I'm new to azure, and I'm trying to setup a single page website(web api 2). How can I limit access to my services so only my website can use it?
I know that I can use app services to setup my web applications/services but as far as i understand it will be open to everyone.
I also read about APIs, but Api management service seems very expensive and advanced for such a simple task. Is there any options? Am I in the wrong track?
Update
Ok, I saw the link for filtering based on IP. But as I've mentioned that single page application also is hosted on Azure. There is no static IP. If that is the way, I still need to know how you will find out about the IPRange.
App Service to use different authentication providers Azure Active Directory,Facebook,Google,Microsoft,Twitter.
We can set any type of Authentication/Authorization in the Azure Portal.More info about how to use authentication for API Apps in Azure App Service, please refer to document.
Related
I have my domain on namecheap and website on azure app service. I need to know if azure provide any api or any method by which i can add custom domain to my app service (where my website is) by not going on portal by doing some code. My website is on c#, so if c# provide any such sdk's or something where i can achieve this thing will be great
Not really sure what you are intending here, in my opinion the custom domains need to be configured on the namecheap side not the azure side, but just in case I am wrong have a look at these
https://github.com/uglide/azure-content/blob/master/articles/app-service-web/web-sites-custom-domain-name.md
https://github.com/uglide/azure-content/blob/master/articles/dns/dns-web-sites-custom-domain.md
There is a requirement to have a common web api application to service 3 different MVC web applications. These client web applications have their own databases and own authentication implementations. How do we configure the web api application to provide access to a set of APIs to web app 1 alone and deny to all other web apps, similarly for web app 2 and so on? In other words, is there a way to 'register' each web app with the web api service and also build in a mechanism through which the web app is only allowed access to a set of endpoints? Thanks for all the help..
There are a handful of ways of solving this
Host multiple WebAPI servers in a single process to effectively meet your requirement while making your project easier to organize
Use Authentication and Authorization filters to customize how requests are accepted, denied, and routed
Using a router and/or switch at the hardware level, create a blacklist/whitelist combined with a reverse proxy (beware of MAC spoofing, etc, with this solution)
Use dependency injection to add abstraction to the process and to remove the ability to specify a custom endpoint in an unintended manner programmatically; this solution will only work if you control the client code, however
From the sound of it, the issue you're describing doesn't seem like one regarding the visibility of the endpoints, but of the access control to leverage them. If I'm wrong, please let me know in a comment and I'll update my answer.
My Google-foo is failing me here... most likely a terminology thing.
Basically, I'm making a desktop (and likely mobile) application that connects to a REST API that returns JSON. I've created a C# class library that handles the the data querying in my local project however this would expose my API key if I were to publish it.
I would like to know what are the appropriate options for simply running a small service in Azure that takes a web request, queries the API and passes the JSON response back. Something lightweight, decently scalable.
Is this something a web role or worker role is good for? Is this something I really should learn Node.js for?
I asked a similar question a few years back: Keeping a secret key secret with Amazon Web Services
One reasonable solution is to build a simple service that returns the headers and url to use when communicating with the authenticated service. Your API key remains secret because it only lives in your service, but the clients can leverage the API key by getting the encrypted request from your service and then making the request for the actual work.
I haven't personally looked into the Azure API App Service, but a brief browse of the main website suggests that it, too, may be relevant to your interests. :)
Check out Azure Mobile Apps. Azure Mobile Apps is a "backend as a service" platform. With Mobile Apps you can easily store information into a SQL Database and expose custom API methods. It is a great place to start and has SDKs for connecting iOS, Andriod, Xamarin, and HTML apps.
As for security, the Mobile service has options to protect the data from allow anonymous access to requiring each user to authenticate.
I followed this Microsoft Azure Mobile Service Authentication Tutorial, to try to add a server authentication function for my Windows Store C# app. However, after completing every step, when I run my app, it showed that the application cannot connect to the service.
I found this useful blog tallking about troubleshooting Azure Authentication issues in Azure Mobile Service. To troubleshoot, I type the link in the firefox web browser: myServiceUrl/login/aad, but I receive the error response:
Authorization has been denied for this request.
I also followed the same tutorial to test with Google Log in. It turns out to work properly. And when I type the link: myServiceUrl/login/google, the web browser directed me to the google log in page, unlike the Unauthorization error message when I type in myServiceUrl/login/aad.
Although google log in works out fine, but it is desired for us to use Azure Active Directory authentication. Could anyone tell us what could possibly be wrong? Any troubleshooting suggestions are also appreciated. Thank you.
The "Application cannot connect to the service" error comes from whenever the Web Authentication Broker in Windows receives an error response from the resource it is trying to reach. There are a couple of issues that can cause this, and I'll try and address the most common ones.
I noticed the tutorial you linked to is for the .NET backend. If you are using the Mobile Services .NET backend, there is an extra step required to configure the AAD server flow, and it's a common cause of the issue being described. In the tutorial, it's under the title "Configure your .NET mobile service for AAD login." On the backend project, you will need to install the Mobile Services .NET Backend Security Extension NuGet package. Then, in WebApiConfig.cs, you will need to include
options.LoginProviders.Remove(typeof(AzureActiveDirectoryLoginProvider));
options.LoginProviders.Add(typeof(AzureActiveDirectoryExtendedLoginProvider));
This allows the runtime to use the server flow in addition to the client flow (leveraging the Active Directory Authentication Library) which was first released with the .NET backend.
Pending that, or in the case of the Node runtime, the next thing to do is check the AAD configuration. In the AAD portal, make sure that your application registration uses your mobile service's /login/aad endpoint for the resource URI. It must match exactly the value provided in the Mobile Services portal. This should also be one of the redirect URIs if you are using the Node backend. For .NET, you would use the /signin-aad endpoint for the redirect URI instead.
You should also check that you have copied the Client ID from the AAD registration and pasted it into the Mobile Services portal's Identity Tab. For completeness, the "Allowed Tenants" field should also be filled out, but I don't believe it is the cause of this issue.
Lastly, if your AAD tenant is federated with ADFS, then there is a wide range of issues that could lead to this. The biggest case comes from the WAB needing to be configured for Enterprise Authentication. This typically only causes problems when the device is domain joined / on the corporate network. That behavior is a known bug for the Mobile Services Windows Store SDK, but there is a workaround available. Glad to provide that if needed.
I wanted to host my WebApi project on azure. But I am not getting sure which way should i use to run it on azure. Like there are Websites, Cloud Services that contain Web role and Worker role. Then which one should i choose. If cloud service is the option then which one out of Web role and worker role is good?
Any help is appreciated.
For hosting a simple web API (that you can scale according to usage, etc.) you'll want to use Websites. Assuming you're not looking for more complex / heavy-weight features (network configuration, more complex architectures e.g. offloading background processing different instances via queueing mechanisms, RDP into the host machine, etc.), then Websites are becoming the de-facto way to host websites on Azure.
The following page from the Azure documentation will give you a full feature comparison between the two:
http://azure.microsoft.com/en-us/documentation/articles/choose-web-site-cloud-service-vm/, but in short, if you simply have a web API project in VS that you want to host in Azure without worrying about the underlying infrastructure, then use Websites.
If you only want to host a Headless (No Web Interface) Web API, I recommend you using Azure Web Service - Web Role.
For Worker Role, it is like a console application that you want to use it to process background task. Normally, we use it to process from Message Queue (Azure Service Bus - Queue).
Azure create a Optimize VM to run those two type of Roles with no unnecessary junks. So you will get the most of it.
However, I still suggest you to read more detail document from azure website to see what environment which is best fit for your long term plan.
You need to login in Azure (https://manage.windowsazure.com) -> Web Sites -> Create New
After that you will find the Name of the Web Site Under the Web Sites.
Click Web Sites -> Select New Created Web Site -> Go TO -> Deployement
In Deployement -> Find -> Integrate source control
Select Appropriate Option i.e GitHub or Dropbox etc..
Using Dropbox => Now Publish your WebApi Project and Paste that Data into Dropbox Folder With the same name of your New Created Web Site in Azure
After Upload Go To -> Azure -> Select Web Site -> Deployement -> Sync.
It will take all the data from Dropbox and You can run your WebApi Project From Azure
More Details Link, Link2, Link3