Azure App Service and Security Configuration

Have you ever tried to provide a web service that eventually needed to communicate with CRM and some customer application? You probably have, so I would like to share with you how can you do this using Azure App Service.

Azure App Service Web Apps (or just Web Apps) is a platform-as-a-service (PaaS) that allows you hosting web applications, REST APIs, and mobile back ends. You can develop in your favourite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. So, let me show you in detail the steps of how to create and publish a service in azure.

Create an Azure App

Note: if you don’t have an Azure Account, please create a new one here

1. Navigate to the Azure Portal and log in with your azure account, then click on App Services
   
2. Click on ‘Add/Web Apps/Create’
   
3. Choose a Name, Subscription, Resource Group, OS and then click on Create
   
4. Within a few seconds your app will be created
   

Deploying a Service

Once created the app service you’ll be able to publish your service there, it can be a web page, a WebApi service, a WCF or any other service that can be published on the web, in my example I will deploy a WebApi service.

1. Create a new Project Web type WebApi in visual studio (I’m using VS2017)
2. Open to your App Service on Azure, go through Overview section and click on ‘Get publish profile’
   
3. Back to Visual Studio and right click on your project and then select Publish
   
4. In the new screen select ‘Import profile/Publish’, then select the publish profile you have downloaded before
   
5. Wait a few seconds until the project is published on Azure
   

Note: there are other ways to publish an app Service, for more information please visit the official Microsoft documentation clicking here

Security Configuration

By default, once the service is published it will be exposed as a public service, but there is a configuration in the App Service that you can apply the authentication security level, to do it please follow the steps below

1. Go to your App Service and select ‘Authentication / Authorization’
   
2. Turn on the App Service Authentication option
3. Change the option ‘Action to take when request is not authenticated’ to ‘Login with Azure Active Directory’
4. In the option Authentication Providers, select ‘Azure Active Directory’
5. In management mode select ‘Express’
6. Create App, put the name of the Application (its need for Authentication OAuth)
   
7. On required permissions screen click on ‘Grant Permissions’ button and confirm the pop-up
8. Click OK and Save (this action will create a new App Registration dedicated to your service)
   
9. Let your mouse over your profile and save the ‘Domain’ string, this is your ‘Tenant’
   
10. Now, click on ‘Manage Application/Settings/Keys’
    
11. Insert a description and select expires option to ‘Never Expires’, then save and copy the ‘Value’, this is your ‘ClientSecret’ (it’s necessary to do a connection by C#)
    
12. So, if you try to access your webservice, an authentication screen will be shown
    
13. After authenticating you will be able to access your service again
    

Note: if you receive The following error after authenticating, go to the ‘AppRegistration/Settings/Reply URLs’ and add the URL callback from your service https://YOURSERVICE.azurewebsites.net/.auth/login/aad/callback

Accessing a webservice with Authentication activated

Now I’d like to show you 2 different examples of how call a service published in Azure App Services: WebApi and WCF.

WebApi

To access a webapi, for example the service created in the previous session, assuming that the ‘Authentication / Authorization’ option is enabled, you can use the code below to consume the service.

Note: I’m using a Console Application in all my examples

[code language=”csharp”]

using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System;
using System.Net;
using System.Net.Http;

static void WebApiConnection()
{
var clientCred = new ClientCredential(“a25cf618-1d72-4778-a5ab-XXXXXXXXXXX”, “XXXXXXXXJREZ2Tjp69QJ53dnXMDk2PWSbu54jA=”); //Update the App id and ClientSecret
var context = new AuthenticationContext(“https://login.windows.net/TENANT.onmicrosoft.com/oauth2/authorize”); //Update the Tenant
var result = context.AcquireToken(“a25cf618-1d72-4778-a5ab-XXXXXXXXXXX “, clientCred); //Update the Resource

string accessToken = result.AccessToken;

var request = new HttpRequestMessage(HttpMethod.Get, new Uri(“https://codecdemo.azurewebsites.net/api/values”)); //Update the endpoint
request.Headers.Add(“Authorization”, $”Bearer {accessToken}”);

using (var httpClient = new HttpClient())
{
var response = httpClient.SendAsync(request);
var returnValue = response.Result.Content.ReadAsStringAsync();

if (response.Result.StatusCode == HttpStatusCode.OK)
Console.WriteLine(returnValue.Result);
else
Console.WriteLine(response.Result.StatusCode + ” : ” + returnValue.Result);
}
}

[/code]

WCF

To access a WCF service published in the azure app service is a little different from the way we access a web service. We usually add a reference from a WCF service to our project by right clicking on folder ‘Service References’ and selecting ‘Add Service Reference…’

Then adding the WSDL URL on the Address and clicking on Go

However, if the ‘Authentication / Authorization’ is activated for this app service you’ll receive an error like the below,

The solution in this case is add the DLL from your WCF project in your client project as a normal reference, then you need to create a Channel between your code (with WCF interface reference) and the azure app service (endpoint address). See the example below,

[code language=”csharp”]

using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System.ServiceModel;
using System.ServiceModel.Web;
using WCFDemo;

static void WCFConnection() {
var clientCred = new ClientCredential(“a25cf618-1d72-4778-a5ab-XXXXXXXXXXX”, “XXXXXXXXJREZ2Tjp69QJ53dnXMDk2PWSbu54jA=”); //Update the App id and ClientSecret
var context = new AuthenticationContext(“https://login.windows.net/TENANT.onmicrosoft.com/oauth2/authorize”); //Update the Tenant
var result = context.AcquireToken(“a25cf618-1d72-4778-a5ab-XXXXXXXXXXX”, clientCred); //Update the Resource

string accessToken = result.AccessToken;
using (var channelFactorySecure = new ChannelFactory<IService1>(new BasicHttpsBinding(), new EndpointAddress(“https://service.azurewebsites.net/Service1.svc”)))
{
var client = channelFactorySecure.CreateChannel();

using (new OperationContextScope((IContextChannel)client))
{
WebOperationContext.Current.OutgoingRequest.Headers.Add(“Authorization”, $”Bearer {accessToken}”);
var returnedValue = client.GetData(1);
}
}
}

[/code]

So, that’s all for now folks! I hope this guide can help you to deploy your services in Azure.