We are working on a multi-tenant web application (ASP.NET, MVC, C#) which is going to host in Azure App Service. Each tenant will have separate DB and separate Azure Storage account for store files.
I have gone through MSDN article on Enabling Storage Logging. But according to it Application Logging on Blob Storage cannot keep per Tenant.
My question is,
Is there a way to configure multiple Blob storages and write log
entries to them?
If not, Is there any way to handle this using code?
Is there any logging framework (Nlog, Log4Net etc) support for multiple azure storage accounts?
If you want to log into storages linked to tenants you would probably have to handle it in code. E.g. keep track of tenant id in the requests and being able to resolve storage wrapper with appropriate connection string.
I would recommend you to take a look at Azure OMS Log Analytics. Just create log records with tenantId and push it to OMS. All your logs will be at the same place and you'll be able to query logs by tenant (where tenantId=123) or by type e.g. "error".
Documentation
Related
I'm trying to achieve completely "serverless" status for my app with some simple CRUD operations, so my current approach is Blazor WASM on front-end and CosmosDB as records storage. I've configured AAD (Azure Active Directory) authentication in my Blazor App, and as for now, I'm wondering, if there is any way to to restrict CosmosDB client in Blazor to read only records which belongs to current user specifically (each record has UserId field)?
So, the main thing that I want to know, if it is possible at all?
Because I've found a plenty of different documentation, but because of lack of experience with Azure, I can't completely figure it out.
Thank you in advance!
P.S. The main solution I would like to approach - completely avoid any backend (API/servers/Azure Functions), because I really want to make it just Client App <-> CosmosDB, and AFAIK Firebase with JavaScript FrontEnd allows to do such a trick, but I'm interested in Azure-specific solution here
I don't have a simple walkthrough for Blazor, but overall the process would be similar to this guidance: Authenticate Users with an Azure Cosmos DB Document Database and Xamarin.Forms but it requires setup of an API service to broker the connections, which you specifically have asked to avoid.
If you didn't use an automated Resource Token Broker then in your logic somewhere you would need to store a map of somekind to resolve the Cosmos DB Resource Tokens for the logged in user.
In the following guidance, replace Xamarin with Blazor and Facebook with Azure AD:
On login, the Blazor WASM contacts Azure App Service to initiate an authentication flow.
Azure App Service performs an Open Auth flow with Azure AD. After the authentication flow completes, the Blazor WASM receives an access token.
The Blazor WASM uses the access token to request a resource token from the resource token broker.
The resource token broker uses the access token to request the user's identity from Azure AD. The user's identity is then used to request a resource token from Cosmos DB, which is used to grant read/write access to the authenticated user's partitioned collection.
The Blazor WASM uses the resource token to directly access Cosmos DB resources with the permissions defined by the resource token.
We have active directory in place which runs internally (a server on our own company network).
We also have a web app hosted in Azure (entirely separate to our own network obviously), which all works - but we've now introduced functionality into it that means we need to authenticate.
Rather than roll out a separate membership implementation, is it possible the app in the cloud can offer login features which integrate with our own network's AD remotely?
What's involved in this?
Is it made easier if we move our AD to Azure?
Definitely It will much easier if you move to Azure. You can follow the Configure your App Service app to use Azure Active Directory sign-in doc which discuss about this in detail.
You can look at Hybrid Identity and Azure AD Connect
Many organizations run into a similar scenario where they are already using an on-premises identity system (like Active Directory) and now want to utilize cloud based capabilities.
Hybrid identity can help especially when you have a mixture of on-premises and cloud based applications that are being accessed by same set of users (or identities)
There is a bit of setup involved with Azure AD Connect and multiple options available that you'll need to choose from depending on more specific requirements.
Amongst the different options, I have seen the Federation option work quite well in a few cases (doesn't mean you have to go with exactly this option, pick what works best as per your case).
In this case an organization that already had applications working with on-premises Active Directory, now takes Azure subscription(s) and Azure Active Directory tenant, which adds a verified domain that federates to the on-premises Active Directory (using Azure AD Connect and ADFS).
This way on-premises applications can continue to use Active Directory. At the same time newer cloud based applications trust Azure Active Directory tenant, which can federate the authentication process to on-prem infrastructure (after the right setup).
Once you have the right setup, Azure hosted web-app can trust Azure Active Directory which in turn works with on-premises AD.
You haven't mentioned which Azure service you're using to host the web app, a PaaS service like an Azure App Service or simply using Azure IaaS like a VM (or scaleset). You should be able to work with Azure Active Directory in all options AFAIK, but feel free to add more details in case you face issues.
I am new to Azure and trying to get the data from Azure table storage. I am able to read it using c# code and do all CRUD operations. But I am looking for built in REST API from azure storage? Is it available?
Below article says that we need to write our own service and deploy.
https://blog.kloud.com.au/2016/06/09/using-microsoft-azure-table-service-rest-api-to-collect-data-samples
But this require me to have IIS ?? or do I have to write app service in c#??
I want JSON because I want to read it from android app but I do not want to use azure android SDK. I want pure REST API
This article http://chrisrisner.com/Mobile-Services-and-Windows-Azure-Storage is close but it's recommending me create SQL Azure database!! so I am confused.
Based on your requirement, I would recommend you go Shared Access Signature (SAS) route. In short, a SAS is a time-limited/permission-based access to your Azure Storage resources. This removes the need for you to store the storage access key in your application as it poses a major security risk and some other issues.
To read more about SAS, please see this link: https://azure.microsoft.com/en-in/documentation/articles/storage-dotnet-shared-access-signature-part-1. This should give you some idea about what is possible with SAS.
Here's how it would work. There will be a server component which will know about the account key. Your app would request this server component to generate and return the SAS URL. It is recommended that you only grant the necessary permissions and only for the required duration in the SAS.
Once your app has the SAS URL, they can simply make HTTP requests directly to Azure Storage by using this SAS URL and get the data back directly from Azure Tables in JSON format. For example, if you want to fetch entities from a table you would make Query Entities REST API call: https://msdn.microsoft.com/en-us/library/azure/dd179421.aspx.
To learn more about SAS, please see this link as well: https://msdn.microsoft.com/en-us/library/azure/ee395415.aspx.
I do not want to store storage key inside android app.
This app is just showing the temperature from a azure storage which is real time pushed by event hub from device to table storage
Regardless your requirement is simply, and it is correct that we don't recommend to expose your storage key in clients. However, to provide table storage entities to your clients, we still need a backend server.
If you have an Azure Mobile Apps server as a backend server for your devices, you can directly integrate Azure Storage SDK in custom APIs to provide table storage entities for your devices. Refer to https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-dotnet-backend-how-to-use-server-sdk/#how-to-define-a-custom-api-controller for more.
If you don't have an Azure Mobile Apps, you can leverage Auzre Function Apps for you simple requirement, whose environment has automatically added the assembly Microsoft.WindowsAzure.Storage, please refer to https://azure.microsoft.com/en-us/documentation/articles/functions-reference-csharp/ for more.
I have code that parses 100 to 200 html webpages using HtmlAgilityPack every hour. I am collecting the parsed data and I am making an xml file which would then be consumed by users.
Now I want to move this code to Azure. Would it be possible to parse websites on Windows azure? If so: what kind of service provided by Azure should I use?
I am not familiar with Azure. Any hints would be appreciated. Thanks.
Azure offers you a couple of solutions:
IaaS
IaaS or Infrastructure as a Service. This means that you get the infrastructure from Azure and that you can host your own virtual machine on it. This does require you to maintain the server yourself but you get full flexibility.
PaaS or Platform as a Service. This not only gives you a VM to run your code on but also an operating system that is automatically maintained for you. This is what Azure is really about and what you should aim for.
When creating a PaaS application you can choose for a regular website or for a cloud service. A cloud service contains roles, web roles and worker roles. Web roles are regular IIS hosted websites. Worker roles are the Azure equivalent of a Windows service.
In your case I would look at worker roles. They can run continually and are ideal for exeucting scheduled operations. From your worker role you can access Azure Blob storage to store the XML files that you create. Those files can be exposed to external users in a secure way.
Windows Azure is a hosting environment. According to what kind of project you created, you may be looking for a Cloud Service, where you can just host any code you've written.
Can you use the Azure DiagnosticMonitor in an Azure Web Site (not a web role) ? Or does it need a compute role?
No,
Azure DiagnosticsMonitor is only for Web/Worker Roles. Diagnostic in Azure WebSite is common as for any web application. As Azure WebSites use persistent storage, you can safely write a log file (having in mind you are using multi-threaded environment like in any ASP.NET/or any web application). More, you can configure additional diagnostics options in the "Configure" tab of the WebSite:
You can turn on Detailed Error Messages + Failed Request Tracing. You can download the Failed Request logs from the FTP server of your site.
You can use log4net for detailed error/trace logging in your web application (if it is ASP.NET). Some tutorial here.
No, You can't use Windows Azure Diagnostics (DiagnosticsMonitor) in an Azure Website. You would need to use a compute role for that.