If you attended the Black Marble Architecture Event yesterday you would have seen a number of talks around Azure and the Windows Azure Platform Training Kit was mentioned a number of times.

The latest update to the training kit is here:

http://www.microsoft.com/download/en/details.aspx?id=8396

This update includes the changes for the Azure 1.6 SDK plus updates and new demos.

The training kit is a free resource that provides a good introduction to Azure and covers a large amount including Windows Azure, SQL Azure, AppFabric (Service Bus, Caching, Access Control) plus a load of other stuff.

AppFabric

Microsoft have announced two new Azure AppFabric CTPs.

May 2011 CTP will include Service bus enhancements including

• A more comprehensive pub/sub messaging
• Integration with the Access Control Service V2
• Queues based upon a new messaging infrastructure backed by a replicated, durable store.

See here for more details.

June 2011 CTP will include tooling to help with building, deploying and managing Windows Azure Applications including:

• AppFabric Developer Tools
• AppFabric Application Manager
• Composition Model

See here for more details

SQL Azure

The SQL May 2011 update contains the following:

• SQL Azure Management REST API – a web API for managing SQL Azure servers.
• Multiple servers per subscription – create multiple SQL Azure servers per subscription.
• JDBC Driver – updated database driver for Java applications to access SQL Server and SQL Azure.
• DAC Framework 1.1 – making it easier to deploy databases and in-place upgrades on SQL Azure.

See here for more details

When deploying an Access Control Service enabled web application from my development environment to Windows Azure I got the following error:

“Unable to find assembly ‘Microsoft.IdentityModel, Version=3.5.0.0. . .”

This had worked well when running in the development fabric on my machine so it was strange that it failed when deployed to Windows Azure. The reason why this file cannot be found is because on my machine it is installed in the GAC and it is not in the GAC when deployed in Azure. There is a simple way to fix this and it is by configuring a Start-up task in your ServiceDefinition.csdef file to install the Microsoft.IdentityModel assembly in the GAC. When a new instance is created within Windows Azure the start up task will be run to allow things to be installed into the virtual machine prior to running your application.

Steve Marx has written an introduction to Start-up tasks as well as a Tips, Tricks and Gotchas list.

This post explains how to create a Start-up task to add an assembly to the GAC.

I’ve been developing a web application that adds rules to the access control service when a user registers with my website. This was working well using the ACS in AppFabricLabs. When I ported across to ACS V2 in the live environment I kept getting an exception thrown whenever I tried to retrieve information via the management service api.

The exception details are

The remote server returned an error: (400) Bad Request.

Status = protocol error

After investigation by looking at the latest ACS code samples on MSDN I noticed that the protocol has actually changed in the Common assembly ManagementServiceHelper.cs class. Comparing the code and copying the changes across to mine fixed the problems.

I also noticed that today that AppfabricLabs was updated last night and now uses the same protocol as V2 Live so you will need to make these changes anyway.

If you are an MSDN subscriber (Ultimate or Premium) you now get more Windows Azure resources. Professional subscribers are now also included in the promotion.

See here for more details. If you have already taken up this offer and you are an MSDN Premium subscriber then you will automatically be upgraded to the MSDN Ultimate offer.

In order to activate your benefits

Thanks for attending the Azure Jumpstart and Accelerator events in Dublin and Belfast (also the Galway Live Meeting).

Here are the list of links from my presentations:

Azure HOL (August labs = VS2008, November Labs = VS2010)

http://bit.ly/d16e3M (Update: 7 Jan 2011 : Looks like this link does not give the 2008 option any more)

Also include the December update for Azure SDK 1.3 for VS2010 (http://www.microsoft.com/downloads/en/details.aspx?FamilyID=413E88F8-5966-4A83-B309-53B7B77EDF78&displaylang=en#RelatedResources)

Shared Access signatures

http://blog.smarx.com/posts/shared-access-signatures-are-easy-these-days

CNAME mappings to CDN URLs

http://blog.smarx.com/posts/using-the-new-windows-azure-cdn-with-a-custom-domain

Adaptive Streaming can be made to work with the CDN too

http://blog.smarx.com/posts/smooth-streaming-with-windows-azure-blobs-and-cdn

Ticket Direct Case study

http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?casestudyid=4000005890

MSDN offers

http://www.microsoft.com/windowsazure/offers/default.aspx

Patterns Azure Guidance

http://wag.codeplex.com/

Windows Azure AppFabric Labs (to see the latest changes to App Fabric)

https://portal.appfabriclabs.com/

In my previous post I showed you how to set up an application in Azure AD and allow Azure AD users to access it. In this post I will show how you can give access to these applications to users outside of your organisation using B2B (Business to Business) as guest users.

B2B is a feature of Azure AD that allows you to easily add two types of user to your applications.

1. Users who are part of another Azure AD tenant
2. Users who are not.

If your new user is part of another Azure AD tenant, then when we add them as a guest user to you application and they will use the credentials provided by their own organisation. This means they do not have to remember a new username and password when they want to access your application. It is also useful as they will be managed by their own organisation so you will not be responsible for resetting their passwords for example. Another advantage of using their own Azure AD credentials is that they will lose the ability to sign in to your application when their accounts are disabled or removed from your customer’s tenant. They will however still exist as a guest user in your application but they will no longer be able to sign in.

If your new user is not part of another Azure AD tenant, then they will automatically have a Microsoft account created for them. They will also be prompted to enter a new password. Again this is not managed by you but by Microsoft this time, so password resets are handled by a link provided by them.

To assign a guest user to your application you will need to invited them to use your application. They will then receive an invitation via email that they will need to redeem in order to access your application.

So, go back to the Azure AD blade of the Azure portal and click on Users:

The click on “New guest user”

Fill in the form and enter your own personal message and click  “Invite”. You need to enter a valid email address otherwise the user will not be able to receive the invite, as seen below:

The text highlighted inside the red box was the custom message I entered in the invitation process. It is possible to change the branding of this email but it is an Azure AD premium feature.

The invite process proves that the user has access to the mail box linked to the email address used. Also, if they are using their organisations Azure AD email address then they must also sign in with their own username an password so you can be confident that they user is who they say they are. This example shows the flow when a user is part of another Azure AD tenant. If the user is not part of another tenant then there will be additional screens for setting up their new Microsoft account and password.

When the user clicks the Accept invitation link they will be redirected to a consent page which is asking for permissions to read their user profile from their Azure AD tenant.

Accepting the permissions then will redirect the user to the application portal where the user can access the applications they have been assigned. As we have not allocated any applications to this user yet, they will not see anything,

To assign applications to the users, go back to the Azure AD blade in teh Azure portal and click on Users then click on the one you have just added to view their profile:

You can see, in this example, in the red box that this is a Guest user who has accepted the invitation.

Click on applications in the left hand menu bar you will see that there are none assigned. To assign this user to an application, navigate back to the Azure AD main blade and click Enterprise applications, then select the application you wish to assign this user to.

Click “Assign users and groups”, then Add User

Click “None Selected” then search for your new user, select them and click Select.

Now click Assign

The new users is now assigned. Go back to the  Application screen the user viewed after they signed in and refresh the page

The assigned application should now be visible and clicking the application will redirect the user to that applications web site.

Using Azure AD it is easy to now invite users to user your applications and when they are part of another Azure AD tenant, Azure AD takes all the pain out of federating with these new users tenants. Hopefully you have found that this is straight forward and this will have opened up access to your applications in a controlled way. My next post will look at how we can automate this using Graph API.