Azure App Service and Security Configuration
Have you ever tried to provide a web service that eventually needed to communicate with CRM and some customer application? You probably have, so I would like to share with you how can you do this using Azure App Service.
Azure App Service Web Apps (or just Web Apps) is a platform-as-a-service (PaaS) that allows you hosting web applications, REST APIs, and mobile back ends. You can develop in your favourite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. So, let me show you in detail the steps of how to create and publish a service in azure.
Note: if you don’t have an Azure Account, please create a new one here
Once created the app service you’ll be able to publish your service there, it can be a web page, a WebApi service, a WCF or any other service that can be published on the web, in my example I will deploy a WebApi service.
Note: there are other ways to publish an app Service, for more information please visit the official Microsoft documentation clicking here
By default, once the service is published it will be exposed as a public service, but there is a configuration in the App Service that you can apply the authentication security level, to do it please follow the steps below
Note: if you receive The following error after authenticating, go to the ‘AppRegistration/Settings/Reply URLs’ and add the URL callback from your service https://YOURSERVICE.azurewebsites.net/.auth/login/aad/callback
Now I’d like to show you 2 different examples of how call a service published in Azure App Services: WebApi and WCF.
To access a webapi, for example the service created in the previous session, assuming that the ‘Authentication / Authorization’ option is enabled, you can use the code below to consume the service.
Note: I’m using a Console Application in all my examples
[code language=”csharp”]
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System;
using System.Net;
using System.Net.Http;
static void WebApiConnection()
{
var clientCred = new ClientCredential(“a25cf618-1d72-4778-a5ab-XXXXXXXXXXX”, “XXXXXXXXJREZ2Tjp69QJ53dnXMDk2PWSbu54jA=”); //Update the App id and ClientSecret
var context = new AuthenticationContext(“https://login.windows.net/TENANT.onmicrosoft.com/oauth2/authorize”); //Update the Tenant
var result = context.AcquireToken(“a25cf618-1d72-4778-a5ab-XXXXXXXXXXX “, clientCred); //Update the Resource
string accessToken = result.AccessToken;
var request = new HttpRequestMessage(HttpMethod.Get, new Uri(“https://codecdemo.azurewebsites.net/api/values”)); //Update the endpoint
request.Headers.Add(“Authorization”, $”Bearer {accessToken}”);
using (var httpClient = new HttpClient())
{
var response = httpClient.SendAsync(request);
var returnValue = response.Result.Content.ReadAsStringAsync();
if (response.Result.StatusCode == HttpStatusCode.OK)
Console.WriteLine(returnValue.Result);
else
Console.WriteLine(response.Result.StatusCode + ” : ” + returnValue.Result);
}
}
[/code]
To access a WCF service published in the azure app service is a little different from the way we access a web service. We usually add a reference from a WCF service to our project by right clicking on folder ‘Service References’ and selecting ‘Add Service Reference…’
Then adding the WSDL URL on the Address and clicking on Go
However, if the ‘Authentication / Authorization’ is activated for this app service you’ll receive an error like the below,
The solution in this case is add the DLL from your WCF project in your client project as a normal reference, then you need to create a Channel between your code (with WCF interface reference) and the azure app service (endpoint address). See the example below,
[code language=”csharp”]
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System.ServiceModel;
using System.ServiceModel.Web;
using WCFDemo;
static void WCFConnection() {
var clientCred = new ClientCredential(“a25cf618-1d72-4778-a5ab-XXXXXXXXXXX”, “XXXXXXXXJREZ2Tjp69QJ53dnXMDk2PWSbu54jA=”); //Update the App id and ClientSecret
var context = new AuthenticationContext(“https://login.windows.net/TENANT.onmicrosoft.com/oauth2/authorize”); //Update the Tenant
var result = context.AcquireToken(“a25cf618-1d72-4778-a5ab-XXXXXXXXXXX”, clientCred); //Update the Resource
string accessToken = result.AccessToken;
using (var channelFactorySecure = new ChannelFactory<IService1>(new BasicHttpsBinding(), new EndpointAddress(“https://service.azurewebsites.net/Service1.svc”)))
{
var client = channelFactorySecure.CreateChannel();
using (new OperationContextScope((IContextChannel)client))
{
WebOperationContext.Current.OutgoingRequest.Headers.Add(“Authorization”, $”Bearer {accessToken}”);
var returnedValue = client.GetData(1);
}
}
}
[/code]
So, that’s all for now folks! I hope this guide can help you to deploy your services in Azure.