One of the most prominent features of Windows Azure is no doubt Windows Azure SQL Databases, which allows us to have a database on the cloud and benefit from the advantages of cloud computing, such as high-availability and scalability. Azure’s portal interface allows us to easily manage the database, and by using a cloud service as an API for our backend we can quickly access the database from any platform.
In this step by step article, we’ll create a Windows Azure SQL Database, create a web service which connects to this database and allows us to perform specific operations on it and then use that web service in a Windows Store app.
1) Creating the Windows Azure SQL Database
Obviously, you’ll need to have an Azure account to do this. You can go to http://www.windowsazure.com and click on the Free Trial option on the upper right and follow the instructions to get a free 1 month trial. Keep in mind that although it is free, you still need to enter a valid credit card information for validation purposes.
After you get an Azure account (or if you already have one), click “Portal” on the upper right or go to http://manage.windowsazure.com and log into the Management Portal.
➤ This database – web service – client configuration is a very effective way of creating applications
The web.config file contains the configuration options for a web service, some of which could contain sensitive information that you don’t want to be kept in plain text. For example, it is very likely that you’ll connect to a database in your web service, and the connection string you use will be kept in the web.config file. The connection string includes the username and password used in the database server, so if you plan to keep your web service in a 3rd party server or if someone that you don’t want to learn the database credentials needs to work on the source code, you could add an extra layer of security by encrypting this data.
<add name="DatabaseConnectionString" connectionString="Data Source=blablabla.database.windows.net;Initial Catalog=BlaBlaDB;User ID=yourusername;Password=yourpassword"
.NET Framework provides a feature called “protected configuration” which prevents our data from being shown like in the code above, by encrpyting the configuration data using DpapiProtectedConfigurationProvider or RsaProtectedConfigurationProvider classes. However, both of these two encryption methods need to be applied on the server that hosts the web service, because the encrpytion process uses a machine-specific key. Since we can’t do this on Azure… what can we do to encrypt the web.config of our cloud services?
Well, if we want to encrpyt our web.config files in Azure cloud services, we need to use a special “protected configuration provider”. In this article, we’ll create a .pfx certificate and use “Pkcs12 Protected Configuration Provider” which performs the encryption using a certificate and Windows Azure Certificate Store, to encrypt our web.config file.
➤ Anyone with the connection string can access your database, and you definitely do not want that…
Any person that has a basic computer knowledge can go ahead and use Microsoft Network Monitor, Fiddler or any other similar application to monitor his/her own network traffic, whereupon he/she will see that the applications which use HTTP have their data displayed plainly. And people with a little more technical knowledge can go further and use other applications (such as Cain and Abel) to sniff the whole network, which will include packages from every computer connected to it. So, someone just logged in to a website that used HTTP while you were listening to the network? Well, tough luck for him/her, because you’ve just sniffed the username and password.
For demonstration, I’ve created an Azure Cloud Service that has a method which returns the number of characters for a given string. And as you see, Fiddler directly catches my request to the web method and its response:
This is what I sent to the web method.
And this is what the web method returned.
Of course, a competent developer would take precautions against this. We use hashing and salting for username – passwords so they are not displayed plainly, but still, we don’t want people to get the hashed version either, because then they could try decrypting it or use that hashed version to make calls to our service themselves. Therefore, we need more security.
This is where HTTPS comes in, which is actually the HTTP protocol with SSL on top. SSL (Secure Socket Layer) uses certificates for encryption and authorization, therefore allowing a secure communication over the network. Many applications (such as e-mail, instant messaging or voice-over-IP applications) use this to ensure security, and in this article, we’ll see how we can use it in our own Azure Cloud Service.
➤ For bonus points, use Fiddler to check other apps’ web method calls. It’s quite entertaining to see how they work. 🙂
Bir web servis için web.config dosyası gerekli yapılandırma ayarlarını içerir. Bu yapılandırma ayarlarından bazıları hassas bilgiler içerebilir, örneğin web servis bir veritabanına bağlanıyor ise bu veritabanı için gerekli bağlantı dizesi (connection string) web.config içerisinde plain text olarak durur ve veritabanının bulunduğu sunucu için gerekli kullanıcı adı ve şifreyi içerir. Bu durum tabi ki olası bir güvenlik açığıdır; eğer web servisi bir üçüncü parti sunucuda tutmayı planlıyorsak, ya da kaynak koduna bu bilgiye sahip olmasını istemediğiniz kişilerin erişmesi gerekiyorsa, ekstra bir güvenlik katmanı sağlamak için bu bilgiyi şifreleyebiliriz.
<add name="DatabaseConnectionString" connectionString="Data Source=blablabla.database.windows.net;Initial Catalog=BlaBlaDB;User ID=kullaniciadi;Password=sifre"
.NET Framework, bilgilerimizin yukarıdaki gibi gözükmemesini sağlamak için “protected configuration” adı verilen bir özellik ile şifreleme imkanı sağlar ve bu şifrelemeyi DpapiProtectedConfigurationProvider veya RsaProtectedConfigurationProvider sınıflarını kullanarak gerçekleştirir. Ancak bu iki yöntemde de şifrelemenin web servisin bulunacağı sunucu üzerinde uygulanması gerekir, çünkü şifreleme için makineye özel bir anahtar değeri kullanılır ve bu durum da Azure üzerinde bu özelliği kullanamayacağımız anlamına gelir.
Azure üzerinde web.config dosyasını şifrelemek istiyorsak özel bir “protected configuration provider” kullanmamız gerekli. Bu yazımda, şifreleme için bir “.pfx” uzantılı sertifika ve Windows Azure Certificate Store kullanarak şifreleme yapan özel “Pkcs12 Protected Configuration Provider” ile Azure üzerindeki web servisimizin web.config dosyasını şifreleyeceğiz.
➤ Devamını okuyun…
Azure blob (binary large object) storage allows us to store files on the cloud and it can be used in many scenarios, such as storing user related files (e.g. profile pictures), keeping backup or storing audio and video files for our application. In this article, we’ll see how we can develop a Windows Phone application that takes (or selects) a picture and uploads it to Windows Azure.
Note: I was showing the latest uploaded image here, but unfortunately I had to cancel my Azure subscription. Therefore, the storage key in this example (and in the source code) will not work. Don’t forget to use your own storage account credential and key.
Then, let’s begin by opening up Visual Studio and creating a new Windows Phone project.
➤ Let’s see how we can upload an image to Azure…