Premium community conference on Microsoft technologies itcampro@ itcamp14#

How # (sharp) is your Katana?

Ciprian JichiciGeneral Manager, GenisoftChief Architect, High-Tech Systems & SoftwareMicrosoft Regional Director, RomaniaMVP, Microsoft Azure

Roxana GoidaciChief Architect, Genisoft

Premium community conference on Microsoft technologies itcampro@ itcamp14#

Huge thanks to our sponsors & partners!

Premium community conference on Microsoft technologies itcampro@ itcamp14#

We’re proud to be Platinum sponsors!

Premium community conference on Microsoft technologies itcampro@ itcamp14#

A new world for web stacks

A real-world business scenario

#ening your Katana

Security, security, security

Agenda

Premium community conference on Microsoft technologies itcampro@ itcamp14#

A NEW WORLD FOR WEB STACKS

Premium community conference on Microsoft technologies itcampro@ itcamp14#

The Internet of Things is Here!

Premium community conference on Microsoft technologies itcampro@ itcamp14#

OWINOpen Web Interface for .NET

Premium community conference on Microsoft technologies itcampro@ itcamp14#

OWINFunc<IDictionary<string, object>, Task>

Func<IDictionary<string, object>, Task>;

Premium community conference on Microsoft technologies itcampro@ itcamp14#

The Role of OWIN

Premium community conference on Microsoft technologies itcampro@ itcamp14#

KATANA

Premium community conference on Microsoft technologies itcampro@ itcamp14#

Traditional Japanese sword

Microsoft’s implementation of OWIN

KATANA

Premium community conference on Microsoft technologies itcampro@ itcamp14#

A REAL-WORLD BUSINESS SCENARIO

Premium community conference on Microsoft technologies itcampro@ itcamp14#

The Sensiblu Mobile App

Datacenter

https://mobile.htss.ro/sensiblu

Premium community conference on Microsoft technologies itcampro@ itcamp14#

Service Availability is Critical

Datacenter

https://mobile.htss.ro/sensiblu

Microsoft Azure

REST endpoint tester

Premium community conference on Microsoft technologies itcampro@ itcamp14#

The Architecture

Premium community conference on Microsoft technologies itcampro@ itcamp14#

DEMO

A “Simple” REST tester

Premium community conference on Microsoft technologies itcampro@ itcamp14#

#ENING YOUR KATANA

Premium community conference on Microsoft technologies itcampro@ itcamp14#

Portable – substitute components

Modular/Flexible – small, focused components, giving great control over use

Lightweight/Performant/Scalable – break the monolith, consume fewer resources, scale better

The KATANA Project – High Level Goals

Premium community conference on Microsoft technologies itcampro@ itcamp14#

Common wisdom says it has a direct dependency on the complexity of the solution

Intermezzo – About Software Scalability

Premium community conference on Microsoft technologies itcampro@ itcamp14#

So…..

A piece of software that does absolutely nothing will scale infinitely

- Scot Hanselman

Intermezzo – About Software Scalability

Premium community conference on Microsoft technologies itcampro@ itcamp14#

IAppBuilder is the core concept

Enables the chaining of middleware components

The KATANA Project

Premium community conference on Microsoft technologies itcampro@ itcamp14#

The KATANA Project

Premium community conference on Microsoft technologies itcampro@ itcamp14#

Use an Azure Worker Role

Use Web API for the management endpoint

Use a lightweight web stack based on OWIN / KATANA

Use Windows Azure Active Directory for authentication

Our Technical Approach

Premium community conference on Microsoft technologies itcampro@ itcamp14#

DEMO

Bootstrapping KATANA in an Azure Worker Role

Premium community conference on Microsoft technologies itcampro@ itcamp14#

SECURITY, SECURITY, SECURITY

Premium community conference on Microsoft technologies itcampro@ itcamp14#

Our problem:

The management endpoint cannot be called by anyone

Secure, but how?

Premium community conference on Microsoft technologies itcampro@ itcamp14#

KATANA makes it all “simple”:

1. Register your service with WAAD

2. Call UseWindowsAzureActiveDirectoryBearerAuthentication

when bootstrapping

Believe it or not, that’s all you need to do

Windows Azure Active Directory @ work

Premium community conference on Microsoft technologies itcampro@ itcamp14#

But…

There a LOT going on behind the scenes…

Windows Azure Active Directory @ work

Premium community conference on Microsoft technologies itcampro@ itcamp14#

We use the Bearer token approach

- No need to prove possession of a cryptographic key

- Protect in storage and transport (that’s why we need HTTPS)

The Rich Client Story

Premium community conference on Microsoft technologies itcampro@ itcamp14#

DEMO

Implementing a secure Web API endpoint with KATANA and WAAD

Premium community conference on Microsoft technologies itcampro@ itcamp14#

We needed a small, flexible, and secure web stack in an Azure worker role

We used OWIN / KATANA integrated with Windows Azure Active Directory

Our solution demonstrates how the new modular web stack of the future works in a real, cloud-based scenario

In an nutshell…

Premium community conference on Microsoft technologies itcampro@ itcamp14#

Q & A