I want to send daily email with my application.
Background
My application has web.api which created .net core & published on Azure app api (Paas).
API has it's own authentication mechanism(JWT token) & it's used dependancy injection. It read configuration value ex. Database, Redis cache, bob storage connection string from Azure key vault
Solution
1)If i create new console application and set in web job. I have to do lot of coding for dependnecy injection and have to integrate azure valut.
2)Can i create web api in current api project but how to ensure security only azure web job can call api.
same question ::Securely calling a WebSite hosted Web API from an Azure WebJob
As you mentioned that we could use the Azure scheduled WebJob to send daily mail. Send mail demo code please refer to another SO thread.
Can i create web api in current api project but how to ensure security only azure web job can call api.
We need to use our authentication way to security our WebApi. And Azure also supply multiple ways to help us protect our WebApp. We can get more info about
Authentication and authorization for API Apps in Azure App Service from document.
Related
I am new to azure functions.
I created a ReactApp and used the graph API to get information about users registered in Azure ADB2C.
At this time, a client credential flow was used, but user information could not be obtained due to a CORS error.
Previous Idea(CORS error): ReactApp↔graphAPI↔Azure ADB2C
So I thought of using Azure functions.
First, ReactApp calls azure functions as an API.
Next, call the graphAPI in the azure functions.
At this point, we want to use the client credential flow.
Then, the user data of Azure ADB2C can be obtained because the graphAPI was used.
This user data is returned to Azure functions so that it can be used in ReactApp.
My Idea: ReactApp↔Azure functions ↔ graph API ↔ Azure ADB2C
Is this feasible?
If it is possible and you have a sample, please let me know.
Thanks for reading.
• Yes, you can surely do the same as per what you have stated in your post. You can surely deploy a react app in Azure functions and trigger a graph API query from the function to an Azure AD B2C tenant. To do so, you will have to first deploy an Azure Static Web app in Azure, then build and deploy it through a workflow in Github by creating a repository there, then create an Azure function API for the react app deployed. This Azure function service provides serverless APIs which allows you to focus on your TypeScript code and not have to configure a full back-end web server.
• Once done, then connect the react client app to Azure function API. The Azure static web app resource deployed earlier provides a proxy between the react client and the Azure function API. Hence, while deploying the above, I would suggest you to please follow the below Microsoft documentation link and its subsequent article series for the said above resources.
https://learn.microsoft.com/en-us/azure/developer/javascript/how-to/with-web-app/static-web-app-with-swa-cli/introduction
Please follow the series of documentation articles stated above till the end of connecting the react client to Azure function API. Once done, then register an application in Azure AD B2C for authentication purposes and copy the application’s required credentials like the client ID, tenant ID, tenant name and client secret for inserting these details in the HTTP trigger function API created earlier. Also, give the registered application in Azure AD B2C the required application permissions of ‘User.ReadWrite.All’ for the Microsoft Graph API. Ensure that you are adding the ‘Microsoft.Identity.Client’, ‘Microsoft.Graph.Auth’ and ‘Microsoft.Graph.Beta’ nuget packages to your Azure function solution created earlier. Then modify the constant parameters and variables in the Azure solution code file as in the below snapshot: -
• Once the above has been done successfully, you can then test the deployed solution through ‘Postman’ application API as well as by redirecting to the react app page there by triggering a HTTP response in the function API which will ensure that you read the logged in Azure AD B2C user in the react app. For detailed information on the above-mentioned configuration, I would suggest you to please go through the video link below as it perfectly describes your condition in detail: -
https://www.youtube.com/watch?v=4uJHSwA-TZE
We have a Web API hosted in Azure as an Azure Web App. This API requires an access token from our Azure AD to authenticate. This API works when triggered via http from a client application. However, we need to trigger this API to run on a schedule as well and thought Power Automate would be a useful tool here as we can schedule an authenticated http request (but are open to alternative solutions).
This is the basic flow we were considering:
We have registered the Power Automate flow as an App Registration in our Azure AD, we get a valid access token, however, when we call the API I can see from Application Insights that we are getting an Unauthorized Error because neither scope nor roles are specified in the token claims. How can we call this Azure AD Protected API from Power Automate?
Note:
We are not using azure functions to schedule this job because we
require a predictable IP and we already have a Azure App Service
Plan to host this API.
We need this API to run on a schedule, but also be triggerable via
http
We have tested this in our local environment, it is working fine. The below statements are based on our analysis.
We have created a Web app (running with .NET 6 as run-time stack & windows OS), enabled Application insights & published a sample web application which has 2 pages(home, privacy) from our local Visual Studio code 2022.
In order to call one of the web app pages (privacy) from the Power-automate HTTP trigger, we have enabled Authentication to the web app which has created app registration in the Azure AD with User.Read as Delegated Permission.
Post enabling the Authentication, we are able to call the web app privacy page from power-automate without any issue. All the requests that were triggered from power automate are showing success in the application insights as well.
Here is the sample output for reference:
In the below screenshot, using HTTP trigger we have called the webapp & requested got success even in application insights as well.
Note:
We would suggest you to check whether you have given the correct client id , secret values & app registration permissions (User.Read) in HTTP trigger of power-automate.
I am writing an auto deployment service and I am already able to create my App Service resource via ARM Template using the ARM API but now I need to deploy the content there, Im planning use the Kudu Zip deployment API (https://github.com/projectkudu/kudu/wiki/Deploying-from-a-zip-file) but Im missing how to set or get the deploy username and password automatically through some api based process (not using the UI).
I know the site credentials are actually account-tied users, if you know a different kind of credential can be used to deploy, please point me the direction that would allow me release without a specifc person-oriented credential (an app credential instead)
If you want to get the publish credentials, you could use the
Web Apps - List Publishing Credentials Rest API to do that.
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/config/publishingcredentials/list?api-version=2016-08-01
About how to call the Azure Resource Manager REST API, please refer to this tutorial.
We also could use Azure SDK to get the publish credentials. For more information about how to use Kudu API or Azure SDK to get the publish credential, please refer to another SO thread.
I have an ASP.Net Core 2.0 Web App running in an App Service in Azure that has social login configured (Google & Microsoft) according to the following docs:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins?tabs=aspnetcore2x
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?tabs=aspnetcore2x
I also have an Azure Function app that gets triggered when a message is written to an Azure Queue. I would like this function app to post the message to a Web API (Controller Action) that is running on the web app above.
How would I go about authenticating from the function app to the web API method? Would I need to somehow call the Azure AD endpoint to get a token for a given username/password?
Ideally, I would want to limit who can call this API method to just a single user account that the function app would use. Alternatively, can I somehow use the new Managed Service Identity feature to authenticate the function app against my web API method in my web app above?
Sorry, am new to API authentication, so just trying to figure out the simplest approach.
I have a Azure Enterprise subscription, I am developing a Asp.Net MVC Web app and have following questions
My Web app will maintain user store, & authenticate users against it, It will also check user access rights and accordingly pull azure resources available for him. I just have one Azure subscription and the user logged in is not configured on Azure.
Is it possible to impersonate user i.e. I have azure subscription for Mr X. my Application user store has users A, B, C (they dont have azure subscription) - User A logs in to my web App and my web app invokes Billing and Usage API using mr X credentials. pulls the data and display only mr A specific usage data.
I know this is bit off tract requirement but my client is looking out for this scenario. they want user management on Custom App and not on azure. Please guid.
Your MVC webapplication hosted in azure has normally nothing to do with the users on your azuresubsciption. In your case you just need a the application to access the data in your subscription with the rest API. You can find more info on how you can authenticate your application to the API Management REST. Then you can use the API to get information out of azure.