Thursday, May 9, 2013

Part-2: Setting up standalone windows azure active directory federation for you application


After setting up WAAD, we are ready to integrate single sign on with our application. Before starting integration please make sure that you have installed following extension for VS2012.

· Identity and access tool extension for VS 2012.


If we have this extension, we are ready to go for integration. Please follow steps given

· Right Click on Web application project, from context menu choose “Identity and Access”.


· On the next screen select option “Use a business identity provider”.


1) Add “APP ID URI” same, as you have provided while creating Integrating App on WAAD.

2) Click ok.

This will create necessary web configuration, to integrate WAAD with our application.

For more detail please look at

Part-1: Setting up windows azure active directory

To authenticate users on application, we can setup windows azure active directory released by Microsoft recently. To start any operation in the application user have to login in the application.

To setup WAAD, we need to have a windows azure subscription. After having active subscription, we can follow below steps to setup it for your application.

Create windows azure active directory:

If you have not created any WAAD, you can create new WAAD by clicking on “Active Directory” tab on the left hand side of windows azure management portal.


And then by clicking the “Create your directory” link within it, you will see the “Create Directory” window.


Domain Name: This field is the part of the directory tenant domain name that is specific to your tenant, what distinguishes it from every other directory tenant. The Domain name must be unique.

Country or Region: The value selected in this dropdown will determine where your tenant will be created.

Organization Name: This field is required; this name will be displayed as company name, where ever required.

Manage users in WAAD:

Once WAAD is created, you will see it under “Directory” tab. We are going to add a user as “Global Administrator”. We can also add normal users.

Create windows azure active directory:


We can add more users in the directory by clicking on “ADD USER” link at the bottom of the window.


When you click on Add User, you will see below screen. Enter details. Click Next.


On the below screen we are creating a user as “Global Administrator”, we can also create normal “User”. Ideally we doesn’t need “Global Administrator”, we need this user only when we need to do some operation on WAAD using PowerShell.


Finally click on “Create”, this will create new user in WAAD.


Add integrated application:

For adding user we were working on the “USERS” tab, now for adding application we will be working on the “INTEGRATED APPS” tab.

On the integrated apps tab, you will find “ADD” button at the bottom of the screen.

Click on add button.



On the next screen add app name, and choose “Single Sing On”. Here SSO, means this application will only uses Single Sign-On feature on the WAAD.

Click on next button.


On the next screen, you will be asked for APP URL and APP ID URI.

“APP URL” should be same as the web application address, you wanted to integrate with WAAD.

And “APP ID URI” is unique identifier, it distinguish all your application in your WAAD. It is good practice to keep it same as “APP URL”.


Before we start integration, the application which we have just created will be displayed as new entry under “INTEGRATED APPS” tab.

When you click on newly created app, it will show configuration window for integrated app. From the section enable single sign-on with Windows Azure AD, make note of FEDERATION METADATA DOCUMENT URL.


We will need this URL to integrate WAAD Single sign-on with our application.

At this point we have done all the configurations, which needs to be done on WAAD. We are ready to integrate WAAD in our application.

For more detail please look at

Saturday, April 20, 2013

Windows azure active directory demystified

This month Microsoft has released their new shining baby, called windows azure active directory. with this feature Microsoft has give totally new meaning to their existing ADDS – Active directory domain service.

There huge different between ADDS and WAAD.

There are many differences between these two, i will differentiate in one line here, as my goal to cover all the basic thing , what can be done by WAAD.

ADDS: It is something we deploy in our organization for user and rights management purpose, in you organization.

WAAD: It is something you are using your user and right management for any application out of your organization.

We will see all Windows azure active directory feature one by one.

Part-1 : Setting up windows azure active directory

Part-2: Setting up stand alone windows azure active directory federation for you application.

Part-3: Setting up windows azure active directory federation with ACS.

Part-4: Adding Roles and User in Windows azure active directory(WAAD).

Part-5:Getting user roles, and adding them as claim, Using GRAPH API.

Part-6:Adding Role based authentication in application,with windows azure active directory(WAAD) and ACS.

Friday, April 12, 2013

Windows Azure Active Directory Feature Overview

Microsoft has released one more new feature in the line on windows azure. This feature is called windows azure Active directory. By sweet name I called it as WAAD J

Someone can easily misinterpret it as cloud version of Active Directory. Though this is not true in the all senses, you can push your current active directory in WAAD.

What problems are solves:

Well, it depends on what you want to achieve. Some common features are:

  • Same application can be used by two different organizations with their own active directory users.
  • You can have single sign on functionality on all your application.
  • If you are small organization and you don’t have active directory users, you can directly add used on WAAD. No need to invest in authentication/authorization infrastructure.
  • Highly scalable, as it is hosted on Azure cloud.
  • Very attractive for SAS developers.

Hello Developers!!!!

I am still a developer, as I like to be. Here are some things which can help you on development with WAAD.

1) Integration of WAAD is very much easy. If you have integrated ACS previously, this can be done with your left hand J

Pretty much same steps are ACS.

More help??

2) After you integrate you will only get certain claims, most important you will not get GROUP Claim. To get group Claim you have to do GRAPH API calls.

More help??

3) If you want to create user, you can create it from Windows azure portal. It seems Microsoft forgot to develop we interface for some functionality.

Like Add Group, Add User To Group etc.

But, nothing to worry. We have always had powerful, PowerShell commands to achieve everything which is mission on UI.

More help ??

Wednesday, March 20, 2013

Multi-Tenancy an overview

First of all let us discuss about multi tenancy. So Let first see what is single tenant so that it will be easy to understand what is multi tenant.

What is a tenant?

For example you have a web site with certain functionality. There are a few customers who want to use your web site and in return they will pay you. These customers are tenants.

What is single tenancy?

Single tenancy means single architecture in which a single instance of a software application and supporting infrastructure serves one customer.

In single-tenancy architecture, the tenant purchases their own copy of the software and the software can be customize to meet the specific and needs of that customer. Single-tenancy can be contrasted with multi-tenancy, an architecture in which a single instance of a software application serves multiple customers.

Here is the example of single-tenancy. It is typical structure.

A client with some process and a storage.


What is multi-tenancy?

Multi-tenancy means one application can be used by multiple instance with their own data storage and own configuration. Here we are talking about multi instance with single tenant software. For example in my company I am developing a software and the customer can use that software with their own infrastructure. Here we are taking about multi instance with single tenant


Now lets talk about multi instance with multi tenant.


In above diagram we can see that on left end side we have some clients in middle we have some processes and right end side we have a storage database.

Main benefit of the multi tenancy are as follows

  1. If a new tenant appears we can serve them a shared infrastructure.
  2. If more tenant appears we can dynamically or elastically scale out your infrastructure.
  3. Visa versa if tenant become less active you can scale in your infrastructure.
  4. So that you can cancel your subscription and scale your budget.


Hope this article has given you brief details on Multi-Tenancy.