
    • New keyboard - new world record holder
    • Cortana
      • Cortana = Siri + Google Now + Developer Extensibility
      • Interviewed personal assistants
      • Notebook stores relevant information
    • Quiet hours
    • HIGHLY customizable lock screen
    • Rewritten calendar
    • Store apps on the SD card
    • IE 11
      • WebGL
    • Bluetooth LE
    • VPN
    • Windows is now free for any screen under 9"
    • Existing apps can run in compatibility mode
    • Buy applications and in-app purchases and share then between Win8.1 and WP8.1
    • Geofencing
    • WiFi sense - auto-WiFi portal login and password sharing with friends
    • Signed and encrypted email
    • Switch calls to Skype while on a call
    • Battery Sense - Monitor battery performance by application
    • New Nokia phones announced
  • Azure
    • New portal focused on merging separate products and supporting DevOps
      • Integrated billing
      • Integrated Visual Studio Online
    • Remote debugging in IaaS - thanks to the agent
    • Websites
      • Free SSL certs for web sites
      • Java support
      • Autoscale GA
      • Traffic Manager GA
    • SQL Databases
      • Restore from backups at regular intervals
      • Max size for premium is now 500GB, up from 150GB
    • Big pricing drops
      • Compute by up to 35%
      • Storage by up to 65%
      • New "basic" tier without load balancing - 27% price drop
    • Orleans preview released - The framework that powers Halo's distributed cloud services
    • Partnerships with Chef and Puppet to run their management software on Azure
    • Mobile services
      • Offline sync capability
      • Kindle push notifications GA
    • New CDN Service
      • Can point at blobs
      • Can point at a content folder. Previously this was /content/, and it is now /cdn/
    • Azure Active Directory Premium GA
      • Multi-factor authentication
      • Machine learning-based security & reports
      • Self-service password reset
      • Company branding
  • .NET/Windows

Adding Authentication to your Windows Store Application & API

In a hackfest this past weekend, I integrated Windows Azure Active Directory (WAAD) into the manufacturing project I'm working on. This is meant as a gentle introduction and is not a comprehensive guide to adding authentication to your application. The application consists of a Windows 8 Store application and a WebAPI backend that interfaces with the rest of the backend systems.

In the early days of .NET, we had to create our own database of users and manage all aspects of getting them logged in. .NET 2.0 introduced ASP.NET membership, which let us offload most of the work. Now, we offload all of the work to WAAD.

What is WAAD?

Active Directory Authentication

WAAD gives us a user directory (and more) and makes it easy to integrate a secure login to your applications with very little work.

Unlike the on-premise version of Active Directory, this is purely for user authentication, not machine authentication (yet).

Active Directory Users List

Long Description:

Enterprise level identity and access management for all your cloud apps. Windows Azure Active Directory is a comprehensive identity and access management cloud solution. You can manage user accounts, synchronize with on-premises directories, get single sign on across Azure, Office 365 and hundreds of popular SaaS applications like Salesforce, Workday, Concur, DocuSign, Google Apps, Box, ServiceNow, Dropbox, and more.

Adding a Login Screen

In our Windows 8.1 application, Login.xaml is the first page we navigate to. The key in this page is that it calls AcquireTokenAsync. This method handles the whole authentication process for us, including bringing up the login dialog:

var authContext = new AuthenticationContext("https://login.windows.net/" + authConfig.DirectoryDomain);
var result = await authContext.AcquireTokenAsync(authConfig.AppRedirectUri, authConfig.AppClientId, new Uri(authConfig.ApiAppSignOnUrl));

Login Screen

Let me repeat this in case it's not sinking in. One line of code has given us an entire functional login dialog!

This is part of the Windows Azure AD Authentication Library for .NET and available through a pre-release NuGet.

(Pro tip: Call TokenCacheStore.Clear() on your AuthenticationContext during WAAD development to clear your cached credentials to force it to authenticate you each time)

Of course AcquireTokenAsync requires parameters that we configured in our WAAD instance. Fortunately we’re using the ConventionConfig library (shameless plug) to store and share our configuration details. This gives us a great centralized location to keep track of the settings we supplied when we configured the directory application.

When the authentication succeeds, we get back a result that has some useful information. First, it contains a bearer token. This is a token that we’ll put in our HTTP calls to prove our identity. We also get a UserInfo object back that contains things like first/last/email.

To make it easy to handle the bearer token, I subclassed the HttpClient like so:

public class SecureHttpClient : HttpClient
{
    public SecureHttpClient(string bearerToken)
    {
        DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", bearerToken);
    }
}

Now we can make secure we calls like this:

var secureHttpClient = new SecureHttpClient(app.BearerToken);
var response = await secureHttpClient.GetAsync("http://localhost:3184/api/echo?whoami=true");

If we don’t pass the bearer token, we’ll get a 401 (we'll configure the WebAPI in a moment).

var httpClient = new HttpClient();
var response = await httpClient.GetAsync("http://localhost:3184/api/echo?whoami=true");

If you're using an IoC container, or you don't feel comfortable inheriting from HttpClient, you could also use a factory method to create a configured HttpClient.

In the WebAPI

In the WebAPI project we use OWIN to allow easy injection of middleware. In this case, I’m referencing Microsoft.Owin.Security.ActiveDirectory. In an OWIN startup task, we call the following:

app.UseWindowsAzureActiveDirectoryBearerAuthentication(
    new WindowsAzureActiveDirectoryBearerAuthenticationOptions
    {
        Audience = config.ApiAppId,
        Tenant = config.DirectoryDomain
    });

Now, it’s just a matter of using the built-in WebAPI authorization functionality. We can put an [Authorize] attribute on a controller or action, or just make everything require authorization by default (probably the best way).

[Authorize]
public string Get(bool whoAmI)
{
...

In an API action, we can get information about the user through the standard ClaimsPrincipal.Current property.

It’s pretty amazing once you get everything in place.

Valuable Resources I Used

Introducing the Modern Manufacturing Framework

Manufacturing is responsible for the clothes you wear, the products you use every day, and has assembled nearly every object in the room with you right now. Data, data, data - Manufacturing is responsible for generating Exabyte's of data that gets collected, stored, and analyzed every year. That's far more data than any other sector.

Plant Worker

In my role with Microsoft, I'm working with commercial software vendors on a daily basis to help them build cloud solutions. Manufacturing is becoming extremely competitive, to the point where the only survivors are those that can efficiently mine the insights from their data in real-time and adapt/react quickly. Thanks to technology, manufacturers in the United States have become the most productive in the world.

Within the Technology Evangelism & Development (TED) team, we're working hard to identify common patterns where we can build reusable open source frameworks. My goal is to bring these frameworks together in the context of manufacturing, while filling in some of the holes that exist currently. Microsoft already has a reference architecture for Discrete Manufacturing (DIRA). While the goals of the DIRA project are similar, our project complements those patterns with a concrete implementation showcasing Microsoft technologies.

Manufacturing Landscape & Trends

Manufacturing Trends

Data collection in manufacturing is rooted in technologies whose protocols were developed decades ago. Traditionally, data collection and storage has been siloed by physical location. Companies with multiple facilities have struggled with not just getting their data into a central location, but storing and processing that data at scale. Cloud computing can provide a centralized storage location and the scaleable processing required to make sense of it.

When you look at the design of software that has been around for a decade or more, you'll see that as an industry we've gotten really good at adding features. Historically this meant adding more buttons to toolbars or menus. Modern software design requires us to focus on usability. In manufacturing, this means designing intuitive role-based displays. Mobile software has taught us that focused simplicity can be a valuable advantage. Less training means lower costs for new employees, and makes it easier to collect the right information from the right people.

Toolbars vs Simplicity

This framework is...

  • focused on the MES portion of discrete manufacturing.
  • an end-to-end data pipeline capable of pulling data from existing systems (using adapters) and ultimately display that information and provide self-service business intelligence.
  • decomposable - components are interface-based so that any portions can be used individually. Use as little or as much as you like.
  • extensible - because of the modular design approach, the framework can be extended limitlessly.
  • open source - it will be licensed under the MS-PL.
  • using Microsoft technologies such as Windows Azure and Windows 8, although non-Microsoft technologies will be used where appropriate.
  • aligned with tomorrows manufacturing trends such as Industry 4.0.

This framework is not...

  • competing with other Microsoft efforts. It's meant to fill in gaps, not replace existing solutions in development.
  • the best way to push data. It simply demonstrates one possible solution.
  • the best way to store data. It simply demonstrates one possible solution.
  • The best way to process data. It simply demonstrates one possible solution.
  • embedded. This framework is a level above the embedded device ecosystem, but can use data generated or collected by devices.
  • competing with partners already in this space. This is designed to help accelerate partner application development, and gives them opportunities to add their business value.

Going Forward

For now, my goal was to simply introduce the project. I'll be working on a series of blog posts discussing the architecture and the various goals. Be sure to subscribe for updates!

Jason Young I'm Jason Young, software developer at heart, technical evangelist for Microsoft by day. This blog contains my opinions, of which my employer may not share.

@ytechieGitHubLinkedInStack Overflow