I am working with a developer and creating a Blazor application that will have access to sensitive data. I typically avoid 3rd party add-ins unless they come from vendors with significant security credentials. Are those of you who are using Hangfire and who might have insight to its open source code inner-workings comfortable with this product?
Related
I have azure app service where I am running a tomcat application, is there a way / or any in-build anti-malware option is available if not how to implement threat protection in this app service
Azure App Service uses the same Antimalware solution used by Azure Cloud Services and Virtual Machines but it is completely managed by our Engineering team on regular basis.
Also as a PAAS service we currently donot provide anti-malware scanning as a customer facing service. The implementation of A/V on our service has gone through, and will continue to go through, changes as we tune it for its primary purpose. Its primary purpose is to protect the service itself (PAAS) from viruses.
If you have custom requirement of having providing anti-virus scanning then IaaS VMs should be the choice as they have installable extension for virus scanning and the choice of different A/V technologies.
You can check the documentation in the below link:
https://learn.microsoft.com/en-us/azure/security/azure-security-antimalware Screen shot of the information under Architecture section of the link.
https://learn.microsoft.com/en-us/azure/app-service/app-service-security-readme
For now, there is no native virus scanning / anti-malware feature on Websites. However you could implement it with third party API like ClamAV or the extension in Azure App Service named with Tinfoil Security.
There are two ways to integrate Tinfoil Security to you app and this is the introduction, first you could refer to this doc ,I tried this way however It show Failed to purchase. So maybe you could try another way. Under Development Tools in your App choose Extensions , click Add button then Choose Extension, on the list there is a Tinfoil Security , that's what we need. I tried this way, it could be integrated to my App.
Here's the environment:
Existing .NET B2B application with multiple, external corporate customers. The service provider application is hosted in IIS.
Existing non-SSO authentication with user account info stored in a database.
Must have both SSO and non-SSO login capability.
The initial identity provider will be ADFS hosted by a customer.
All options are on the table. I'm open to cloud solutions, open source (Shibboleth et al), local ADFS server, and/or custom implementation. I'm looking for the easiest and fastest way to implement an SSO solution into an existing .NET application.
Lots of things to wheigh in. First strike the custom solution part, hard and unnessecary in this case.
As I understand you are looking for the SP part as IDP will be ADFS at customer.
In this case the product does not even have to talk to the database. Only the IDP needs that.
Some things to think about when choosing the product.
Opensource is cheep in licens cost. enterprise products can be quite expensive.
Enterprise product might have better support then opensource when things doenst work. If your applications ar critical this might be important.
It might be a good idea to consider one of many cloudbased SPs to offload the management of the SP from you.
These are some considerations to take. What you choose will depend on your need and wishes in terms of uptime, support, managements etc.
Most products will have no problem implementing this use case.
I have a WebAPI back-end for a mobile, and want to host it in Azure.
I am having a hard time figuring out the real differences between AMS and Websites.
All the articles I read about the subject talks about changes and benefits in general, and I want to understand specifically which new features AMS provides, and the benefits of hosting in AMS.
Authentication
In AMS I see the "IDENTITY" tab in azure portal. From what I understand, those 3rd party configs allow me to authenticate my users easily with google,FB etc. But this is just making the process more convenient and configurable via UI. In Websites, I can achieve the same functionality pretty easily using code from ASPNet.Identity and OWIN libraris.
Push Notifications
Again looking at AMS in the "PUSH" tab, I can see two mechanisms. The Notification Hub and 3rd party section.
The Notification Hub is nothing special to AMS, and I can get the exact same functionality when hosting in Websites.
The 3rd party section allows me to configure credentials to push services from Apple and Google (APNS,GCM...) and together with libraries in AMS namespace I can easily write code to communicate with those services.
But When hosting in Websites, in my back-end I can use open source libraries. For example, Moon-APNS to talk to APNS.
Scale
As far as I understand, both Websites and AMS allows the same scale functionality (One calls it Units and the other Instances).
Are there any big differences I missed?
Are any of the claims I made are incorrect?
It would be great if anyone could shed some light on the matter, specifically addressing all the 3 issues (Auth,Push,Scale).
That's a question I often get when I present Mobile Services at user group events.
For a .NET developer, there's nothing really special about Mobile Services since everything it offers, you can do it with a Website.
Mobile Services really shines for non .NET developers since you can have a complete mobile backend by writing scripts running on Node and Mobile Services abstract all the database and REST complexity.
I will likely get downvoted since I'll express a personal opinion but anyways: I see no obvious reasons for using Mobile Services if you're coding a .NET backend.
I think you are exactly the target customer for Azure Mobile Apps. You will get all of the power of having your own Azure Website (now rebranded as Azure Web App), with the additional convenience and client libraries of Mobile Services.
One feature of the client library that you may not have noticed is the cross-platform offline data sync capability. That's usually hard to build on your own, and we have an implementation that's conceptually consistent across all client platforms. (Plus, if you use Xamarin, you can share code between your client implementations.)
To be clear: Azure Mobile Services is NOT deprecated, and will not be until long after GA (general availability) of Azure Mobile Apps. Azure Mobile Apps is currently in preview.
The other big benefit of Mobile Services that you haven't mentioned is the client libraries for Android, iOS, Xamarin, and Cordova. If you already have a REST client library in your app and don't need to worry about multiple client platforms, then Azure Web Sites sound like a good way for you to go.
AMS by itself is built on top of Azure Websites. So you can actually implement everything in an Azure website that is available in AMS.
However, the good thing about AMS is that it allows you to quickly build the backend for a mobile app with CRUD operations, authentication/authorization and also provides client side libraries for different type of clients e.g., HTML, C#, etc. so we don't have to manually make the HTTP calls.
If you have need to implement the above functionality in Web API, it is quite an effort. Isn't it?
I wonder what is the security level for azure hosted websites. Is it Medium/High or Full?
They run in Full Trust (source).
However, they use a Sandbox mechanism, and as a result some APIs are not available (e.g. Sockets using IPv6), or do not work as expected (for example, the Socket.Available property is unavailable, which restricts the use of some libraries such as NetFTP).
If you are considering using WA Websites for scenarios in which .NET Security might be a problem, I suggest you to get in touch with Microsoft support to ensure that the specific features you may need are supported on this environment.
I am wondering if some authentication can be used to authenticate logins in Windows, Linux, Google Apps and Apache hosted web applications.
Ideally, I would love the authentication to have these features:
The authentication provider should be replicated, maybe one mirror exists online for external applications while an internal mirror is used for intranet/PC logins.
The authentication service should not be hosted on Google Apps or any other service, it should be under my full control.
Fault-tolerant, those mirrors can be specified in some order, if one fails, the next is tried.
I have done a lot of research, it seems Kerberos fits my needs. It seems that a lot of work has to be done.. especially for Google Apps, an SAML authentication service must be written.
I am wondering if there is an easy way, or if Kerberos is really what I am looking for.
RADIUS is another protocol choice. Plenty of providers available.
Just so you understand, what you are asking for is non-trivial, and unless you understand this space well (and I'm guessing you don't seeing as you're asking...), you almost certainly are underestimating the cost and the effort.
Kerberos is a large and complex specification, and getting effective interoperability across systems will cost you $$$$.