Category Archives: Uncategorized @en

Generate self-signed Certificates from an Azure App Service

Dealing with certificates, especially with d.net, can be quite challenging.

I you are reading this, you probably experienced it you way already, having some CryptographicExceptions all over the place as you are running some code that used to work on your on-premise server, that you move to an Azure App.

Well… if you had it run under a VM the problem would have been gone; this is because you are the owner of  you execution environment & therefore you are the only one doing things on it.

When it comes to Azure Apps, you are potentially not the only one on an instance first, and second the isolation level provided by Azure App service prohibits from running certain tasks (ever went pass a SecurityCritical attribute?)

Using the BouncyCastle framework (opensource crypto framework for .NET), you can actually generate those type of keys AND do that inside of an Azure App Service.

Here is the prebuilt method I use for building such self signed keys:


private AppCertKeyPairBase GenerateSelfSignedCertificate(string usageName, string password)
{
    var kpgen = new RsaKeyPairGenerator();
    kpgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 2048));

    var kp = kpgen.GenerateKeyPair();
    var gen = new X509V3CertificateGenerator();
    var certName = new X509Name($"cn={usageName}");
    var serialNo = BigInteger.ProbablePrime(120, new Random());

    gen.SetSerialNumber(serialNo);
    gen.SetSubjectDN(certName);
    gen.SetIssuerDN(certName);
    gen.SetNotAfter(DateTime.Now.AddYears(2));
    gen.SetNotBefore(DateTime.Now.AddDays(-1));
    gen.SetSignatureAlgorithm("SHA1withRSA");
    gen.SetPublicKey(kp.Public);

    gen.AddExtension(
        X509Extensions.AuthorityKeyIdentifier.Id,
        false,
        new AuthorityKeyIdentifier(
            SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public),
            new GeneralNames(new GeneralName(certName)),
            serialNo));

    gen.AddExtension(
        X509Extensions.ExtendedKeyUsage.Id,
        false,
        new ExtendedKeyUsage(new ArrayList() { new DerObjectIdentifier("1.3.6.1.5.5.7.3.1") }));

    var newCert = gen.Generate(kp.Private);
    var publicKey = DotNetUtilities.ToX509Certificate(newCert).Export(X509ContentType.Cert);
    var privateKey = ConvertBouncyToMicrosoft(newCert, kp, password);

    return new AppCertKeyPairBase { PublicKey = publicKey, PrivateKey = privateKey };
}

Now you can spawn as many certificates as you need!

Happy coding,

Build desktop apps using Electron

Working with web technology about he part years, you surely heard about Nodejs (who wouldn’t?).

So where Nodejs is about reusing the same JavaScript skills on the server-side, Electron is about reusing those skills for desktop apps.

I have been working for a while with Electron.

Let’s look again at what’s Nodejs:

  • based on chromium for JavaScript execution engine
  • Added feature to interact with filesystem access, ports (e.g. http server)
  • No UI (it is an execution engine to just run code!)

So what about Electron?

Well, basically you can think of Electron being Nodejs + UI, UI being here proper windows and not just HTML/CSS rendering.

What makes Electron interesting in that regard is that:

  • Electron runs as Nodejs for all server-side frameworks you want to use: web-sockets, queuing….
  • Electron provides a way to spawn “windows”, which can embed their own execution logic
  • Electron has one main process (aka the “server-side”) and a thread for each opened window
  • More interestingly, those processes can communicate together (using buit-in IPC capabilities)

Here is a drawn example of channel creation & subscription to close windows from the main process:

The bests things about Electron are:

  1. All this is that Electron offers a way to bundle your app to run independently on MAcOS, Windows & Linux!
  2. You can keep all your JavaScript development habits on frameworks you use with Nodejs, and the same applies to front-end, as you can embed Angular, React an build SPAs just like you were doing for an existing site; you can actually port an exiting website as an Electron app without that much efforts!
  3. As the UI you build is based on Chromium as the rendering engine, you don’t have to make any compat choices because of old or previous browsers not supporting Xor Y, you always get the top notch features available in Chrome engine!

Go and try it out here, happy coding!

 

Azure Updates: Web Sites, VMs, Mobile Services, Notification Hubs, Storage, VNets, Scheduler, AutoScale and More

The Azure team is working really hard to bring us all new things to help us build better Cloud apps, here are the new/updtzes feature you can start to use as of today:

Web Sites:

SSL included on standard tiers at no additional charges, Traffic Manager to load balance your Web Site access throughout mutiple regions, Java Support, and a new Basic Tier option for Web Sites,

Virtual Machines:

Support for Chef and Puppet extensions (great!), Basic Pricing tier for Compute Instances (which same as VMs without built-in Load Balancing, this brings a 27% price discount on VMs),

Mobile Services:

Preview of Visual Studio support for .NET, (whichc means .NEt binaris can be used for services instead of NodeJS), Azure Active Directory integration and Offline support,

Notification Hubs:

Support for Kindle Fire devices and Visual Studio Server Explorer integration,

Autoscale: General Availability release, which means you can go and use it as muc has you want 🙂

Storage:

General Availability release of Read Access Geo Redundant Storage: this brings a read only replica available in another redundant storage to let your read from it only,

Active Directory Premium and Scheduler service:

General Availability release

Automation:

Preview release of new Azure Automation service: this allows you to automate the creation, deployment, monitoring, and maintenance of resources in your Azure environment using a highly scalable and reliable workflow execution engine.

Happy coding!

 

Web Platform Installer and proxy issues: a solution for offline packages install

If you are in the same case as I was, there are two types of enviroments where you can’t get Web Platfrom Installer to work:

  1. Proxy based environments (e.g. requiring proxy authentication),
  2. Closed down environments (internal dev servers which don’t have access to internet).

My case was the second one, so I had to figure out a way to install  a Web Platform Installer package for Visual Sutdio 2012 to develop using Office Developer.

Continue reading Web Platform Installer and proxy issues: a solution for offline packages install

New Distributed and Dedicated Windows Azure Cache service!

Scott Guthrie has just been pulishing over his blog here details about the New Caching service available inside Windows Azure.

This cache is an in-memory replicated cache, leveraging same replcation principles as Windows Azure storage (is a cache replica goes down, you data will still be there).

Simplicity of interaction with ot comes with 2 providers given by the Windows Azure team, which are ASP.NET Session State and ASP.NET Output Page Caching.

More details on ScottGu’s blog post here.

Happy coding!

Windows Phone 7 playing with the Cloud

Windows Phone 7 (and other devices of course 🙂  ) with Cloud is a real interesting for a good number of scenarios:

  • The phone is connected from time to time, and the cloud can then answer it as it is always available,
  • A majority of you have a smart phone today, which has a exponential potential for your service accessed from mobile devices; in this case the cloud then is leveraged to spawn up new instances of the service to overcome load growth.

With these points in mind here is a list of what is so good about Windows Phone 7 and Azure:

  • Shared Key Signatures : these keys can give a temporary access to put or get content inside Azure Storage; your Azure service/app can then deliver to the device the given keys upon application scenarios.
  • Push notifications: this is a Microsoft service thats allows to push application notifications to a device; this can simply happen inside of your Azure app to notify the device that things are available for him for example..
  • Service Bus – Message Buffer: this Azure piece will buffer messages to be sent to clients listening to the Message Bus, so that they can retrieve it later on. This is a typical scenario for phones, which are by default devices that are connected to services they use from time to time.

These points are on that I’ll investigate more later on for phone related projects  🙂

Thanks for reading!

Azure User Group Switzerland, 16th of February

Year 2011 will be focused on Cloud as many analysts said.

I am organizing the first Azure User Group event for Switzerland, with the help of my company and Microsoft Switzerland, that will be taking place in Cambridge Technology Partners offices at 6pm.

This first event is here to let people exchange their experience and learn this new wave that will come to change the was we build apps.

2 sessions will be run during this event:

  • the first one on the cloud proposal and Microsoft vision by Emmanuel Mesas from Microsoft Switzerland,
  • the second one by myself, as Lap Around Azure, to explain all what you need to start building your applications in the cloud.

An apero will then follow for socializing and talk about the cloud.

Please register to the event mailing me to ben.azure(Replace this parenthesis with the @ sign)yahoo.com or using this Facebook event page.

We are waiting for you!

PS: later details will come for those of you who won’t be able to join, to attend online.

Windows Azure and Identity Foundation

Here is a nice article on Patterns & Practices about authentication of  your “in-House” uses inr Windows Azure showing different existing scenarios.

I refer to Vittorio Bertocci for the explanation part,we worked in the WIF team when project was still called “Geneva” 🙂

So just have to keep in mind that this is not a complex thing to do; the best part of this is it can handle multiple identities.

SharePoint 2010 Sandbox solutions: some limitations

For those of you who read my post on Sandbox Solutions, I am adding some other points that I found out when developing such solutions:

  • ActionMenu : HideCustomAction and CustomActionGroup menus are not working (so you cannot create your own application sub-group in “Site Settings” for instance),
  • Visual WebParts are not usable, but some clever guys put a “Visual WebPart (Sandbox)” template for SharePoint 2010 in Visual Studio Gallery.
  • Resource files for localization:  from now on I have not been able to use those files in a Sandbox solution,
  • SharePoint Web controls (namespace SharePoint.WebControls) are not available,
  • ASP.NET 2.0 web controls are not fully working (those that are using “WebResource.axd” for internal binaries resources, as .axd extension is not allowed),
  • PropertyBags of SharePoint Object model are not accessible,
  • Modules outside of the current site are not allowed, like BCS or UserProfile,
  • Global folders like “_layout” & “resources” are not authorized.

happy coding ! 🙂