Hybrid Connection - How does it work?

After using Hybrid Connection, i wanted to figure out how it works. Here are the notes:

When setting up the "on-premise" software, a Windows Service "Azure Hybrid Connection Manager Service" is deployed on the machine which launches a listener application "Microsoft.HybridConnectionManager.Listener.exe" present at "C:\Program Files\Microsoft\HybridConnectionManager".

Process explorer shows that the executable is launched by the service to open a persistent (?) connection of some sort with the azure website.

You can verify it by watching the TCP/IP connections used by the "Microsoft.HybridConnectionManager.Listener.exe" in process explorer.

In my application, I accessed SQL Server hosted on my local machine. As shown in the above screenshot, communication address uses ":ms-sql-s" to indicate that.

Interestingly the connection with remote host is closed after ~60 seconds if there is no more traffic between the two machines. 

Hybrid Connection - Azure

Microsoft Azure has introduced a new feature called Hybrid Connection. As its name suggests, it allows the azure hosted websites/mobile services to connect to on-premise resources. Though the term "Resources" is quite wide by its definition, Hybrid Connection allows the Azure hosted websites and mobile services to connect to services (e.g. websites, web services, SQL Server, Oracle database Server etc.) hosted on ports defined in the Hybrid Connection created on Azure.

So i thought of trying it out. It was a breeze. I used the tutorial available on Azure site to set up the connection. Then I created a simple website (used default website template of ASP.NET MVC) and added a simple code to read information from a database like following:

"DefaultConnection" pointed to my laptop. Needless to say it worked without any issue even though the stuff was running inside a transaction scope. Now that is not to be mistaken with distributed transaction. That does not work :). In fact even if you try to run two queries on same database, then things fail because DTC does not work over Hybrid Connection as of now. The below code fails.

In all essence, it is quite an interesting feature that can be used for simple websites or mobile services that simply need to access some remote services like intranet website or on-premise database server. 

I am sure that complex scenarios can be enabled but they will not be possible in a straight forward manner. For complex scenarios, recommended approach will to use site-to-site VPN, point-to-site VPN or something else.

Obvious Limitations of Hybrid Connection:

1. Only SQL Authentication works for SQL Server related communication. Obvious and sensible. 
2. Distribution transaction coordinator not supported.
3. Only supported in website and mobile services. Can not be used with Cloud Services.
4. Nothing that can not be exposed over a port can be used. e.g. File System.

ASP.NET database role provider for Azure Web Role application

When developing Microsoft Azure based Web applications, there can be cases when the application needs information about the user like Role, Age, other "Claim" etc. Ideal solution will be to plug-in Windows Identity Foundation (WIF) module and fetch the information from a trusted source e.g. your own ADFS installation, or a trusted third party etc. but chances are that you don't get to use it right away - either because the required implementation of that may not be available right away or using it in development environment is expensive.

In such cases, provider model of ASP.NET acts like a boon. You can plugin your custom role provider and implement the stuff based on roles/profile/claims and later on plug-in the actual provider. One example is to use AspNetSqlRoleProvider.

Set up the out of box authentication & authorization databases (by default named as "aspnetdb") by running the aspnet_regsql.exe present at .NET framework installation folder e.g. "C:\Windows\Microsoft.NET\Framework64\v4.0.30319". This launches a wizard and sets up a default database which can be used by AspNetSqlRoleProvider.

1. Create a "Cloud Web Role" application using Visual Studio's Cloud template.
2. Choose Windows Authentication when setting up the Web Application. I chose the ASP.NET MVC application for this sample but it can work with ASP.NET WebForms application too.
3. Change the Web.Config to use AspNetSqlRoleProvider (System.Web.Security.SqlRoleProvider) to associating roles to the user.
4. Use the out of the box Stored Procedures present in aspnetdb database e.g. "aspnet_Applications_CreateApplication", "aspnet_Roles_CreateRole", "aspnet_Users_CreateUser", "aspnet_UsersInRoles_AddUsersToRoles"  to add application, users, roles etc. 
5. Change the Global.asax.cs to ensure that user's identity is set to his/her windows identity in debug mode - you would want to change this later based on your requirements.
   
6. Change the home page to print if user belongs to a group.
   

Run the application in Azure Emulator and it should show the role information of the user. Quite useful.