Sign in

MCS UK Solution Development Team
The blog of the UK Solutions Development Team of Microsoft Consulting Services.
Translate This Page
Translate this page

Microsoft® Translator
 Blog Home
 About
 Email Blog Author
 Share this
 RSS for posts
 Atom
 RSS for comments

Search this blog
 .Net
 .Net 4.0

Search all blogs

 .Net Development  Active Directory Federation Services  ADFS  ALM  Bradley Cotier  C#  Carl Nolan  Christopher Owczarek  Dave Thompson  F#  FSharp  Parallel Extensions  Paul Tallett  Rob Nowik  Silverlight  Simon Middlemiss  SQL Server  User Experience  UX  Visual Studio 2010  Windows Azure  Windows Identity Foundation  XML Archive .

Archives  November 2014 (1)  October 2014 (1)  September 2014 (3)  July 2014 (1)  March 2014 (2)  February 2014 (2)  December 2013 (2)  October 2013 (1)  September 2013 (1)  August 2013 (1)  May 2013 (4)  February 2013 (3)  January 2013 (2)  December 2012 (1)  November 2012 (3)  October 2012 (2)  July 2012 (1)  May 2012 (3)  April 2012 (1)  March 2012 (2)  January 2012 (1)  December 2011 (2)  November 2011 (5) .

 October 2011 (3)  August 2011 (3)  July 2011 (9)  June 2011 (10)  May 2011 (3)  April 2011 (6)  March 2011 (3)  February 2011 (6)  January 2011 (2)  December 2010 (2)  October 2010 (2)  September 2010 (7)  August 2010 (2)  July 2010 (4)  June 2010 (6)  May 2010 (7)  April 2010 (9)  March 2010 (2)  February 2010 (3) Security Best Practices in Azure MSDN Blogs > MCS UK Solution Development Team > Security Best Practices in Azure Security Best Practices in Azure MCS UK Solution Development .

As I have worked on Azure before and have an interest in security I found this a very interesting read.SessionID.ViewStateUserKey to mitigate against Cross-Site Request Forgery attacks. when you understand the basics (or play around in Visual Studio with a Secure Token Service for a while) it becomes very powerful quite quickly. : } Now specific to Azure.. with links to some excellent MSDN articles.. One reference in particular is the use of Windows Identity Foundation or “WIF” along with ADFS and using AppFabric.MCS UK Solution Development Microsoft Consulting Ser. This article is excellent at explaining how the attack works and what is needed to mitigate against it: void Page_Init (object sender. 15.729 Points 4 3 3 Recent Achievements Gallery Contributor III Blog Party Starter New Blog Rater View Profile 21 Jun 2010 1:17 PM  Comments 1 Recently the Azure and security community published the “Security Best Practices for Developing Windows Azure Application” paper outlining the security considerations developers should consider when building a service on Windows Azure. One consideration similar to most cross site scripting issues within web technologies is to use the Anti-Cross-Site-Scripting Library and using the ASP. it is worth pointing out that the best practice is to .NET Page.cloudapp. EventArgs e) { ViewStateUserKey = Session.net. As all azure services are hosted on *ServiceName*. is where the (hosting) Namespace and scopes. and while being quite complicated to understand. WIF SDK Guide to Claims Based Identity Service Layer Then the paper starts to look into specific development considerations for the service-layer. Identity Management The document starts by outlining the best practices within Identity Management and Access Control and how that applies in general and to the cloud. I have worked with WIF in the past outside of the cloud.

items here are mostly within the configuration and definition of the service you write.net domain can script to your service using your custom domain without XSS.  Remember that these tokens are only used for temporary access to non-public blob storage – as with passwords. and deploy them using the Azure Certificate Store and not in Azure Storage such as blobs: blog article Infrastructure Layer As Windows Azure deals with a lot of the infrastructure. The ports open for example are explicitly defined within your Azure project. and using a CNAME to do the redirection: blog article This way no other applications running under the cloudapp. example here of the Web Role: .  Use the shortest lifetime possible. It is also suggested for data protection to encrypt data with certificates as DPAPI is not available.  Use HTTPS in the request URL so the token cannot be snooped on the wire.use a custom domain name which you have full control over. there is a guideline to minimizing risk of using a Shared Access Signature:  Generate Shared Access Signatures with the most restrictive set of ACLs possible that still grant the access required by the trusted party. it’s a bad idea to use the same ones over and over. Secure Data As Azure storage uses a Shared Access Signature to allow your service to read and write to blobs/queue/tables.

Denial of Service attacks are partially mitigated. Eves dropping and Information Disclosure on a network level. restricted-privilege trust model called “Windows Azure Partial Trust” and Full trust with Native Code Execution. Though unless you need specific scenarios such as:  Use of FastCGI or PHP.Due to the nature of the Load Balancer within the Azure environment. [Windows Azure Partial Trust] The “Gatekeeper” Design Pattern A recommended design pattern is to use the concept of a gatekeeper running under partial trust as a webrole to accept requests and messages and a KeyMater worker role which acts as a data provider.  Calls into native libraries via P/Invoke (Platform Invocation Services). If these scenarios are not needed then you should have Windows Azure Partial Trust enabled: To run your role under partial trust.  Role invocation and spawning Windows sub-processes (native code or managed). you must add the enableNativeCodeExecution attribute on the WebRole or WorkerRole element and set it to false. The paper goes into quite deep technical detail around Spoofing. and explains the Hypervisor’s role and network structure of the hosted solution. Trust Azure has both a custom.  Migration of traditional web services to the cloud. . and the Azure team are also reviewing additional Distributed Denial of Service (DDoS) attacks.

etc.) Witten by Dave Thompson  1 Comments . This also allows a separation for sanitizing the requests going to the KeyMaster and therefore the final Storage at the Gatekeeper level where the potential service of attack is small. assembly strong naming. These 2 roles will be deployed on separate VM’s so if the GateKeeper is compromised. no storage information will be. including the following topics:  Attack surface reduction  Defense in depth  Principle of least privilege  Threat modeling Secure coding. Sanitizing and processing the requests are still subject to secure design and coding consideration. code access security. Secure design.The Gatekeeper can talk to the KeyMaster via an internal endpoint over HTTPS if the requests are immediate or via the Azure Storage Queue. including the following topics:  Cross-site scripting  SQL injection  Managed code security (transparency. though this will provide additional levels of security to protect the data at the heart of the application.

Comment List MSDN TechNet Comments  Adam Tuliper 21 Jan 2012 11:10 PM # Also note that ViewStateUserKey = Session. Dave Thompson.net happily accepts any session id cookie and creates a session with the provided id) . ensure you manage the session cookie on login and logout.SessionID. can be made quite a bit less secure if an attacker can force you to have a particular session id that they know of (which asp. If you are looking to mitigate that. Leave a Comment  Name  Comment  Post Publishing .Windows Azure. Security value:%3Ca%20h Blog .

2O7.  Terms of Use  Trademarks  Privacy & Cookies  Report Abuse  5.20. © 2014 Microsoft Corporation.omniture.com" title="Web Analytics"><img src="http://msstomsdnblogs.6.net/b/ss/msstomsdnblogs/1/H.415 <a href="http://www.426.2--NS/0" height="1" width="1" border="0" alt="" /></a> .112.