I have a front-end MVC application in a web role, protected by WIF and ACS, and I would like my Azure application to display only an open surface. It connects to several back-end services, some work roles and some (for the convenience of adding service links to VS or because of the use of WCF service web roles). Back-end service roles have only internal endpoints.
My understanding from the MS literature is that internal endpoints are only available for other roles with the same deployment. With this in mind, it seems unnecessary to use any kind of transport or message security or authentication between the MVC web role and the back-end services, which seems to be due to the fact that https is not available for internal endpoints.
My question is: how safe is it? Is there any way for the endpoint to be detected by anything other than one of our expanded roles? Is there any reason to add extra security to any of the mutual bindings?
azure
Jcfx
source share