Application Security Testing: An Integral Part of DevOps
Windows Azure and Azure Storage offers a new scalable and robust architecture that borrows much from the common feel of ASP.NET applications but brings plenty of new features as well. This paradigm shift from what has become traditional client-server architecture will offer new options to developers and headaches alike. While "the cloud" is not intended to be the answer for all applications and situations, it can only be a potential answer (another "tool" in the proverbial "tool belt") if you have at minimum a general understanding.
The following will provide you with a walkthrough experience of a cloud architected application. It will explore how to build a multi-role cloud service that uses two new Azure Storage services, Tables and Queues by covering the following:
- Creating a Windows Azure application with a Web Role and Worker Role
- Azure Storage
- Set up configuration files with account information
- Using a Table to store and retrieve data
- Using a Queue to send messages to the Worker Role
- Using the Azure SDK StorageClient project for Table and Queue interaction
- VS 2008 SP1
- Windows Azure Tools for Visual Studio (available at http://www.microsoft.com/azure/sdk.mspx)
- Windows Azure SDK (Installed with Windows Azure Tools for VS)
Important: Installing Windows Azure Tools for Visual Studio requires Vista SP1 or greater; Windows XP will not allow installation.
The below code and screen shots are based on the July 2009 CTP of Azure and are subject to change before the production release. Please consult up-to-date documentation after the release if certain functionality no longer works or has been changed.
The application built in the following walkthrough uses one Web Role to take two numeric inputs from a user and allows that user to come back later to view the results of adding them together. A Worker Role will be used to pick up a Queue message, retrieve the two inputs and add them together, storing the results back to Table storage. While using a Worker Role for simple addition is overkill, it will demonstrate all the necessary steps to architect your cloud application to maintain user interface responsiveness and scalability.
Creating a Windows Azure application
Before opening Visual Studio you'll have to get in the habit of running it as an Administrator when working on Azure projects. The Azure development fabric and storage, which comes with the Azure tools for VS, requires Administrative rights when you go to debug your application. You can think of the development fabric and storage as your own little mock cloud running locally.
In Visual Studio, after installing the Azure tools for
VS, you will have a new project type option of "Cloud
Service" with one template to pick. Give the project a name
as you would with any new project,
MyCouldService" for this example.
Figure 1.1 New Cloud Service
When you click OK, Visual Studio launches a wizard interface that allows you to add the following Roles to the Cloud service project.
Each role added will create a separate project file in the Visual Studio Solution Explorer. Before clicking OK you have the ability to rename each role by clicking on the pencil icon to the right of the role's name. This is useful when you have multiple Web or Worker roles that will be designated to perform different functions.
Figure 1.2 Creating and Naming Cloud Service Roles
Click OK to finish the wizard. In the Solution Explorer
window you will notice that in addition to the two role
projects you added in the wizard there is a third project
for the cloud service. Each cloud service solution has this
additional project that contains the
ServiceConfirmation files. These files control
the number of instances Azure will start of each of the role
and Azure storage configuration among other things.
Since we will be using Azure Table and Queue storage open
ServiceConfirmation files and add the following
to each respective file.
<?xml version="1.0" encoding="utf-8"?> <ServiceDefinition name="MyCloudService" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition"> <WebRole name="MyAppWebRole" enableNativeCodeExecution="false"> <InputEndpoints> <!-- Must use port 80 for http and port 443 for https when running in the cloud --> <InputEndpoint name="HttpIn" protocol="http" port="80" /> </InputEndpoints> <ConfigurationSettings> <Setting name="AccountName" /> <Setting name="AccountSharedKey" /> <Setting name="QueueStorageEndpoint" /> <Setting name="TableStorageEndpoint" /> </ConfigurationSettings> </WebRole> <WorkerRole name="MyAppWorkerRole" enableNativeCodeExecution="false"> <ConfigurationSettings> <Setting name="AccountName" /> <Setting name="AccountSharedKey" /> <Setting name="QueueStorageEndpoint" /> <Setting name="TableStorageEndpoint" /> </ConfigurationSettings> </WorkerRole> </ServiceDefinition>
<?xml version="1.0"?> <ServiceConfiguration serviceName="MyCloudService" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration"> <Role name="MyAppWebRole"> <Instances count="1" /> <ConfigurationSettings> <Setting name="AccountName" value="devstoreaccount1" /> <Setting name="AccountSharedKey" value="Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==" /> <Setting name="QueueStorageEndpoint" value="http://127.0.0.1:10001" /> <Setting name="TableStorageEndpoint" value="http://127.0.0.1:10002" /> </ConfigurationSettings> </Role> <Role name="MyAppWorkerRole"> <Instances count="1" /> <ConfigurationSettings> <Setting name="AccountName" value="devstoreaccount1" /> <Setting name="AccountSharedKey" value="Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==" /> <Setting name="QueueStorageEndpoint" value="http://127.0.0.1:10001" /> <Setting name="TableStorageEndpoint" value="http://127.0.0.1:10002" /> </ConfigurationSettings> </Role> </ServiceConfiguration>
For development the
AccountSharedKey values are fixed to what is
shown above(When working with the development environment
you must use that name and key). This allows you to test
your authentication code when accessing and storing data in