How to share app settings between multiple Azure websites - azure

I have an application which has multiple websites, one for each logical function:
User-facing
Back end - receives web hooks etc
Other
The sites have a bunch of configuration info. appsettings variables and connection strings in common. Regardless of how I do configuration management, eg via the Azure Portal or scripted via Powershell I want to do as little repeat as possible to keep things simple and reduce opportunity for errors when deploying/ managing these configuration settings.
What recommendations are there for managing this?

I would recommend deploying the various sites using ARM Templates. You can then use the same deployment parameters for multiple sites to end up with each having the same app settings.
As an aside, please note that deployment slots do not share app settings. You have to apply them to each slot. So it's probably not a good candidate for your needs.

Related

Managing Azure Web Site Configutation

There are probably no less than 150 different configuration options for an instance/application of Azure App Service Web Apps. This is only part of the list and each of these items have various options and inputs.
Authentication/Authorization
Application insights
Managed service identity
Backups
Networking settings
Scaling settings
WebJobs
Push
MySQL in App
easy tables
data connections
API definitions
CORS settings
... etc, etc
From a configuration management perspective, how do I either source control these settings (preferred) in a config file or use a configuration management tool to manage them?
I don't see a way to define the individual apps in an ARM template.
My goal is to have a consistent and repeatable application configuration across multiple applications and prevent mistakes with manual setup.
Per my understanding, the settings you mentioned includes the whole configurations of the web app, like Deployment slots, Backups, etc.
AFAIK, you may not be able to control them(at least like Deployment slots, Backups,etc) via the ways you mentioned.
My goal is to have a consistent and repeatable application configuration across multiple applications and prevent mistakes with manual setup.
Currently, the closest way is to clone web app, you could use it via the portal or powershell, but it could not support clone the whole configurations in the web app even if you use it.
Also note: App cloning is currently only supported for premium tier app service plans.

Share connection strings between web apps in Azure

In Azure there's the possibility of storing the Connection Strings in the "Application Settings" section of the online portal. This overrides the value in the web.config, which is very useful.
The issue is that I am having multiple web apps in Azure that all use the same connection string, so I would like to have one common entry in the portal where I can set this and all the apps should use it. Is this intentionally not possible because is bad practice, have I missed it or is it just not possible?
Application settings are always defined for the IIS instance running behind the scenes for your application. If you have multiple web apps, then they need to have the same settings duplicated.
However, what you are looking for is known as the External Configuration Store pattern.
External Configuration Store pattern
This pattern describes the situation where you got multiple applications where each need to access the same configuration. In this pattern, this is accomplished by saving the settings externally, in e.g. an Azure Storage blob.
From the above link, highlighted your described usecase:
When to use this pattern
This pattern is useful for:
Configuration settings that are shared between multiple applications and application instances, or where a standard configuration must be
enforced across multiple applications and application instances.
A standard configuration system that doesn't support all of the required configuration settings, such as storing images or complex
data types.
As a complementary store for some of the settings for applications, perhaps allowing applications to override some or all of the
centrally-stored settings.
As a way to simplify administration of multiple applications, and optionally for monitoring use of configuration settings by logging
some or all types of access to the configuration store.

Azure Websites Application Insights - switching config

I have an Azure Website. For the sake of this question, the production version of the website runs on example.com, and a test version of the website runs on sandbox.example.com.
The only difference between the two is that they have different configuration.
At present, they are running under different websites, and I deploy the same website to each azure website via git.
I'd like to separate out the Application Insights data. Is there a technique or process that anyone uses - apart from editing the ApplicationInsights.config file in the sandbox environment post deploy?
Or would using a deployment slot handle this in some way?
There was a new blog post about exactly this today: Application Insights Support for Multiple Environments, Stamps and App Versions.
The destination of the telemetry is determined by the instrumentation
key (iKey), which is sent along with every telemetry message. In the
Application Insights portal, similar events and metrics with the same
iKey are aggregated to give you charts of average durations, event
counts, the sum of users, and so on. The iKey appears in two places in
your project. One is in ApplicationInsights.config:
<InstrumentationKey>94843456-2345-3456-4567-324562759284</InstrumentationKey>
If your application has web pages, the iKey also appears in a script
in the head of every web page. Usually, it’s only coded once in a
master page such as Views\Shared\_Layout.cshtml.
To direct telemetry to different application resources, we can create
several resources with different iKeys. Then we only have to change
the iKeys in the application at each transition in its lifecycle –
along with other configuration data such as connection strings,
certificates, and subscriptions.
The article then goes on how to do this in code, confg, etc:
1) Add iKey as a property in Web.config:
2) Instead of using the iKey from ApplicationInsights.config, we’ll
set it in the code. In global.asax.cs.
To avoid confusion, remove the <InstrumentationKey> node from
ApplicationInsights.config.
3) Configure the web pages to pick up instrumentationKey: "#Microsoft.ApplicationInsights.Extensibility.TelemetryConfiguration.Active.InstrumentationKey". This is
the script usually found in View\Shared\_Layout.cshtml.
4) Don’t forget to update your Web.config with appropriate iKey
configuration during the deployment process. You might devise a way of
setting it appropriately as part of your build, but I’ll leave that to
you.
Found this semi-related question: How to support multiple Azure subscriptions for a single application with application insights this is for using by cloud services, and it works!
Microsoft.ApplicationInsights.Extensibility.TelemetryConfiguration.Active.InstrumentationKey = ConfigurationManager.AppSettings["appInsightsKey"];
I have done this in my unity registertypes method, it works there.
In the Azure portal for websites, on the config tab there is a section called App Settings. You can put your different configuration settings here. When publishing, azure will inject those settings into web.config.
Then just use WebConfigurationManager.AppSettings as you would normally and it will pull the injected values.

How to do accounting in Azure properly

We started using Azure platform. Especially we are having issues in Web Sites platform. How we give different kinds of access to our development team.
Right now the development team could access the production deployment slots.
We need to be able specify the access to the system according to their roles in the organization.
Have your development team use their own subscription for development. That way, they never have access to your production environment. This is something I personally practice and recommend to customers.
This gives you the added benefit of also separating development and QA costs with your production deployment costs. In development, you may choose to use smaller and fewer instances (to control costs). Yet, in production, you may prefer larger and more instances (to meet demand). Having a separate subscription for each enables these options for you.
This is also an approach demonstrated in the Patterns and Practices Guide. It's a little dated and is in the context of Cloud Services (not Websites). But, the overarching principles still apply.
Microsoft has Role-Based Access Control in the roadmap for the new Azure portal but have not committed to any target dates.
If you're using Azure AD to manage Azure access there are some different roles available there.
Edit: Basic RBAC functionality was added to the new Azure Portal back in September.

Is it possible to deploy separate azure roles to different services when publishing via Visual Studio?

I have an azure project with two different web roles. I would like the different roles to be deployed to different services, not the same service. Is this possible, or do I need to create a separate azure project in visual studio?
You need to create a separate cloud service project. Although there might be a better way to accomplish your ultimate goal if you want to share more details about what you are trying to do. For example, you can host multiple sites within the same WebRole and use host headers to differentiate the traffic. This limits your scalability options (ie. you can't scale Website1 independently of Website2), but it can reduce costs if the load on the sites is low.

Resources