I would like to connect two mobile app services and their easy tables in the azure portal.
The two system have users with different read and edit rights.
The first system is read only users and the other system is admin users.
So when one user post something to a table in the first app service, it should trigger a post or event in the second app service.
The two app-services endpoints may look like this:
https:// some-random-url .azurewebsites.net/tables/posts
https:// some-other-random-url .azurewebsites.net/tables/posts
Is there some way to connect two azure mobile app services via an Api?
For easy tables, you are using the Node.js backend for your mobile app. You could leverage KUDU or App Service Editor to check your backend code, details you could follow Understanding the Azure App Service Editor.
So when one user post something to a table in the first app service, it should trigger a post or event in the second app service.
Per my understanding, azure mobile apps provide a easy way to expose your table APIs. You may internally call your second mobile app endpoint within your first mobile app with the relevant authentication. Moreover, I would recommend you follow 30 DAYS OF AZURE MOBILE APPS for a better understanding of Azure Mobile Apps.
Additionally, you could provide more detailed scenario for your issue, then we could provide other better solution for you to implement your requirement.
Related
I have two web apps in azure one angular 6 the other one is .net core web api. Angular app consumes the apis to get data. Some of these apis are public apis. It means authentication is not needed for them to be called.
My questions is, what the best approaches are to protect these public apis? By protecting, I mean not letting anonymous users to call these apis and abuse data.
In my mind these are what I can do:
CORS, but the problem is postman and other rest tool still can call my apis
Using azure api management? By rate limiting? Is there a better way?
Use some sort of api key but the angular app will expose them anyway.
In my c# app I get user agent, host, Origin of the call and restrict based on those?
Basically I want to restrict anonymous user from manipulating and calling my post apis and push not relevant or duplicate data to my back-end without using any sort of AD as my apis are going to be public. I want only a few authorized app can call my apis.
Please tell me which one of the above are the right one and please recommend a better approach.
P.S: my backend is .net core 2.2,
Thanks
I can recommend below solution,
Host your APIs on Azure API app and import it to APIM. Then Configure IP restriction on API APP using the IPs of APIM. That mean, only APIM can access your API host. or you can implement client certification authentication between APIM and API host.
https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates
02.Next enable subscription key/API key on APIM and keep these key on Azure key vault. So you don't need to hard code these keys on frontend. I hope you host this Angular app on Azure. (I am not Angular expert...just check online for docs)
https://learn.microsoft.com/en-us/azure/key-vault/quick-create-node
03.Later based on your scenario, If need you can apply Rate policies.
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/api-management/api-management-sample-flexible-throttling.md
I have a cross platform app currently designed using xamarin forms but now need to use this to create a user profile for the user, using the information provided, for a website.
Are there any add ons or plugins for something like square space or wordpress which would allow me to upload a user program via a RESTful api or something along those lines?
Basically what are my options to transfer user data from a cross platform app to a web app so that my user can then log onto the web app and see all their information?
All you need is a database that can be accessed by both your web app and your mobile app. There are numerous services that would allow you to do this.
But if your web site is going to be a WordPress site (I have never looked into squarespace) then it already uses a MySql back end for data storage. I would imagine squarespace uses a database of some sort as well. You could then create RESTFul urls on that same server to send and request data and use whatever database system that your website is using. If you don't want to implement your own service code for sending and receiveing data that can be used by both your web app and your mobile app, then you could use some service like Azure, AWS, Apigee, etc. just for the database.
I have a WinRT app that is going to interact with a WebAPI service on my server backed by an Entity Framework managed SQL database (MVC - ASP.NET). For security, I'm only allowing users authenticated on the WinRT side with the Microsoft Live Connect SDK to interact with the WebAPI service. I already have the login code for authenticating with the Live Connect SDK on the WinRT app side working. The WebAPI service is running in the context of an MVC Web Role running on my Azure hosted server.
I've done a lot of reading on StackOverflow and there's a wide range of documents on the topics of authentication, OData, OAuth, Azure Mobile Services, WebAPI and how to combine them:
Live Connect Authentication Token for use on Azure Mobile Services (REST)
How to use a MVC WebAPI OData endpoint securely?
Disable Windows Authentication for WebAPI
I am very concerned that I choose the tools/path that implements only what I need to implement the above scenario and in a secure manner. My main attack concern is un-authenticated users trying to access the ApiController and performing harmful Puts or Deletes. Some questions:
Do I need Azure Mobile Services at all?
What tool(s) do I use or configuration changes do I need to make to manage/pass the Live Connect token between the WinRT app and the service?
Is there a template or NuGet package that I should use that automates much of this?
Is there a document that addresses my scenario or one close to it?
Is there anything built-in to Entity Framework that can help, or conversely has a vulnerability I need to address? If so, what?
What changes do I need to make to the server configuration (web.config)?
We want to develop a web application as a cloud service on windows Azure. The application has the following architecture:
This application was a simple line of business winforms application, where any customer could purchase and use it. Now our company decided to redesign it as a web application where many customers can work on it in the same time. The core application will stay the same, just some simple customizations, it does some simple tasks in the database and sending emails and other things.
Now, Our company decided that we need to use windows Azure to publish the web application as a could service. We don't need to use any of the Azure storage nor SQL Azure database services, instead we will use our datacenter's storages and database. We just need to deploy the application as a cloud service, and we don't know where to start. I couldn't understand how to use windows Azure cloud services in this application. So my questions are:
Is this architecture valid with windows Azure? And where would be the role of Windows Azure and its cloud services in this archticture?
We don't need to host the application on Microsoft datacenters, instead we need to use it in our datacenter, when I searched I found the Windows Azure Pack for Windows Server, so can we use it so that we can host it in our datacenter? Does we need any extra cost consideration to use it? Where to start to use in our application?
I found some posts and tutorials (like this one here in SO) saying that I just have to create a new Window Azure Project and add a WCF Service Web Role, copy the application files from the old Web Service then host the same as a web application. Is that true? Is windows Azure just involved in the deployment and it doesn't has any effects in the internal architecture of the application?
You can deploy both your UI and Service back-end to Azure Web Roles. If you have any remaining WinForms application, they still can connect to the Service back-end. I would recommend that you also deploy your database to Azure if possible to improve performance and reduce latency. You can either use Azure SQL Database or you can create a SQL Server VM.
There are various interesting options to deploy layered applications to Windows Azure. You can read more about it here. http://serena-yeoh.blogspot.com/2014/01/layered-applications-and-windows-azure.html
You can also checkout a simple sample here
http://cloudsample.codeplex.com
First of all, I took a look to every related topic on her about this issue. However non of them was successful in answering my question fully.
Currently I am working on a desktop app, coded in C#/wpf, that requires MySQL connection both for authentication and storing user custom lists etc.
However, the problem is that apparently allowing everyone to remotely connect to MySQL db is not good practice. Also, my current host requires IPs to be whitelisted before they can connect to the db.
What are my options on this?
Thank you in advance
You should look into creating a web service (SOAP), http web-api (REST) or some other middleware to abstract your data storage.
This has the benefits of:
Allows you to move much of the business logic out of your desktop app and into middle ware
Allows you to keep business logic out of sql which might be a bottleneck
Allows you to update your business logic without redistributing your desktop app (easier if you don't have direct control of all the desktops).
Allowing you to control authentication (many web servers have their own modules, method of authentication). Your app would control access and access storage under it's own service account.
Allows you to complete change your data storage (let's say in the future you store some in sql, some in mongodb, some in cloud storage - once again, without having to update all your desktops.
Allows you to scale out your front ends and even possibly scale out your backend storage (for example, read/write DB replicas)
If you're already working with C#, then the new MVC4 web-api should be a good fit. Read more here:
http://www.asp.net/web-api
If you go that route you could control access in your service and have your service access the database either via credentials in a connection string or if you use IIS, credentials on the application pool mapped to your site.
If you're shipping your desktop app (you're not hosting the DB) then you can also self host web-api in it's own exe if your customers don't want to install/manage IIS.
Finally, if your mysql is online, your middleware could be in the cloud (azure etc...)
Create a web service, such as with WCF or MVC Web API where your app can pass through their credentials and authenticate. I'd recommend https for transport security.