WCF Security Scenarios

In his book, “Programming WCF Services”, Juval Lowy does a superb job of explaining the principles of WCF Security and simplifies the subject by discussing 4 typical security scenarios.
I mplemented those scenarios as demos for my latest class in WCF and I would like share them with you in this and the next few posts

Why should you read on?

These demos are concise yet complete. My approach has been to use configuration files only – no code. For each scenario I present two complete configuration files, one for the client and one for the server. I have removed every character that is not absolutely necessary for the demonstration. I have also aligned the configuration files so you can easily compare them line by line to locate the differences.
Hopefully you should be able to get started with one of these demos very quickly.


There are four typical scenarios:

    1. Intranet
    2. Anonymous
    3. Business-to-Business
    4. Internet

I have dedicated a post to each one.
Each has a demo in the source code. The four demos are identical except for their configuration files (and the Internet demo which differs slightly in code too).
Each demo consists of a self-hosted console application which also contains the service implementation and a console client application that consumes it. The service consists of a calculator contract with one method.
The only exception to this is in the Internet scenario where I demonstrate role-based security. I will show you the small differences in code for that scenario in the last post of this series.


Creating and Deploying a Virtual Machine Role in Windows Azure

In this exercise, you prepare the base image that you will deploy to Windows Azure.

In Hyper-V Server, you create a new virtual machine and perform a default installation of Windows Server 2008 R2. After booting the virtual machine, you log in, install and configure the required OS features, and then install the Windows Azure VM Role Integration Components. In a more realistic scenario, at this point, you would typically install additional software.

Once you have installed and configured all the required software, you apply the System Preparation Tool (sysprep.exe) to generalize the image, shut it down, and then you upload it to Windows Azure.
Next, you create a service model and configure it to use the deployed image, generate a service package, and then deploy it to your subscription using the Windows Azure Management Portal.

Task 1 – Building a Base Virtual Machine Image

In this task, you create a virtual machine in Hyper-V to build a base image of Windows Server 2008 R2.

  1. Open Hyper-V Manager in the Start menu and connect to your Hyper-V Server.
    Hyper-V Manager console
  2. In Hyper-V Manager, right-click the server name, point to New, and then select Virtual Machine. Click Next at the welcome screen to start the New Virtual Machine Wizard.
    Creating a new virtual machine to prepare an image
  3. In the Specify Name and Location step, set the name to VM Role and then click Next.
    Choosing the name of the new virtual machine
  4. In the Assign Memory step, set the amount of memory to 2048 MB and then click Next.
    Configuring the amount memory assigned to the virtual machine
  5. Next, in the Configure Networking step, select Local Area Connection – Virtual Network and then click Next.
    Configuring networking options for the virtual machine
    Note:The network connection will be used by the virtual machine to access Windows Update and apply required updates.
  6. Now, in the Connect Virtual Disk step, select the option labeled Create a virtual hard disk. Set the Name of the disk to baseimage.vhd, change the location to a suitable folder in your Hyper-V server, set the disk Size to 30GB, and then click Next to continue.
    Creating a new virtual hard disk
    Note:The VHD size must fit the quota allocated for the chosen VM size for you role. In this case, setting the size to 30GB allows you to deploy the VM in a “small” role.
    If you already have a VHD file with a clean installation of Windows Server 2008 R2, you may use that instead. To do this, select the option labeled Use an existing virtual hard disk and browse to the location of the VHD file. Note that the image file must contain a single partition with the OS installation and must not include a recovery partition.
    Note:If you use an existing image, after you create the virtual machine, you may skip the OS installation section of this task and proceed to the next task.

    Using an existing virtual hard disk
  7. In the Installation Options step, choose the option that is the most suitable for the type of setup media that you have, and then click Next.
    Installing an operating system from the setup media
    Note:To create a base image for the Virtual Machine Role, you require setup media for Windows Server 2008 R2 Enterprise Edition. Click here to download trial software.

    Completing the Virtual Machine Wizard
  8. Click Finish to create the virtual machine.
  9. In Hyper-V Manager, in the results pane, under Virtual Machines, right-click the name of the newly created virtual machine and then select Connect.
    Note:If Hyper-V manager does not list the virtual machine, you may need to right-click the server name and select Refresh.
  10. In the toolbar of the Virtual Machine Connection window, click the Start icon.
    Starting the virtual machine in Hyper-V
    Note:Virtual Machine Connection is a tool that you use to connect to a virtual machine so that you can install or interact with the guest operating system.
  11. Start the virtual machine to launch the Windows Server 2008 R2 installation procedure.
    Note:If the installation does not start automatically, you may have specified an incorrect location of the setup media for Windows Server 2008 R2 in the Installation Options page of the New Virtual Machine wizard.
  12. Install Windows Server 2008 R2 Enterprise edition using default settings. The only special requirement for a valid VM Role image is to allocate the entire virtual hard disk file to a single partition where you install the operating system. To avoid creating a recovery partition during the installation, follow these steps:
    1. Choose the Custom (advanced) installation type to select the partition where you will install Windows.
    2. Press Shift + F10 to open a command prompt during GUI-mode setup.
    3. At the command prompt, enter the following commands:
      Command Prompt

      diskpart select disk 0 create partition primary exit
    4. Close the command prompt window.
    5. Install Windows in the newly created partition.

Task 2 – Preparing the Base Image for Deployment

Typically, VM roles are best suited for deploying legacy systems that involve complex installation and configuration procedures or for those applications whose setup you cannot script; otherwise, a web or worker role together with start-up tasks typically provide a simpler solution and the benefit of lower management requirements. For the scope of this lab, because the objective is simply to confirm that you can deploy and start a VM Role image successfully, you will enable the Web Server role in your virtual machine. Note, however, that a web role with full-IIS support provides equivalent functionality and that you would not normally use a VM role for this purpose.

In this task, you prepare the image containing a default installation of Windows Server 2008 R2 Enterprise that you created in the previous task by installing the components required for deployment to Windows Azure.

  1. If necessary, in Hyper-V Manager, open a new Virtual Machine Connection window, and sign-in to the virtual machine that you created previously.
  2. In the guest operating system, if not already open, start Server Manager from All Programs | Administrative Tools.
  3. Select the Roles node and then click Add Roles.
    Adding a new server role
  4. In the Server Roles step, select the Web Server (IIS) role in the list and click Next.
    Installing the Web Server role
  5. In the Web Server (IIS) step, click Next.
    Web Server (IIS) step
  6. In the Role Services step, click Next without selecting any additional components.
    Configuring Web Server role components
  7. In the Confimation step, ensure that the Web Server role is included in the list of services and then click Install.
    Confirming the installation selections
  8. Wait for the installation to complete and then click Close.
    Successful installation of the Web Server role
  9. Next, in Server Manager, select the Features node and then click Add Features.
    Installing additional features
  10. In the Features step, expand .NET Framework 3.5.1 Features, select.NET Framework 3.5.1 and then click Next.
    Installing the .NET Framework prerequisite
    Note:The VM Role Integration Components require .NET Framework 3.5.1. You will install these components in the next task.
  11. In the Confirmation step, click Install.
    Confirming the installation of the .NET Framework features
  12. In the Results step, click Close.
    Successful installation of the .NET Framework feature
  13. Open the Windows Update control panel from Start | All Programs | Windows Update.
  14. In the Windows Update page, select Change Settings.
    Changing Windows Update settings
  15. In the Change Settings page, select the option labeled Never check for updates (not recommended) and then click OK.
    Disabling Windows Updates in the VM Role image
  16. Next, click Check for updates and install all available updates.
    Installing Windows Updates before deploying the VM Image
    If prompted, you may need to reboot and repeat the check for updates in case there are additional updates to install.

Task 3 – Installing the Windows Azure VM Role Integration Components

In this task, you install the Windows Azure VM Role Integration Components.

  1. In the Virtual Machine Connection window, in the Media menu, point to DVD Drive and then select Insert Disk. In the Open dialog, browse to the location of the ISO file for the VM Role Integration Components, wavmroleic.iso, and then click Open.

    Connecting the VM Role Integration Components installation ISO file to the virtual CD/DVD drive
    Note:If you have not installed the Windows Azure SDK in your Hyper-V server, you will need to copy the wavmroleic.iso file from another computer were you installed the SDK to the Hyper-V server’s hard disk. You will find this file in the iso folder of the Windows Azure SDK installation directory.
  2. After you connect the ISO file to the DVD drive of the virtual machine, wait for the AutoPlaydialog to appear and then click Open folder to view files using Windows Explorer.
    Browsing the VM Role Integration Components ISO file
    Note:If the AutoPlay feature is not enabled, open a Windows Explorer window and browse to the CD/DVD drive.
  3. In the Windows Explorer window, locate the WaIntegrationComponents-x64.msi (Windows Installer) file and double-click it to start the installation.
    Launching the installation of the VM Role Integration Components
  4. At the Welcome screen, click Next to proceed.
    Windows Azure VM Role Integration Components Setup Welcome screen
  5. In the Operating System Configuration step, enter an Administrator Password, confirm it, and then click Next.
    Configuring the administrator password
  6. Click Install to begin the installation of the Integration Components.
    Beginning the installation of the VM Role Integration Components
  7. When prompted to install device software, click Install to proceed.
    Installing required device drivers
  8. Wait for the installation to complete, which should only take a few seconds.
    Monitoring the progress of the installation
  9. Click Finish to exit the setup program.
    Successful installation of the VM Role Integration Components
  10. Once the installation of the components has finished, you will be prompted to restart the system. Click Yes to continue.
    Restarting the system to complete the installation of the integration components
  11. Wait for the system to restart and log in to the guest machine once again.
  12. Now, inside the VM, open the Start menu, type %windir%\system32\sysprep\sysprep.exe and then press Enter to launch the System Preparation Tool. Set the System Cleanup Action to“Enter System Out-of-Box Experience (OOBE)”, check the option labeled Generalize, set theShutdown Options to Shutdown, and then press OK.
    Launching the System Preparation Tool
    Note:The Sysprep tool (Sysprep.exe) prepares the image by cleaning up various user and machine settings and log files, as well as removing any hardware-dependent information.
  13. Wait for the system to completely shutdown. Your image is now ready for deployment.

Task 4 – Uploading the Disk Image to Windows Azure

In this task, you upload the VHD file to the Management Portal.

  1. Open a Windows Azure SDK Command Promptas an administrator from Start | All Programs | Windows Azure SDK v1.x.
  2. At the command prompt, execute the following command line, where:
    <YOUR-SUBSCRIPTION-ID> ID of your Windows Azure subscription that you obtain from the Management Portal
    <YOUR- CERTIFICATE-THUMBPRINT> Thumbprint of the management certificate that you can generate in Visual Studio and upload to the Management Portal (see Appendix A: Configuring your Windows Azure Management Portal Credentials in Visual Studio –   will post soon )
    <PATH-TO-VHD-FILE> Path to the disk image file, baseimage.vhd,that you built in Hyper-V
    <HOSTED-SERVICE-LOCATION> Windows Azure data center location where the hosted service will be deployed (choose, “East Asia”, “North Central US”, “North Europe”, “South Central US”, “Southeast Asia”, “West Europe”)

    Windows Azure Command Prompt

    csupload Add-VMImage -Connection "SubscriptionId=<YOUR-SUBSCRIPTION-ID>; CertificateThumbprint=<YOUR-CERTIFICATE-THUMBPRINT>" -Description "Base image Windows Server 2008 R2" -LiteralPath "<PATH-TO-VHD-FILE>" -Name baseimage.vhd -Location <HOSTED-SERVICE-LOCATION>

    Note:The –Connection parameter contains settings required to access and manage your subscription. If you regularly use the csupload tool, you may store this connection string in your local disk using the Set-Connection command and then execute commands without specifying the connection details each time.

  3. Press Enter to start execution.
  4. In the Windows Azure VHD Verification Tool dialog, click OK to allow the VHD to be mounted. If the AutoPlay dialog appears, close it.
    Mounting the VHD for verification
    Initially, the tool executes a preparation phase where it mounts the VHD file and verifies it. It then processes the file to create a smaller compressed copy. The file it generates has a .prepedextension and it stores it by default in the same folder as the original image file. To change the folder where csupload stores this file, use the –TempLocation parameter and then specify the path to the alternate location.

    Preparation phase of the csupload tool
  5. After the preparation phase completes, the tool creates a new blob to hold the image file and then begins to upload the compressed image to your Windows Azure account.
    Uploading phase of the csupload tool
    Note:Base image files are typically large and, depending on the speed of your Internet connection, may take a significant amount of time to upload.
  6. In the Management Portal, select the Hosted Services, Storage Accounts & CDN tab, and thenVM Images. Notice that the list includes the baseimage.vhd file that you are currently uploading and that its status is shown as Pending.
    Available VM Images including the image currently being uploaded
  7. Wait for the upload to complete, which may take several hours, if your connection is not very fast.
    VM image successfully uploaded to Windows Azure
  8. Examine the status of the VM role image in the Management Portal and verify that it has now changed to Committed.
    Image committed successfully after finishing the upload

Task 5 – Creating the Service Model

After completing the previous task, you now have a VM image deployed to your Windows Azure account. In this task, you create a service model and configure it to reference this image.

  1. Start Microsoft Visual Studio 2010.
  2. In Visual Studio, create a new Windows Azure Project. You may choose any language, Visual C# or Visual Basic, because you will only use Visual Studio to create the service model and generate the service package. Set the name of the project to MyVMRole, change the location to theSource folder of the lab, ensure that the option labeled Create directory for solution is checked, and set the solution name to Begin. Click OK to create the project.
    Creating a new Windows Azure Project
  3. In the New Windows Azure Project dialog, click OK without adding any roles. You will create a Virtual Machine role in the following steps.
    Creating a project to host the Virtual Machine Role
  4. Once the solution is created, right-click the Roles folder inside the MyVMRole project, point toAdd, and then select New Virtual Machine Role.
    Adding a new Virtual Machine Role to the project
    Note:Currently, access to VM Role is available through an invite-only beta program. If you enroll in this program, you will receive instructions for enabling the required functionality in the Windows Azure Tools for Visual Studio; otherwise, you may not see the required menu option.
  5. In the properties window for the new role, select the Virtual Hard Disk tab. To show the window, expand the Roles node in Solution Explorer and then double-click the VMRole1 role.
  6. Before you can choose an image to use for your VM role, you need to configure Visual Studio to access your Windows Azure account. If you have used Visual Studio previously to deploy service packages to Windows Azure, you may already have created the required credentials. (For instructions on how to do this, see Appendix A: Configuring your Windows Azure Management Portal Credentials in Visual Studio will post soon.)
  7. Once you configure the credentials, choose them in the drop down list labeled Select or create your Windows Azure account credentials. After you do this, Visual Studio accesses your subscription and retrieves a list of available virtual machine images.
  8. Expand the drop down list labeled Select VHD and choose the image named baseimage.vhd, which contains the installation of Window Server 2008 R2 Enterprise Edition that you uploaded earlier.
    Choosing a VHD for your virtual machine role
    Note:The drop down lists every VHD that you upload to your subscription.
  9. Configure an endpoint to allow external connections to the Web server in the VM Role. To do this, in the role properties window, switch to the Endpoints tab. Click Add Endpoint to create a new entry in the endpoints list. Set the name of the endpoint to HttpInselect Input in the Typecolumn, http as the Protocol and type 80 for both Public Port and Private Port values.
    Configuring an external endpoint for the virtual machine role
    Note:In this lab, you enable the Web Server feature in the VM image to provide a simple mechanism to determine when the role starts successfully; hence the need to declare the input endpoint.
  10. Next, configure the Remote Desktop connections for your role. To do this, right-click theMyVMRole cloud service project in Solution Explorer and select Package. In the Package Windows Azure Application dialog box, check Enable Remote Desktop for all Roles. It will prompt the Remote Desktop Configuration dialog.
    Preparing for deployment
  11. Expand the drop down list labeled Create or select a certificate to encrypt the user credentialsand select Create.
  12. In the Create Certificate dialog, enter a name to identify the certificate, for example,AzureRemote, and then click OK.
    Creating a certificate for Remote Desktop connections
  13. Now, back in the Remote Desktop Configuration dialog, choose the newly created certificate from the drop down list, enter the name of the user that you will use to connect remotely to your role–this can be any name of your choice–enter a password and confirm it, and leave the account expiration date unchanged.
    Configuring Remote Desktop settings
  14. Before you close the dialog, click View next to the certificate drop down list. In the Certificatedialog, switch to the Details tab and click Copy to File. Follow the wizard to export the certificate to a file, making sure that you choose the option to export the private key. Save the resulting file to a suitable location in your hard disk. You will need to upload this file to the Management Portal later, once you create a hosted service for your role.
  15. Click OK to close the Remote Desktop Configuration.
  16. Finally, create a package to deploy your virtual machine role. To do this, click Package and then wait until Visual Studio creates it. Once the package is ready, Visual Studio opens a window showing the folder that contains the generated files.
    Creating a service package in Visual Studio

Task 6 – Creating the Hosted Service and Deploying the Package

In this task, you create a new hosted service for your Virtual Machine role and then deploy the service package.

  1. Return to the browser window showing the Management Portal.
  2. Create a hosted service for your virtual machine role. To do this, select the Hosted Services, Storage Accounts & CDN tab followed by Hosted Services, and then click New Hosted Serviceon the ribbon.
    Creating a hosted service for your virtual machine
  3. In the Create a new Hosted Service dialog, enter a Service Name, for example, MyVMRole, and the URL that you wish to assign to the service. Remember that this URL is public, therefore, it needs to be unique and can only contain characters that are valid in a URL. The dialog validates the name as you type it and warns you if the name you choose has already been taken. Pick the region where you want to host the service from the drop down list labeled Choose a region and ensure that it is the same region where you uploaded the VM image in the previous task. Finally, in the Deploy pane, select the option labeled Do not deploy, and then click OK.
    Configuring the hosted service
  4. Upload the certificate used to encrypt the Remote Desktop password to the newly created service. To do this, expand the node for your hosted service to display and select theCertificates node and then click Add Certificate on the ribbon.
    Configuring service certificates
  5. In the Upload an X.509 Certificate dialog, click Browse and navigate to the location where you stored the certificate for Remote Desktop that you created and exported during the previous task, enter the assigned password, confirm it, and then click Create.
    Uploading the Remote Desktop certificate to the service
  6. Once you create the service, select it in the items pane of the Management Portal page, and then click New Production Deployment on the ribbon.
    Creating a new deployment for the service
  7. In the Create a new Deployment dialog, click Browse Locally next to the Package Location text box and then navigate to the location where Visual Studio generated the service package during the previous task. You should have a Windows Explorer window already open showing the correct location. Choose the service package file with a .cspkg extension and click Open. Repeat the same procedure to choose the Configuration File with a .cscfg extension in the same location. Finally, enter a label to identify your deployment, and click OK.
    Deploying a service package for the Virtual Machine role
  8. Once you start the deployment, you can monitor its progress in the Management Portal’s UI. Observe the various states that the deployment undergoes as the role starts up and initializes.
    Viewing the status of the hosted service
  9. Wait until the status of the deployment is shown as Ready.
    Hosted service successful start
  10. To verify that the role started successfully, open the home page of your VM role in your browser. You can find its URL in the Properties window of your deployment, which corresponds to the web server (port 80) endpoint that you defined while creating the service model.
    Accessing the input endpoint of the VM role
  11. Verify that you can access the default page in IIS, as shown in the image below.
    Accessing the web server running in the VM role

Introduction of node.js

what’s node.js?

If you’re not familiar with node.js, it’s a new web programming toolkit that everyone’s talking about. It’s the one that makes you feel not hip if you don’t know what it is. Like Ruby on Rails was a few years back. Folks called it “Node” and it’s basically server-side JavaScript. The idea is that if you are doing a bunch of JavaScript on the client and you do JavaScript all day, why not do some JavaScript on the server also. One less thing to learn, I suppose.
If you are an ASP.NET programmer, you can think of node.js as being like an IHttpHandler written in JavaScript. For now, it’s pretty low-level. It’s NOT an HttpHandler, but I’m using an analogy here, OK?

 Why does node.js matter?

Why bother with node at all? There’s a number of interesting aspects to node as it sits. It uses a very fast JavaScript engine called V8, but more importantly its I/O is asynchronous and event-driven which contrasts with typical synchronous code.
For example, a naive hello world HttpHandler in ASP.NET that “does some work” for a few seconds (gets a file, accesses a service, etc) could look something like this:

And this is usually fine for most stuff. However, when I push this HARD with a load testing tool and a thousand virtual clients, I can barely get 60 requests a second. The request thread is tied up waiting for the “work” to happen and everyone else gets in line. I’m using up ASP.NET pool. It’d be nice if the work would get handled and someone would “call me back” when it’s finished. It’s like waiting on hold for tech support. You are effectively blocked as you wait for them to pick up their end. Wouldn’t it be nice if they just called you back when they were ready?
ASP.NET has always been able to do things with IHttpAsyncHandler but it’s always been a bit hard and almost no one knows about it. With the Async CTP and the Task libraries built into .NET, you can build a nicer abstraction on top of IHttpAsyncHandler

Why would I want node.js to run on Windows and IIS?

Some of the advantages of hosting node.js applications in IIS using the iisnode module as opposed to self-hosting node.exe processes include:

  • Process management. The iisnode module takes care of lifetime management of node.exe processes making it simple to improve overall reliability. You don’t have to implement infrastructure to start, stop, and monitor the processes.
  • Scalability on multi-core servers. Since node.exe is a single threaded process, it only scales to one CPU core. The iisnode module allows creation of multiple node.exe processes per application and load balances the HTTP traffic between them, therefore enabling full utilization of a server’s CPU capacity without requiring additional infrastructure code from an application developer.
  • Auto-update. The iisnode module ensures that whenever the node.js application is updated (i.e. the script file has changed), the node.exe processes are recycled. Ongoing requests are allowed to gracefully finish execution using the old version of the application, while all new requests are dispatched to the new version of the app.
  • Access to logs over HTTP. The iisnode module provides access the output of the node.exe process (e.g. generated by console.log calls) via HTTP. This facility is key in helping you debug node.js applications deployed to remote servers.
  • Side by side with other content types. The iisnode module integrates with IIS in a way that allows a single web site to contain a variety of content types. For example, a single site can contain a node.js application, static HTML and JavaScript files, PHP applications, and ASP.NET applications. This enables choosing the best tools for the job at hand as well progressive migration of existing applications.
  • Minimal changes to node.js application code. The iisnode module enables hosting of existing HTTP node.js applications with very minimal changes. Typically all that is required is to change the listed address of the HTTP server to one provided by the iisnode module via the process.env.PORT environment variable.
  • Integrated management experience. The issnode module is fully integrated with IIS configuration system and uses the same tools and mechanism as other IIS components for configuration and maintenance.In addition to benefits specific to the iisnode module, hosting node.js applications in IIS allows the developer to benefit from a range of IIS features, among them:
    • port sharing (hosting multiple HTTP applications over port 80)
    • security (HTTPS, authentication and authorization)
    • URL rewriting
    • compression
    • caching
    • logging

These are all compelling, but the most interesting bit here, in my opinion, is integration. The iisnode module is a proper IIS module, just like ASP.NET and PHP. This means you can have a single website that has multiple kinds of content. Restated from above:
For example, a single site can contain a node.js application, static HTML and JavaScript files, PHP applications, and ASP.NET applications.
folks you can have an ASP.NET WebForms app and a ASP.NET MVC app in the same AppPool as a “hybrid.” Frankly, Dear Reader, people don’t even realize the power and flexibility of IIS. When you plug in something new like node but run it the way you run other things it inherits all the coolness of the outer container, in this case, IIS.

Crystal Report for Visual Studio.Net Series 1 of 7

Before we started off this small research on Crystal Reports for Visual Studio .NET, my friend and I were inquisitive about the complexity with regard to its implementation into our web application. A week later, with a lot of effort going into hunting for the ‘how-to’ documentation online, we have managed to integrate some simple reports into our ASP.NET application and try some neat tricks with it!!

This article is a compilation of required material to kick-start the process of implementing Crystal Reports into your .NET web application and should reduce your frustrating efforts (spent for the same research that we made) to a trifle by using these step-by-step walkthroughs. To get the best out of this article, the reader should have a basic Knowledge of database connections in ASP.NET and use Visual Studio .NET for the development.

The topics that we have covered here are :

  1. Introduction
  2. Getting a feel of it – Using an existing Crystal Report file in your .aspx page
  3. Crystal Reports Walkthrough – using the Pull Model
  4. Crystal Reports Walkthrough – using the Push Model
  5. Exporting the Report file into other formats


Crystal Report comes in various flavors and the one that is required for building reports for .NET is “Crystal Report for Visual Studio .NET”. It exposes a rich programming model with which we could manipulate its properties and methods during runtime. If you are developing your .NET applications using Visual Studio .NET then you won’t have to install any additional software as it is already built into Visual Studio .NET.
Note:Visual Studio 2010 requires to download Crystal Report software


Some of the major advantages of using Crystal Report for Visual Studio .NET are :

  • Rapid report development
  • Can extend it to complicated reports with interactive charts
  • Exposes a report object model using which it can interact with other controls on the web form
  • Can programmatically export the reports into widely used formats like .pdf, .doc, .xls, .html and .rtf

The Architecture

The various components that make up a simple implementation of Crystal Report as a 2-tier architecture, required for web applications are

  • The Client :The client only needs a browser to access the reports which are embedded into the .aspx pages.
  • The Web Server hosts the :
    1. Crystal Report Engine (CREngine.dll) Along with other tasks like merging the data with the report file, exporting reports into different formats, etc., it is the Report Engine that converts your Crystal Report into plain HTML that is passed on to your .aspx page.
    2. Crystal Report Designer (CRDesigner.dll) The reports are created from scratch using the Crystal Report Designer, with which you could design the titles,insert data, formulas, charts, sub-reports, etc.
    3. The .rpt Report file Designer interface You will find some ready-made .rpt samples provided with the default installation.
    4. The Data Source The way your .rpt file gets the data depends on which method you choose. You can choose to make Crystal Report itself to fetch your data without writing any code for it or you can choose to manually populate a dataset and pass it on to the report file. We will look at the various possibilities a little later in this article.
    5. Crystal Report Viewer web form Control (CRWebFormViewer.dll) The Crystal Report Viewer control is a web form control that can be inserted into your .aspx page. It can be thought of as a container that hosts the report on the .aspx page.

Note : In a more complex implementation, the reporting server and the web server could be on different physical servers, where the web server would make an HTTP request to the reporting server.The Crystal Reports could also be implemented as a web service.

Implementation Models

Fetching the data for the Crystal Report could be done by using any of the following methods :

  1. Pull Model : where in Crystal Report handles the connection to the database using the specified driver and populates the report with the data, when requested.
  2. Push Model : where it is the developer who has to write code to handle the connection and populate the dataset, and pass it on to the report. The performance can be optimized in this manner by using connection sharing and manually limiting the number of records that are passed on to the report.

Report Types

Crystal Report Designer can load reports that are included into the project as well as those that are independent of the project.

  1. Strongly-typed Report : When you add a report file into the project, it becomes a ‘strongly-typed’ report. In this case, you will have the advantage of directly creating an instance of the report object, which could reduce a few lines of code, and caching it to improve performance. The related .cs file, which is hidden, can be viewed using the editor’s ‘show all files’ icon in the Solution Explorer.
  2. Un-Typed Report : Those reports that are not included into the project are ‘un-typed’ reports. In this case, you will have to create an instance of the Crystal Report Engine’s ‘ReportDocument’ object and manually load the report into it.

Building Windows Azure Applications with the Caching Service

In this Article, learn how to use the Windows Azure Caching service for both your ASP.NET session state and to cache data from your data-tier. You will see how the Caching service provides your application with a cache that provides low latency and high throughput without having to configure, deploy, or manage the serviceOverview

The Windows Azure Caching service provides a distributed, in-memory cache for your applications. In this lab, you will learn how to use the Windows Azure Caching service for both your ASP.NET session state and to cache data from your data-tier. You will see how the Windows Azure Caching service provides your application with a cache that provides low latency and high throughput without having to configure, deploy, or manage the service.


In this lab, you will learn how to:

  • Easily and quickly provision your cache through the portal
  • Use the caching service for your ASP.NET session state
  • Cache reference data from SQL Azure in the caching service
  • Create a reusable and extensible caching layer for your applications

During this lab, you will explore how to use these features in a simple ASP.NET MVC application.


This lab includes the following exercises:

  1. Using the Windows Azure Caching for Session State
  2. Caching Data with Windows Azure Caching
  3. Creating a Reusable and Extensible Caching Layer

Connecting Apps with Windows Azure Connect

Windows Azure Connect’s primary scenario is enabling IP-level network connectivity between Azure services and external resources. The underlying connectivity model that supports this is quite flexible. For example, you can use Sydney to setup networking between arbitrary groups of machines that are distributed across the internet in a very controlled and secure manner.


To enable IP-level network connectivity between Azure services and external resources, Windows Azure Connect can be used. The underlying connectivity model that supports this is quite flexible. For example, you can use Windows Azure Connect to setup networking between arbitrary groups of machines that are distributed across the internet in a very controlled and secure manner.

The following diagram illustrates the key elements of the Windows Azure Connect model.

Windows Azure Connect creates a logical “virtual network” which can contain two types of entities: Azure Role groups and Machine groups.

  • Role groups map to Azure roles, which have been enabled for Windows Azure Connect. Only the Azure VM instances for a role are members of a role group – the admin cannot manually add or remove members. Windows Azure Connect automatically manages the membership of role groups – if you add or remove role instances, Windows Azure Connect will track this and update the role group membership appropriately.
  • Machine groups are admin-defined collections of external machines, which have been enabled for Windows Azure Connect through installation of the Windows Azure Connect Endpoint Software. An external machine can belong to at most one machine group.

Connectivity within the Windows Azure Connect virtual network is based on the following rules:

  • A role group can be “linked” to a machine group – this enables connectivity between the members of those groups. A role group can be linked to multiple machine groups – e.g. you could have an Azure web role that is connected to your “My Servers” and “My Laptops” machine groups as shown in the diagram above.
  • Members of a role group (the Azure VM instances) do not have connectivity with each other. In addition, a role group cannot be linked to another role group. These limitations are intentional – the Azure service model controls connectivity between roles and the Azure runtime supports connectivity between role instances. We did not want the Windows Azure Connect model to interfere with this behavior.
  • Machine groups can be linked, as mentioned above, to role groups. Machine groups can also be linked to other machine groups to enable connectivity between members of those groups.
  • Links are not transitive from a connectivity perspective. For example, suppose Group A is linked to Group B, and Group B is linked to Group C. Machines in Group A can communicate with those in Group B, and machines in Group B can communicate with those in Group C. However, machines in Group A cannot communicate with those in Group C.
  • A machine group has an “interconnected” property – if it is set to true, then all members of that group can communicate with each other. If it is set to false, then communication between the members is not allowed.
  • It is important to note that Windows Azure Connect does not affect or interfere with a machine’s existing network connectivity.


In this lab, you will learn how to:

  • Provision a Windows Azure Connect service and associate it with your Azure subscription.
  • Setup network connectivity between Azure Roles and external machines.


This lab includes the following exercise:

  1. Connecting an Azure Web Role to an External SQL Server Database with Windows Azure Connect
  2. Connecting an Azure Web Role to a on premise services with Windows Azure Connect

Web Services and Identity in Windows Azure

This article is a step by step guide that will help you to use claims-based identity for handling authentication and access management for your WCF services hosted in Windows Azure; it will show you how you can still take advantage of local identities for authenticating your users, despite the fact that your services are now hosted in the cloud. The lab will walk you through all the practicalities of taking advantage of the unique characteristics of the Windows Azure environment from your Windows Identity Foundation settings.


Windows Identity Foundation can simplify access to your Windows Communication Foundation (WCF) services, by providing the usual claims-based identity arsenal of good practices: authentication externalization, location independence, decoupling from credential types and many others. There is no reason for you not to enjoy the same advantages when you host your WCF services in Windows Azure: there are few practicalities that are intrinsic to the hosting platform, but the steps you need to follow are largely the same whether you are deploying your services on-premises or in the cloud. If you want to be fully aware of the differences between the two cases, you can optionally go through the lab “Web Services and Identity” and learn about how to use WCF and WIF on-premises before starting the current lab: please note that it is entirely optional, as this HOL is self-contained and independent.

This lab is a step by step guide that will help you to use claims-based identity for handling authentication and access management for your WCF services hosted in Windows Azure; it will show you how you can still take advantage of local identities for authenticating your users, despite the fact that your services are now hosted in the cloud. The lab will walk you through all the practicalities of taking advantage of the unique characteristics of the Windows Azure environment from your Windows Identity Foundation settings.

More precisely, you will learn how to:

  • Use Windows Identity Foundation with WCF services hosted in Windows Azure
  • Trusting an on-premises STS from a WCF service hosted in Windows Azure
  • Using WIF & WCF tracing for a WCF service hosted in Windows Azure, taking advantage of blob storage for the traces
  • Configure a WCF service to use load balancing
  • Deploy a WCF service secured via WIF to the Windows Azure cloud

Windows Identity Foundation can do much more than what we cover in this lab: we hope that the skills you will learn here will help you in your further explorations of identity development.

The first lab will show you the process to configure a weather service to trust an on-premises development STS, and run the entire solution in the Compute Emulator. The second lab will add diagnostics and load balancing features to the WCF service implemented in the first lab. Finally, the third lab will walk you through the steps for running the solution to Windows Azure, which trusts an on-premises STS, generates diagnostic logs, and provides load balancing facilities. As shown on the figure below, an already provided client will be used to consume the WCF service running on the Compute emulator and afterwards in Windows Azure.
WebServicesAndIdentityInTheCloudFigure 1A visual summary of what you will build in this lab


In this lab, you will learn how to:

  • Use Windows Identity Foundation for handling access to a WCF service hosted in the Windows Azure DevFabric by reusing on-premises identities
  • Add STS references on a WCF service hosted in Windows Azure
  • Add service references to a client which points to a WCF service hosted in Windows Azure
  • Configure a WCF service to emit WIF and WCF traces in blob storage, and retrieve traces for offline analysis
  • Provide custom SecurityTokenHandler and ServiceBehavior classes for enabling a WCF service to take advantage of load balancers
  • Deploy to the Windows Azure staging and production evnironments a WCF service secured via WIF


The following exercises make up this hands-on lab:

  1. Using the Windows Identity Foundation with a WCF Service in Windows Azure
  2. Adding Diagnostics and Load Balancing
  3. Deploying the WCF Service to Windows Azure