Web Service in Azure - azure-devops

I am trying to recreate a web service in Azure.
The web service needs to get data from an Azure database that needs to be exposed to SharePoint online.
The only options when I get when creating a web service in the azure Portal are as follows
Web App
Web App + SQL
Function App
Do I need to create a Function app instead?. Is a Function app equivalent to an On premise Web service.

It depends on what kind of web service you want to host in Azure. E. g. if you have a dotnet / dotnet Core REST API, you probably want to create an API App (just search for API App).

Related

How to host multiple sites on Azure web app for Containers using docker compose

I would like to use a docker compose file to deploy multiple public end points for our Linux hosted site.
We already have a deployed site that has images stored on a private ACR and is hosted on an Azure App Service (using Web App for Containers). It is deployed via Azure DevOps and works well.
We would however, like to use the same site to host an additional component, an api so that we would then end up with these endpoints:
https://www.example.com - the main site
https://www.example.com/api - the api
We would like to avoid a second app service or a subdomain if possible. The architecture we prefer is to use the same https certificate and ports (443) to host the api. The web site and api share a similar code base.
In the standard app service world, we could easily have deployed a virtual directory to the main app which is simple enough.
This model though seems to be more complicated when using containers.
How can we go about this? I've already had a look at this documentation: https://learn.microsoft.com/en-us/azure/app-service/containers/tutorial-multi-container-app. However, in this example, the second container is a private one - which doesn't get exposed.
Should we use a docker compose file (example please)? Or alternatively, is there a way we can use the Azure DevOps task to deploy to a viritual directory in the way that i would like. This is the task we are using for the single container deployment:
https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-rm-web-app-containers?view=azure-devops
For your requirements, the Web App For Container is also a type of Web App service, and as you see, it only can expose one container to the outside(the Internet) and others are private. So if you want to use the multi-containers Web App to deploy the images to access multiple endpoints such as the main site and the API site, then it's impossible to make your purpose come true.
According to the feature of the Web App that it only exposes one container to the outside, what you can do to achieve your purpose is that creates only one image and route to the endpoints yourself in the code or through a tool, such as the Nginx. Then deploy it to the Web App for Container. Only in this way, you can access multiple endpoints from only one App service..

Retrieve logged user information from cloud foundry web application

We developed a web application using SAP Web-IDE Full Stack; we need to retrieve the details of the user logged into application (as defined in SAP Cloud Platform Identity Authentication Administration), for example display name and assigned groups.
We tried the userapi/currentUser API, but it seems to work only on NEO environment, for this reason is working fine while debugging in Web-IDE, but we get a 404 error when deploying the app on Cloud Foundry.
Do we need to add a new destination to make userapi work also on CF? Or is there some kind of similar solution available on Cloud Foundry?
I highly suggest using the SAP S/4HANA Cloud SDK for such tasks. It is an SDK developed to make building applications for SAP Cloud Platform easy, by providing easy to use mechanisms for all the Cloud Platform mechanisms.
Regarding your task at hand, there is a UserAccessor class that you can use like this:
final Optional<User> user = UserAccessor.getCurrentUser();
This works on Neo as well as on Cloud Foundry, i.e. there is a single interface for both platforms, which allows you to develop your app in a platform agnostic way.
If this sounds like it could solve your problem, I recommend checking out this blog post series to get started.
Alternatively, you can also simply add the following dependency to your project to start testing the SDK:
<dependency>
<groupId>com.sap.cloud.s4hana.cloudplatform</groupId>
<artifactId>scp-neo</artifactId>
<version>2.7.0</version>
</dependency>
For Cloud Foundry use scp-cf instead of scp-neo.
Hope this helps!
P.S.: To answer your question also on a technical level, Cloud Foundry uses so-called JWTs for authentication and authorization. You can check whether a JWT is present by looking at the Authorization header of the request. The JWT should hold the information you're looking for.
In SAP Cloud Foundry if you develop a MTA using XSUAA service to manage User Authentication and Admistration, defined for example in the mta.yaml,
...
resources:
- name: uaa_myapp
parameters:
path: ./xs-security.json
service-plan: application
service: xsuaa
type: org.cloudfoundry.managed-service
...
you can use the UAA API published from XSUAA service self to manage user authentication and authorization (e.g.: retrieve user info, groups assigned, password management etc..). also in the case the application is federated with another IDP.
To consume this API for example to retrieve user info you need to:
Determine the XSUAA endpoint bound to your app (SCP Cockpit > XSUAA service detail > take the value url)
Create a destination (xsuaa_api_destination) of type OAuth2TokenExchange bound to your app with url url took before, and fill OAuth2 authentication parameters with the data contained in XSUAA service detail (step 1).
From your app execute the call xsuaa_api_destination/userinfo, for example using an ajax if you are using JS.
You can find other info in Account and Authentication Service of the Cloud Foundry Environment SAP doc.

Deleting Service Endpoint in Visual Studio

We are doing some testing using the Continuous Deployment feature of Azure Web Apps, which created a Service Endpoint in our corresponding visualstudio.com account.
We deleted the Web App we were testing with before deleting the service endpoint and now when we go to delete the service endpoint it won't let us because it can't find the web app.
How can we get this service endpoint object removed from our visualstudio.com account?
The workaround is that you can create a new Azure Web App with the same name, then you can delete the service endpoint.
There is the feedback that you can vote: VSTS can't delete service endpoint that created through Azure Web App Continuous Delivery

Rest to Azure SQL database integration service

Hei
I have a simple scenario, where I have an on-premise system that hosts a rest api. I what based on data in that rest to fill data into a Auzure SQL database using some type of synchronization job. I just unsure of the best method to do this? Can one use Azure Data Factory for this? What other services can do the job?
Under Azure app services is a background task service called Azure Web Jobs
Here are links to help you get started:
Azure App Service Overview: https://azure.microsoft.com/en-us/documentation/articles/app-service-value-prop-what-is/
Overview from another website: http://www.informit.com/articles/article.aspx?p=2423911
Azure Web Jobs introduction: https://azure.microsoft.com/en-us/documentation/articles/web-sites-create-web-jobs/

Azure mobile services + thinktecture identityserver v3

I'm trying to figure out how to integrate the identity server with azure mobile services for use from mobile clients. I already have the id server up and working barebones with a test aspnet mvc website using it via the openidconnect middleware.
I haven't found much info on how to do this with mobile services and I'm not exactly sure what the overall flow is as far as what talks to what first. Is it that the mobile client should call the id server directly posting the username password and getting a token and then set that token on the mobile user then, when calls are made to azure mobile service the token is then validated on a back channel from the service to the id server? Or how should it work?
I have already read the custom authentication docs on azure and found some azure team blogs on the subject but it seems like they are already out dated. Is there a way to simply insert the same openidconnect middleware into the azure pipe?
I'm hoping to get this ironed out because I have a number of web+native mobile (Xamarin) projects on the horizon and this would be the identity foundation for all of them.