Azure App Service and Security Configuration

Azure App Service and Security Configuration

Published by: Dimitri 'Reverso Engineero' Chevkov
Published date: 27th Apr 2018
Categories:

Have you ever tried to provide a web service that eventually needed to communicate with CRM and some customer application? You probably have, so I would like to share with you how can you do this using Azure App Service.

Azure App Service Web Apps (or just Web Apps) is a platform-as-a-service (PaaS) that allows you hosting web applications, REST APIs, and mobile back ends. You can develop in your favourite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. So, let me show you in detail the steps of how to create and publish a service in azure.

Create an Azure App

Note: if you don’t have an Azure Account, please create a new one here

  1. Navigate to the Azure Portal and log in with your azure account, then click on App Services
    azure1
  2. Click on ‘Add/Web Apps/Create’
    Azure Account - blog showing how to create a new account in Azure
  3. Choose a Name, Subscription, Resource Group, OS and then click on Create
    azure3
  4. Within a few seconds your app will be created
    azure4

Deploying a Service

Once created the app service you’ll be able to publish your service there, it can be a web page, a WebApi service, a WCF or any other service that can be published on the web, in my example I will deploy a WebApi service.

  1. Create a new Project Web type WebApi in visual studio (I’m using VS2017)
  2. Open to your App Service on Azure, go through Overview section and click on ‘Get publish profile’
    azure5
  3. Back to Visual Studio and right click on your project and then select Publish
    azure6
  4. In the new screen select ‘Import profile/Publish’, then select the publish profile you have downloaded before
    azure7
  5. Wait a few seconds until the project is published on Azure
    azure8

Note: there are other ways to publish an app Service, for more information please visit the official Microsoft documentation clicking here

Security Configuration

By default, once the service is published it will be exposed as a public service, but there is a configuration in the App Service that you can apply the authentication security level, to do it please follow the steps below

  1. Go to your App Service and select ‘Authentication / Authorization’
    azure9
  2. Turn on the App Service Authentication option
  3. Change the option ‘Action to take when request is not authenticated’ to ‘Login with Azure Active Directory’
  4. In the option Authentication Providers, select ‘Azure Active Directory’
  5. In management mode select ‘Express’
  6. Create App, put the name of the Application (its need for Authentication OAuth)
    azure10
  7. On required permissions screen click on ‘Grant Permissions’ button and confirm the pop-up
  8. Click OK and Save (this action will create a new App Registration dedicated to your service)
    azure11
  9. Let your mouse over your profile and save the ‘Domain’ string, this is your ‘Tenant’
    azure12
  10. Now, click on ‘Manage Application/Settings/Keys’
    azure13
  11. Insert a description and select expires option to ‘Never Expires’, then save and copy the ‘Value’, this is your ‘ClientSecret’ (it’s necessary to do a connection by C#)
    azure14
  12. So, if you try to access your webservice, an authentication screen will be shown
    azure15
  13. After authenticating you will be able to access your service again
    azure16

Note: if you receive The following error after authenticating, go to the ‘AppRegistration/Settings/Reply URLs’ and add the URL callback from your service https://YOURSERVICE.azurewebsites.net/.auth/login/aad/callback

azure17

azure18

Accessing a webservice with Authentication activated

Now I’d like to show you 2 different examples of how call a service published in Azure App Services: WebApi and WCF.

WebApi

To access a webapi, for example the service created in the previous session, assuming that the ‘Authentication / Authorization’ option is enabled, you can use the code below to consume the service.

Note: I’m using a Console Application in all my examples

[code language=”csharp”]

using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System;
using System.Net;
using System.Net.Http;

static void WebApiConnection()
{
var clientCred = new ClientCredential(“a25cf618-1d72-4778-a5ab-XXXXXXXXXXX”, “XXXXXXXXJREZ2Tjp69QJ53dnXMDk2PWSbu54jA=”); //Update the App id and ClientSecret
var context = new AuthenticationContext(“https://login.windows.net/TENANT.onmicrosoft.com/oauth2/authorize”); //Update the Tenant
var result = context.AcquireToken(“a25cf618-1d72-4778-a5ab-XXXXXXXXXXX “, clientCred); //Update the Resource

string accessToken = result.AccessToken;

var request = new HttpRequestMessage(HttpMethod.Get, new Uri(“https://codecdemo.azurewebsites.net/api/values”)); //Update the endpoint
request.Headers.Add(“Authorization”, $”Bearer {accessToken}”);

using (var httpClient = new HttpClient())
{
var response = httpClient.SendAsync(request);
var returnValue = response.Result.Content.ReadAsStringAsync();

if (response.Result.StatusCode == HttpStatusCode.OK)
Console.WriteLine(returnValue.Result);
else
Console.WriteLine(response.Result.StatusCode + ” : ” + returnValue.Result);
}
}

[/code]

WCF

To access a WCF service published in the azure app service is a little different from the way we access a web service. We usually add a reference from a WCF service to our project by right clicking on folder ‘Service References’ and selecting ‘Add Service Reference…’

azure19

Then adding the WSDL URL on the Address and clicking on Go

azure20

However, if the ‘Authentication / Authorization’ is activated for this app service you’ll receive an error like the below,

azure21

The solution in this case is add the DLL from your WCF project in your client project as a normal reference, then you need to create a Channel between your code (with WCF interface reference) and the azure app service (endpoint address). See the example below,

[code language=”csharp”]

using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System.ServiceModel;
using System.ServiceModel.Web;
using WCFDemo;

static void WCFConnection() {
var clientCred = new ClientCredential(“a25cf618-1d72-4778-a5ab-XXXXXXXXXXX”, “XXXXXXXXJREZ2Tjp69QJ53dnXMDk2PWSbu54jA=”); //Update the App id and ClientSecret
var context = new AuthenticationContext(“https://login.windows.net/TENANT.onmicrosoft.com/oauth2/authorize”); //Update the Tenant
var result = context.AcquireToken(“a25cf618-1d72-4778-a5ab-XXXXXXXXXXX”, clientCred); //Update the Resource

string accessToken = result.AccessToken;
using (var channelFactorySecure = new ChannelFactory<IService1>(new BasicHttpsBinding(), new EndpointAddress(“https://service.azurewebsites.net/Service1.svc”)))
{
var client = channelFactorySecure.CreateChannel();

using (new OperationContextScope((IContextChannel)client))
{
WebOperationContext.Current.OutgoingRequest.Headers.Add(“Authorization”, $”Bearer {accessToken}”);
var returnedValue = client.GetData(1);
}
}
}

[/code]

So, that’s all for now folks! I hope this guide can help you to deploy your services in Azure.