I was wondering how I could connect a mobile app created in ionic to azure, the app needs to interact with Dynamics CRM where all the data is. My guess is that I have to login via Azure AD , get the token, create API endpoints in Azure ( which service? ) or expose them, nd query the endpoint with the token.
Is this the right workflow?
thanx in advance
You're pretty much on the right track. You can host your API in an Azure App Service. You can also secure it by integrating Azure AD with your app service using your token. This tutorial walks through using a front-end and back-end app and securing communication with it. Since your already have a front-end, you can ignore those steps. Although the same is a .NET Core application, the same applies if you were to write your API in NodeJS or another language.
Hope this helps.
Related
I am designing an application that will consist of:
SPA written in React, deployed to an instance of Azure App Service
REST API written in .Net Core Web API, deployed to another instance of Azure App Service
Azure SQL Database in the same Azure tenant as the app services above
All these resources will be connected to the same instance of Azure AD (also in the same tenant).
Conceptually, I suppose the authentication could work roughly like this:
The user connection to the SPA and obtains an auth token
The token would then be passed to the API and then the API will use that token to authenticate the user to the SQL Database (this seems possible)
However, I have not been able to find any walkthroughs or other documentation that would demonstrate this seemingly straightforward way of implementing authentication. Seems like this is a typical enough scenario for it to be widely documented by bloggers or Microsoft itself, so not being able to find it makes me wonder if I am not thinking about this right, or maybe I am not looking in the right places.
Can someone please help me figure out what is the right way to approach this and point me to some online resources that could guide me through this?
Thank you!
It's much more common for the REST API to use its Managed Service Identity to obtain a token for Azure SQL Database, and use that. It's always been rare for web apps to use the browser user's identity to connect to SQL Server.
See, eg: Tutorial: Secure Azure SQL Database connection from App Service using a managed identity
I have created an Xamarin Android App with an Azure App Service back end. When I looked at securing the connection, I don't really care about individual users, but I want to make sure that only someone running my app can access the database. Is there a way to authenticate the app itself rather than individual users? What is the best practice in this scenario?
If you don't care about user, there are a few approaches and the security level may vary. If you want to simplify integration and deployment among Azure services, you should consider using Azure AD as an identity and access management in your entirely system. That said, your back-end and Xamarin app are authorized and authenticated via Azure AD. You need to register your native app in Azure AD which you can refer here https://learn.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-native-client
Another approach is to use certificate-based authorization against Azure Active Directory, which is more controlled and security rather than client secret. In this case, persons installing your app must also install certificate before sending request to Azure App Service and retrieve database from Azure SQL Database. The level of authorization is free of choice, but the first gateway is always Azure AD.
I have running the basic todoitem app service running on azure. Calling the below url will display the content in the todoitem table. How can I add basic security to prevent this data from being accessed by anyone, like a basic parameter, ToDoItem?MyToken=12345.
https://MyappService.azurewebsites.net/tables/ToDoItem
How can I add basic security to prevent this data from being accessed by anyone, like a basic parameter, ToDoItem?MyToken=12345.
I would recommend you using the build-in Authentication and authorization in Azure App Service.
App Service supports five identity providers out of the box: Azure Active Directory, Facebook, Google, Microsoft Account, and Twitter. To expand the built-in support, you can integrate another identity provider or your own custom identity solution.
Here are some great tutorials, you could refer to them:
For Node.js backend, you could follow 30 DAYS OF AZURE MOBILE APPS.
For developing azure mobile apps with C#, you could follow here.
I have already created a Documentdb database and now i should build a REST API on Azure with Node.js. I have read the documentation, but i did't understand it good enough.
Cloud services could be a good solution, but if i didn't misunderstand, it is Python and .NET based.
If i want to build a REST API and an user interface voor the REST API, which services should i better use? Web apps? API apps? Or any another product?
https://learn.microsoft.com/en-us/azure/app-service-api/app-service-api-nodejs-api-app
Per Azure's documentation,
An API app can take advantage of features offered by Web Apps and Mobile Apps. The reverse is also true: if you use a web app or mobile app to host an API, it can take advantage of API Apps features such as Swagger metadata for client code generation and CORS for cross-domain browser access. The only difference between the three app types (API, web, mobile) is the name and icon used for them in the Azure portal.
An API app and a Web app will equally work for you. Currently, all of Web, Mobile and API Apps are collectively called App Services. For most scenarios, Web Apps is the best choice.
More on this:
Azure Web API vs Web App
Differences between Azure App Services and Cloud Services
I developed a native app which sync Active directory using Azure graph api and the AD data is consumed by web and mobile apps. It is working fine.
But now my client wants to use same app for AD syncing purpose in another server which is may be windows server 2008 or below. Which is not support Azure platform as per clients technical team.
My question is that is there any way can I use same app without using azure platform or can is there any way can I use AD graph API in windows server? In else case I will need to do development from the scratch using LDAP.
Thanks in Advance
Currently, there is no way to "deploy" neither the Azure AD Graph nor the Microsoft Graph such that you can leverage the same code for on prem and the cloud. As you've indicated, you will need to either have two apps or have a fork in your code to call the Graph when running with Azure AD and do LDAP queries when running purely on prem.