I have an OData V4 Web API( .NET Framework 4.6.1) hosted on On-Prem IIS. Instead of making it Internet Facing, I want to host it on Azure. What are my options here? What are the best practices to host it? Do I have to create a new Web API Project inside Azure? What Services do I need to subscribe to?
This web service will be consumed by Virtual Entities under MS CRM
https://learn.microsoft.com/en-us/dynamics365/customer-engagement/customize/virtual-entity-walkthrough-using-odata-provider
Deploy it to Azure App Service, The web app type should not make a difference but Web API should be the most correct.
If you don't want to expose it to everyone, you can use Access Restrictions on your azure web app by adding a rule that allows specific IP range to access the API URL
You have two options
using Azure Relay service - Hybrid connection (Relay Service link)
S2S VPN - Another option, which helps to expose the service to a particular Azure Virtual Network.
(Reference link)
Can you tell me what are the services going to consume the service, so that I can provide accurate solution
Related
We have a hybrid Active Directory scenario - an on premises Active Directory server synced with an Azure AD tenant.
We are in the process of migrating our on premise Exchange email accounts to 365.
We have a SPA (JavaScript) that displays calendar events retrieved from a dotnet core web API.
The web API only allows access to users in a specific AD group.
The SPA uses the Fetch API to call the web API with credentials.
The web API currently uses EWS to connect to our on premise Exchange server to read calendar events, using its app pool identity.
The above systems have been developed in-house and run on our internal servers.
We want to update the Web API to read calendar events using the MS Graph API, on behalf of the user. We would like to use the simplest available solution.
We have tried to use the AcquireTokenByIntegratedWindowsAuth method but receive the following error: 'Integrated Windows Auth is not supported for managed users'. My limited understanding of why this doesn't work is because we do not have an ADFS on premise.
One of the Microsoft samples shows a SPA acquiring an access token and passing the token in the header as part of the web API call. This would require us to update the SPA and web API code. We're willing to do that if it's the only solution, but I am hoping someone might offer an alternative where we only need to update the web API.
I am building Web API with ASP.NET Core hosted on IIS that will act as proxy integrating a few services.
I need to forward user credentials/identity to specific services managed by my API and to do so i want to enable ticket forwarding in Kerberos.
What steps i need to take to make it work?
First of all I need to setup my service as trusted in KDC and after that should it will received forwardable tickets instead of regular ones (i need to specific services that my API can forwards tickets to), am i right?
How do i then forward that ticket to other service using HttpClient?
Does attaching received token to request will be enough?
Am i correct about listed by me steps and is there any thing more to do?
Thank you all for help.
We are developing an azure mobile services application and are having some difficulty with authentication.
The X-ZUMO-AUTH and X-ZUMO-APPLICATION HTTP headers are being sent from the client to the server correctly, yet on the server HttpContext.Current.User.Identity.IsAuthenticated remains false.
The server is a MVC/Web API ASP.NET application.
Is there some sort of configuration we could be missing to get this working?
Undoubtedly you are missing something. I hope you mean Azure Mobile Apps (and not Azure Mobile Services).
You need to integrate the Azure Mobile Apps SDK on the server side, and turn on and configure Azure App Service Authentication & Authorization. In addition, if it's a straight MVC app, you will need to add the OWin initializer to your Startup.cs file.
Check out Chapter 6 of http://aka.ms/zumobook
I have a ASP.Net WebAPI service that is used by my AngularJS front end and I am making use of Owin and bearer token.
Now there is a need that we need to install an agent on the few of the client machines (developed in .Net core mostly) that is able to connect to our application and make similar calls. I can create a separate controller for this need, but want to host it in the same website.
How can I create a secure connection between this agent and the ASP.Net server hosted on Azure?
Currently I am looking at generating a Token during the agent installation based on the client MAC address and giving it with each call, but I am checking if there are any better way to address this need.
Any help in this direction is welcome.
Regards
Kiran
It seems that you’d like to enable only valid “agents” that installed on the client machines to communicate with your server, if that is the case, Azure AD provides Native Application to Web API authentication scenario (a native application that runs on a phone, tablet, or PC needs to authenticate a user to get resources from a web API that is secured by Azure AD), you could refer to it.
I am creating an ASP web form hosted on a public Microsoft web host. I need it to access a SQL database located locally on our internal network. I have developed a web service that talks to the ASP web form, but I don’t know where the web service should be located and how to get the data from the ASP web form to the local SQL database on our network.
So it's really two questions:
Where should the web service be located? On the public Microsoft host or on the internal network host?
How would the web service get the information from the public ASP web form to the internal SQL database?
Regarding the first question:
I guess you mean that the web server contacts the web service, not the other way around.
My guess would be to have the service at your company network if you want to contact the database for more than one application.
If there is no need for the database over there, i would place the service, database and web server to the cloud you are using, since this is better for availability and performance.
Regarding the second question:
You could look into some basic database interaction code like in ADO.NET or Entity Framework. Use MSDN as a starting point.
Do you mean Azure, when you say MS web host? Azure (and other cloud services) allow you to create a site to site virtual network e.g on Azure: https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-site-to-site-create/
If not Azure, but something like Rackspace they often have similar functionality: http://www.rackspace.com/knowledge_center/article/configure-a-site-to-site-vpn-using-the-vyatta-network-appliance
With this network configured, you could connect securely to your local SQL instance.
Latency and line speed will limit performance, obviously. You would need to experiment. Ultimately it would probably be better as suggested in the other answer to host your database in the cloud too.