TechEd 2014 Ultimate Recap - with Links!

Just like my //Build 2014 Ultimate Recap - with Links!, I'll be doing the same for TechEd. I'll keep updating this content with new announcements until the end of TechEd. Keep in mind that my outline is developer focused, so I won't go as deep on the IT Pro topics.

New Services

Services that are now GA (general availability)

Visual Studio

Like this post? Please share it!

See a mistake? Edit this post!

//Build 2014 Ultimate Recap - with Links!

  • Windows Phone - Lots of industry excitement!
    • 8.1 developer preview will be available soon. Joe Belfiore said check back next week :-)
    • Action center + notification center
    • New keyboard - new world record holder
    • Cortana
      • Cortana = Siri + Google Now + Developer Extensibility
      • Interviewed personal assistants
      • Notebook stores relevant information
    • Quiet hours
    • HIGHLY customizable lock screen
    • Rewritten calendar
    • Store apps on the SD card
    • IE 11
      • WebGL
    • Bluetooth LE
    • VPN
    • Windows is now free for any screen under 9"
    • Existing apps can run in compatibility mode
    • Buy applications and in-app purchases and share then between Win8.1 and WP8.1
    • Geofencing
    • WiFi sense - auto-WiFi portal login and password sharing with friends
    • Signed and encrypted email
    • Switch calls to Skype while on a call
    • Battery Sense - Monitor battery performance by application
    • New Nokia phones announced
  • Azure
    • New portal focused on merging separate products and supporting DevOps
      • Integrated billing
      • Integrated Visual Studio Online
    • Remote debugging in IaaS - thanks to the agent
    • Websites
      • Free SSL certs for web sites
      • Java support
      • Autoscale GA
      • Traffic Manager GA
    • SQL Databases
      • Restore from backups at regular intervals
      • Max size for premium is now 500GB, up from 150GB
    • Big pricing drops
      • Compute by up to 35%
      • Storage by up to 65%
      • New "basic" tier without load balancing - 27% price drop
    • Orleans preview released - The framework that powers Halo's distributed cloud services
    • Partnerships with Chef and Puppet to run their management software on Azure
    • Mobile services
      • Offline sync capability
      • Kindle push notifications GA
    • New CDN Service
      • Can point at blobs
      • Can point at a content folder. Previously this was /content/, and it is now /cdn/
    • Azure Active Directory Premium GA
      • Multi-factor authentication
      • Machine learning-based security & reports
      • Self-service password reset
      • Company branding
  • .NET/Windows

Like this post? Please share it!

See a mistake? Edit this post!

Adding Authentication to your Windows Store Application & API

In a hackfest this past weekend, I integrated Windows Azure Active Directory (WAAD) into the manufacturing project I'm working on. This is meant as a gentle introduction and is not a comprehensive guide to adding authentication to your application. The application consists of a Windows 8 Store application and a WebAPI backend that interfaces with the rest of the backend systems.

In the early days of .NET, we had to create our own database of users and manage all aspects of getting them logged in. .NET 2.0 introduced ASP.NET membership, which let us offload most of the work. Now, we offload all of the work to WAAD.

What is WAAD?

Active Directory Authentication

WAAD gives us a user directory (and more) and makes it easy to integrate a secure login to your applications with very little work.

Unlike the on-premise version of Active Directory, this is purely for user authentication, not machine authentication (yet).

Active Directory Users List

Long Description:

Enterprise level identity and access management for all your cloud apps. Windows Azure Active Directory is a comprehensive identity and access management cloud solution. You can manage user accounts, synchronize with on-premises directories, get single sign on across Azure, Office 365 and hundreds of popular SaaS applications like Salesforce, Workday, Concur, DocuSign, Google Apps, Box, ServiceNow, Dropbox, and more.

Adding a Login Screen

In our Windows 8.1 application, Login.xaml is the first page we navigate to. The key in this page is that it calls AcquireTokenAsync. This method handles the whole authentication process for us, including bringing up the login dialog:

var authContext = new AuthenticationContext("" + authConfig.DirectoryDomain);
var result = await authContext.AcquireTokenAsync(authConfig.AppRedirectUri, authConfig.AppClientId, new Uri(authConfig.ApiAppSignOnUrl));

Login Screen

Let me repeat this in case it's not sinking in. One line of code has given us an entire functional login dialog!

This is part of the Windows Azure AD Authentication Library for .NET and available through a pre-release NuGet.

(Pro tip: Call TokenCacheStore.Clear() on your AuthenticationContext during WAAD development to clear your cached credentials to force it to authenticate you each time)

Of course AcquireTokenAsync requires parameters that we configured in our WAAD instance. Fortunately we’re using the ConventionConfig library (shameless plug) to store and share our configuration details. This gives us a great centralized location to keep track of the settings we supplied when we configured the directory application.

When the authentication succeeds, we get back a result that has some useful information. First, it contains a bearer token. This is a token that we’ll put in our HTTP calls to prove our identity. We also get a UserInfo object back that contains things like first/last/email.

To make it easy to handle the bearer token, I subclassed the HttpClient like so:

public class SecureHttpClient : HttpClient
    public SecureHttpClient(string bearerToken)
        DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", bearerToken);

Now we can make secure we calls like this:

var secureHttpClient = new SecureHttpClient(app.BearerToken);
var response = await secureHttpClient.GetAsync("http://localhost:3184/api/echo?whoami=true");

If we don’t pass the bearer token, we’ll get a 401 (we'll configure the WebAPI in a moment).

var httpClient = new HttpClient();
var response = await httpClient.GetAsync("http://localhost:3184/api/echo?whoami=true");

If you're using an IoC container, or you don't feel comfortable inheriting from HttpClient, you could also use a factory method to create a configured HttpClient.

In the WebAPI

In the WebAPI project we use OWIN to allow easy injection of middleware. In this case, I’m referencing Microsoft.Owin.Security.ActiveDirectory. In an OWIN startup task, we call the following:

    new WindowsAzureActiveDirectoryBearerAuthenticationOptions
        Audience = config.ApiAppId,
        Tenant = config.DirectoryDomain

Now, it’s just a matter of using the built-in WebAPI authorization functionality. We can put an [Authorize] attribute on a controller or action, or just make everything require authorization by default (probably the best way).

public string Get(bool whoAmI)

In an API action, we can get information about the user through the standard ClaimsPrincipal.Current property.

It’s pretty amazing once you get everything in place.

Valuable Resources I Used

Like this post? Please share it!

See a mistake? Edit this post!

Jason Young I'm Jason Young, software engineer. This blog contains my opinions, of which my employer - Microsoft - may not share.

@ytechieGitHubLinkedInStack OverflowPersonal VLOG