API .Net Core 6 and Azure

Introduction

This page was created to help the understanding of the APIs and how we can deploy it on Azure. An example will be used to demonstrate important steps.

API is a way of integrating systems, enabling benefits such as data security, and ease of exchanging information with different programming languages.

What is an API?

Installing Prerequisites

.NetCore 6 SDK - Download .NET 6.0 (Linux, macOS, and Windows)

Visual Studio Code - https://code.visualstudio.com/

Tutorial to create your API

Part-A: Create an API with the tutorial and add the authorization with Azure

https://docs.microsoft.com/en-us/aspnet/core/tutorials/first-web-api?view=aspnetcore-5.0&tabs=visual-studio

Creating API example using Visual Studio 2022 with core .Net 6 use the following link:

Visual Studio 2020 API example with core .Net 6

when adding the Scaffold controller use the following option

For Visual Studio 2022 only (not VS Code)

 

I created an API example on DevOps to support you in this tutorial.

https://dev.azure.com/transport-canada/DSD-CIVAV%20Support/_git/CIVAV-EXAMPLE-API 

To run the CivAv-Example-API with Visual Studio Code, execute the command below on the terminal.

dotnet run

Azure Website: https://civav-dev-api-ci-example.azurewebsites.net/swagger/index.html

AppSettings

The appsettings. json file is an application configuration file used to store configuration settings such as database connections strings, any application scope global variables, etc.

This file is important to understand to switch between environments.

Configuration in ASP.NET Core

Challenges

1- Use Visual Studio Code to run your API

2- Switch between environments with AppSettings.

Security and restricted access

When you create an API, the first thing you need to apply is security.

In .Net Core, we have the attribute Authorize. The Authorize attribute enables you to restrict access to resources based on roles. It is a declarative attribute that can be applied to a controller or an action method. If you specify this attribute without any arguments, it only checks if the user is authenticated

Simple authorization in ASP.NET Core

Configure the third-party layer

The configuration with the 3-party layer in your API is important to allow authorization and authentication for your users. For a better understanding of how it works behind the scenes, we have a diagram here to demonstrate the OAuth2 (standard protocol for authorization).

Security

OAuth2 - Authentication with Azure AD

Microsoft identity platform and OAuth 2.0 implicit grant flow - Microsoft identity platform

Configure App Registration on Azure

App registration will be the layer between our API and Azure/Azure AD for Authentication and Authorization.

https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/cc7b14ec-4fdf-44cf-8873-6cd9c10c7d56/isMSAApp/

Add Azure configuration on appsettings  

 

"AzureAd": { "Instance": "https://login.microsoftonline.com/", "Domain": "034gc.onmicrosoft.com", "TenantId": "2008ffa9-c9b2-4d97-9ad9-4ace25386be7", "ClientId": "", "ClientSecret": "", "ScopeImplicit" : "ClientID/access_as_user" }

To integrate the Authorize in your API, verify the example code.

API Deployment - Part B

  1. Create a new app service on the correct Medical RGP.
    Note: We have 1 for Medical NPRD-CACN-CIVAV-MEDICAL-CERTIFICATE-DEV-RGP and 2 for our shared resources: NPRD-CACN-SAFSECSUR-DEV-RGP and NPRD-CACN-SAFSECSUR-TEST-RGP. The shared resources NPRD-CACN-SAFSECSUR-DEV-RGP will be used in this training only to publish the container images.

    If your image is not created on the container registry, you can just create your app as below

     

  2. You can configure your image when you create your app services or change the configuration after. Deployment Center > Change to Azure Container Registry > Choose your subscription (in our case, NPRD) > Registry ncdsafsecsurcr

  3. Create a Dockerfile in your project. You can use this one as an example
    https://dev.azure.com/transport-canada/DSD-CIVAV Support/_git/CIVAV-EXAMPLE-API?path=/Dockerfile

  4. Create a new pipeline based on this
    https://dev.azure.com/transport-canada/DSD-CIVAV Support/_build?definitionId=1011
    Go to New Pipeline > Use the classic editor > Empty job





  5. Go back into your app services and verify 2 things:

    Configuration:


    TLS/SSL settings: HTTPS Only = True



Design APIs for microservices 

 

Conception d’API - Azure Architecture Center  

API design - Azure Architecture Center