Monday, April 06, 2009

Azure Table Test Harness with HTTPS, Encryption, and Membership Services for Authentication/Authorization

This variation on the original AzureTableTestHarnessSSL.sln WebRole project adds customized ASP.NET Membership Services for user/password authentication and role-based authorization is live on Azure. To test-drive the project, go to http://oakleaf4.cloudapp.net/Login.aspx.

Chapter 6, “Authenticating and Authorizing Service Users” of my forthcoming Cloud Computing with the Microsoft Azure Services Platform book for WROX provides full details for quickly integrating ASP.NET Membership Services with Web applications deployed to Windows Azure. Full sample code will be downloadable when WROX publishes the book later this year.

This screen capture shows the first page of 12 Customer entities (click image to display a full-size capture). Personally identifiable information, such as CompanyName, ContactName, and ContactTitle, is stored with 128-bit Advanced Encryption Services (AES) encryption and decrypted for paged display in the DataGrid control. Decryption is the reason for the 2.46-second time to display the first page of Customer entities.

The project includes the Windows Azure SDK March 2009 CTP’s AspProviders class library and customized versions of Login.aspx, ChangePassword.aspx, CreateNewWizard.aspx, ManageRoles.aspx, MyProfile.aspx and MySession.aspx pages, as well as the Web.config file from the AspProviderDemos.sln sample projects.


To test-drive the project, go to http://oakleaf4.cloudapp.net/Login.aspx.

If you haven’t established an account, click the Create a New User Account link to open the CreateNewWizard.aspx page:

Click Create User to open the User roles page and select both DbReader and DbWriter if you want to be able to view and add Customer entities:

Click Finish to open the Default.aspx page (first screen capture above.) If you select only the DbReader role, the FormView for adding new customers, as well as the Delete all Customers and Create Customers buttons are disabled.

If you don’t login and change the initial URL to http://oakleaf4.cloudapp.net/Default.aspx in an attempt to bypass the login or new account process, no information is displayed:

In this case, clicking the Login or one of the three enabled Manage Account links opens the Login.aspx page.

The seven-part tutorial project for the unencrypted version starts here.

1 comments:

Dana Epp said...

So I'm curious... how are you securely storing the AES key in Azure to use for encryption across different nodes?