In April 2013 Release Mobile built a demo app using Windows Azure Graph Store. We put this tech blog together to share some tech tips on using GraphStore.
The project objectives:
We built the Windows Azure Active Directory "Manager" app in collaboration with Kuppingcole and Microsoft to demonstrate how single-sign-on access to a mobile web app (in this case a replica of the EIC13 conference all) can be governed, via Azure Active Directory, by information held in an Excel doc. The user identities are authenticated by Social networks such as Facebook, Google and Yahoo.
The project had three aims:
1) Present a vision of the future in which access to Enterprise Cloud apps are securely managed by single-sign-on authentication facilitated by Social Networks.
2) Present a very low-friction method for Enterprises to manage their employee identities, using Azure Active Directory, Excel and the datownia.com API-as-a-Service app
3) Demonstrate how Azure Graph Store is a multi-function schema-less data management service that can be used to both extend Active Directory and to hold App data.
Resources:
- GitHub source code for the project: https://github.com/datownia/waadmanager
- YouTube walkthrough of the app: http://www.youtube.com/watch?v=YAUmcPKBdNw
- URL of the web app itself: http://waadmanager.cloudapp.net
What is Windows Azure Graph store?
• A Graph store is a named data store, containing data tuples. These are identified with a compound key (_Item1 & _Item2) and have a value property, capable of holding complex data types.
• The Windows Azure Graph Store is an extension of the Windows Azure Active Directory Graph (https://graphstoreapp.windows.net/documentation.aspx).
• The tuples are formatted in JSON.
• It is managed by a RESTful API.
Pre-Requisites
• In order to start using a Windows Azure Graph Store, you will need an Azure subscription and an Active Directory Tenant http://technet.microsoft.com/library/jj573650.aspx.
• More details on pre-requisites can be found here: http://msdn.microsoft.com/en-us/library/windowsazure/hh974464.aspx
How to access a Graph Store
Consider this URL: https://graphstore.windows.net/myTenantDomain.onmicrosoft.com/myGraphStore/id1/id2
• This is an example of a URI to a tuple with item identifiers “id1” and “id2”, within the “myGraphStore” named graph store of my active directory tenant named “myTenantDomain.onmicrosoft.com”
The resulting object might be of the format:
{
"_Item1" : "first item",
"_Item2" : "second item",
"AttributeName" : AnyPrimitiveValue,
"ComplexAttribute" : {
"AttributeName" : "value",
"AttributeName2" : "value2"
},
"AttributeCollection" : [
{
"Attribute1" : 100,
"Attribute2" : true
},
{
"Attribute1" : 200,
"Attribute2" : false
}
]
}
• Http operations to manage data:
Action HTTP Operation
Create POST
Update MERGE
Replace PUT
Delete DELETE
• Posting a new tuple to a non-existent graph store will automatically create the store and tuple.
• Permissions on a graph store are managed via a permissions document which can be found at https://graphstore.windows.net/{tenant}/{graphstore}/$permissions
• The permissions document specifies the name of claims that must be present in a bearer token obtained from Windows Azure Access Control Service (ACS). For information about obtaining access tokens from ACS, see the following link; http://msdn.microsoft.com/en-us/library/gg429786.aspx.
• If anonymous access is permitted to a graph store via the permissions document for a given operation (AnonymousRead or AnonymousWrite are true), the REST request need not include an access token.
Extending Active Directory
• Each AD Tenant has a specially named graph store called “graphextension” which is used to add properties to AD entities.
• For example, to add a property named “programme” to an AD User entity, you can post the following:
{
"_Item1" : "users",
"_Item2" : "programme",
"OwningTenant" : " myTenantDomain.onmicrosoft.com",
"ValueFormat" : "{graphstore}/targetGraphName/{id}/programme"
}
Then, calling: https://graph.windows.net/ myTenantDomain.onmicrosoft.com/Users('joe@mytenant.com')/ myTenantDomain.onmicrosoft.com /programme
will return the url:
https://graph.windows.net/ myTenantDomain.onmicrosoft.com/targetGraphName/joe@ myTenantDomain.com/programme
When this url is called, the joe@ myTenantDomain.com/programme tuple is returned, containing the extended data.
Querying the graph store
A data tuple is identified by a tuple id. It is possible to use wildcards (*) in place of item1 or item2 in order to return a concatenated result set.
thanks Ovais Oozeer @ Release Mobile Ltd for providing the tech tips for this blog.
No comments:
Post a Comment