In my previous post I created a WCF service and deployed that on Azure. I did not add any security to that service at all. Basically everyone can use my service now. In the case of the example of the previous post that is not a huge problem, but if I want to put my wine management service in the cloud, I will certainly need to add security.
My first thought was to add username/password authentication. However it turned out to be more tricky than expected. The basics are pretty straightforward and this post explains how you can do this. The result however is that we need to use a secure SSL connection. So I changed the WCF configuration of my service and added an https endpoint to my cloudservice only to find out that WP7 does not connect to a server which presents a certificate which is not in the trusted root store and there is no way for the application to override this behavior or add certificates to the trusted root store. This means I need to buy a certificate from a trusted authority and install that on Azure. The Azure FAQ has an entry on that as well: How do I get SSL certs for my Windows Azure service? The answer is that Microsoft partners with Verisign to provide SSL certifications for Windows Azure services. The cheapest certificate I could find on the Verisign site still costs $399. That’s quite expensive if you just want to build a small wp7 application and put it on the marketplace. I did not try that solution since this post would be quite expensive to write then.
There is of course a workaround for this as well, and it is explained in this post. You basically get your own domain from for example GoDaddy and use CNAME to point it to blabla.cloudapp.net. You can then buy a certificate from for example RapidSSL which only costs $79. You might even get away with a free certificate from for example StartSSL I am not sure though whether StartSSL is supported by WP7.
So, it is not that easy to secure your service hosted on Azure and still be able to call it from your WP7 application. That’s why I did some thinking on whether I would not go for another solution for my wine cellar management application. If you are a big company that needs to develop and host services for a WP7 application Windows Azure is certainly a valid choice, but if you just want to develop a small application and put it on the marketplace it is possibly another story. Windows Azure has a pay per use model which totally makes sense because it is a cloud offering. If I put an application on the WP7 marketplace I do however not have an option to offer a pay-per-use model. I can only sell the application for a certain price, which makes it difficult to predict the profitability of the application. I think I would want to avoid having a monthly cost as much as possible. That’s why I decided to go for another approach and use an embedded database for my application, but that is something for a next post.
6 comments:
Java Platform, Enterprise Edition (Java EE) is the industry-standard platform for building enterprise-class applications coded in the Java programming language. Based on the solid foundation of Java Platform, Standard Edition (Java SE), Java EE adds libraries and system services that support the scalability, accessibility, security, integrity, and other requirements of enterprise-class applications. java software company
Great post buddy. Its really something very nice to know about.I have read read all the 4 parts of the post.Thanks for sharing this information.Keep on sharing.
Excellent article here i read I love this article. It's really useful one.
The useful blog fr used Java EE. I appreciate for the great job. Nice post describe here. Thanks
Nice blogging about JAVA EE platform. Thank you so much for sharing it! Cheap WildCard SSL
Microsoft Outlook 2010 to help control email volume, you can find the desired content, and perform operations at the appropriate time and location. Outlook 2010 download needs no introduction since it is the industry standard.
Post a Comment