We have multiple mobile apps which displays images, documents from azure blob storage. Right now these storage account blob containers are public, so our mobile apps can access. But now we want to restrict all these containers to private. I am looking for a generic solution where I will create .NET webapi's deploy to azure app service. This app service should talk to storage account and return the blobs/images/documents. All mobile apps should talk to app services instead of directly talking to Storage accounts.
If you could suggest the high-level overview on how to approach this?
We already have mobile apps directly talking to azure storage accounts.
Yes, it is a practicable plan. In this scenario, your container and blob could be private, and your web api can access them via Azure Storage SDK, and your mobile apps will be clients which need to get authorized to call your web api.
To utilize the Azure AD, you need to create two applications in Azure AD. One is a web application which represents the web api, and the other is a native application (or several apps) which represents the client.
There is an official sample for get-started with this: Samples, you may refer to it first.
Related
What is the difference between Azure blob storage static website and Azure Static Web Apps
There are lot of other benefits that comes with Azure static web apps that don't come with the static website which is hosted on blob storage.
Functions in the same repo.
TLS cert management (free!)
Automated preview environments
APIs that are scaled and hosted with your static content
Content and corresponding APIs logically versioned together
Simplified build and deployment process
UPDATE : Azure static web apps went GA since May 2021
Here is a great blog on the same.
I have been working on a nextjs based static web app which I am hosting on Azure wep apps. Azure static web app has lot of benefits as everyone mentioned above. I will try to list out some limitations. I hope these limitations will be addressed in future.
It supports only GitHub. I extensively use Azure Devops so, know I have tomaintain 2 repository hostings.
No way to configure CORS settings so, I cannot use the backend Azure functions from other client based web apps easily.
I couldn't figure out a way to access the deployed content on the server.
Azure Static Web Apps is a service that automatically builds and deploys full stack web apps to Azure from a GitHub repository.
Key features
Web hosting for static content like HTML, CSS, JavaScript, and
images. Integrated API support provided by Azure Functions.
First-party GitHub integration where repository changes trigger builds and deployments.
Globally distributed static content, putting content closer to your users.
Free SSL certificates, which are automatically renewed.
Custom domains* to provide branded customizations to your app.
Seamless security model with a reverse-proxy when calling APIs, which requires no CORS
configuration.
Authentication provider integrations with Azure Active Directory, Facebook, Google,
GitHub, and Twitter.
Customizable authorization role definition and assignments.
Back-end routing rules enabling full control over the content and routes you serve.
Generated staging versions powered by pull requests enabling preview versions of your
site before publishing.
Static Web Apps is free during preview.
for more info about static web apps visit: https://learn.microsoft.com/en-gb/azure/static-web-apps/
Azure blob storage for static web site
Since its uses blob storage you only pay for storage account. But Azure recommends using an App service with a general purpose V2 standard storage account.
IMO the cost for static web app might be slightly higher that the cost for storage account. Since you get additional benefits like Github, Authorization etc.
Another point is the SLA.
With Azure blob storage static website you can reach 99.99% of SLA but with Azure Static Web Apps you can only reach 99.95% of SLA
is it possible to manage apps and services from Azure AD B2C via APIs (REST etc.) for individual users?
The authorised AD applications should be managed later in a self-developed dashboard via APIs.)
Best regards
Using the rest API, you can manage All the App services and also Azure resources.
for example updating the Api service
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/hostingEnvironments/{name}?api-version=2019-08-01
API for App service Please refer to this document it may help
I am trying to create an app in Xamarin.Forms which can store photos and their description and names. In this app, there will be users and image loading will depends on account with what you signed in. I store images in storage accounts and its urls I store in Azure Easy Tables.
I want to ask that for saving names and descriptions I should use Azure Easy Tables or other Azure storage feature ? If I should use Easy Tables how can I load only specific data for specific user?
Thanks for your answers !!!
According to your description, I assumed that you are using Azure Mobile Apps for your mobile app backend. You could leverage Azure Mobile Apps server SDK to store related data which is stored under blob storage / file shares.
I want to ask that for saving names and descriptions I should use Azure Easy Tables or other Azure storage feature ? If I should use Easy Tables how can I load only specific data for specific user?
Azure Mobile Apps support two backend languages (C#,Node.js). For C# backend, you could follow the tutorials below to implement your requirement.
C# backend & Xamarin.Forms projects
App Service Mobile sample todo list client app with images
Connect to Azure Storage in your Xamarin.Forms app
Easy Tables are served by Node.js backend. For Node.js backend, Azure Mobile Apps have not provided the similar File Management server SDK as C# backend. Details, you could follow 30 DAYS OF AZURE MOBILE APPS.
For associating data with the specific user, you could follow adrian hall's book about Data Projection and Queries for C# backend, 30 DAYS OF ZUMO.V2 (AZURE MOBILE APPS): DAY 6 – PERSONAL TABLES for Node.js backend.
Is it possible to list out the cloud services for azure storage account with out using certification thumbprint . And also get the deployment ID for particular cloud service?
I have connected storage account(based on account key and account name) using azure storage client library and list out the tables and containers. My question is, displays the cloud services for particular storage account with out using certification.
Note: I saw rest api to list out the storage account and services using subscription id with certification.
I am waiting your response.
Is it possible to list out the cloud services for azure storage
account with out using certification thumbprint . And also get the
deployment ID for particular cloud service?
To achieve this, you would need to use Azure Service Management API and API calls need to be authenticated. Using X509 Certificate is one of them (which you don't want to use). Other way to achieve this would be to use Azure Active Directory. You can read more about it here: http://msdn.microsoft.com/en-us/library/azure/ee460782.aspx#bk_ad however authenticating API requests using Azure AD is more complicated than using a certificate IMHO.
Is it possible to use Azure Cloud Storage with Windows Azure websites?
All of the code samples for Cloud Storage that I have found use Azure Cloud Services with a Web role.
I am using RavenDB embedded so I need Azure Cloud Storage, right?
I am currently using Azure Cloud Services + Azure Cloud Storage.
PS. this is for a small personal website with almost no traffic.
Azure Cloud Storage (Blob, Tables etc.) are ordinary network service which uses REST protocol under the hood. The Cloud Storage services can be accessed from Azure Cloud services as well as Azure Websites. Also you can use Azure Cloud Storage from you on-premiss applications (however, due to network latency it might be a bit slower than from the cloud).
Azure Cloud Storage API (which you probably mentioned) seems to be the best option to use when on Azure Websites.
Please note that the same applies to Azure SQL - it can be used from Azure Cloud service as well as Azure Website (including on-premiss applications)