1 Introduction
2 Installing Prerequisites
3 Tutorial to create your API
- 3.1 AppSettings
  - 3.1.1 Challenges
4 Security and restricted access
- 4.1 Configure the third-party layer
5 Configure App Registration on Azure
- 5.1 Add Azure configuration on appsettings
6 API Deployment - Part B
7 Design APIs for microservices

Introduction

This page was created to help the understanding of the APIs and how we can deploy it on Azure. An example will be used to demonstrate important steps.

API is a way of integrating systems, enabling benefits such as data security, and ease of exchanging information with different programming languages.

https://www.youtube.com/watch?v=s7wmiS2mSXY

Installing Prerequisites

.NetCore 6 SDK - https://dotnet.microsoft.com/en-us/download/dotnet/6.0

Visual Studio Code - https://code.visualstudio.com/

Tutorial to create your API

Part-A: Create an API with the tutorial and add the authorization with Azure

https://docs.microsoft.com/en-us/aspnet/core/tutorials/first-web-api?view=aspnetcore-5.0&tabs=visual-studio

Creating API example using Visual Studio 2022 with core .Net 6 use the following link:

Visual Studio 2020 API example with core .Net 6

when adding the Scaffold controller use the following option

For Visual Studio 2022 only (not VS Code)

I created an API example on DevOps to support you in this tutorial.

https://dev.azure.com/transport-canada/DSD-CIVAV%20Support/_git/CIVAV-EXAMPLE-API

To run the CivAv-Example-API with Visual Studio Code, execute the command below on the terminal.

dotnet run

Azure Website: https://civav-dev-api-ci-example.azurewebsites.net/swagger/index.html

AppSettings

The appsettings. json file is an application configuration file used to store configuration settings such as database connections strings, any application scope global variables, etc.

This file is important to understand to switch between environments.

https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-6.0

Challenges

1- Use Visual Studio Code to run your API

2- Switch between environments with AppSettings.

Security and restricted access

When you create an API, the first thing you need to apply is security.

In .Net Core, we have the attribute Authorize. The Authorize attribute enables you to restrict access to resources based on roles. It is a declarative attribute that can be applied to a controller or an action method. If you specify this attribute without any arguments, it only checks if the user is authenticated

https://docs.microsoft.com/en-us/aspnet/core/security/authorization/simple?view=aspnetcore-6.0

Configure the third-party layer

The configuration with the 3-party layer in your API is important to allow authorization and authentication for your users. For a better understanding of how it works behind the scenes, we have a diagram here to demonstrate the OAuth2 (standard protocol for authorization).

Security

OAuth2 - Authentication with Azure AD

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow

Configure App Registration on Azure

App registration will be the layer between our API and Azure/Azure AD for Authentication and Authorization.

https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/cc7b14ec-4fdf-44cf-8873-6cd9c10c7d56/isMSAApp/

Add Azure configuration on appsettings

"AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "034gc.onmicrosoft.com",
    "TenantId": "2008ffa9-c9b2-4d97-9ad9-4ace25386be7",
    "ClientId": "",
    "ClientSecret": "",
    "ScopeImplicit" : "ClientID/access_as_user"
}

To integrate the Authorize in your API, verify the example code.

API Deployment - Part B

Create a new app service on the correct Medical RGP.
Note: We have 1 for Medical NPRD-CACN-CIVAV-MEDICAL-CERTIFICATE-DEV-RGP and 2 for our shared resources: NPRD-CACN-SAFSECSUR-DEV-RGP and NPRD-CACN-SAFSECSUR-TEST-RGP. The shared resources NPRD-CACN-SAFSECSUR-DEV-RGP will be used in this training only to publish the container images.
If your image is not created on the container registry, you can just create your app as below
You can configure your image when you create your app services or change the configuration after. Deployment Center > Change to Azure Container Registry > Choose your subscription (in our case, NPRD) > Registry ncdsafsecsurcr
Create a Dockerfile in your project. You can use this one as an example
https://dev.azure.com/transport-canada/DSD-CIVAV Support/_git/CIVAV-EXAMPLE-API?path=/Dockerfile
Create a new pipeline based on this
https://dev.azure.com/transport-canada/DSD-CIVAV Support/_build?definitionId=1011
Go to New Pipeline > Use the classic editor > Empty job
Go back into your app services and verify 2 things:

Configuration:

TLS/SSL settings: HTTPS Only = True

Design APIs for microservices

https://docs.microsoft.com/fr-ca/azure/architecture/microservices/design/api-design

https://docs.microsoft.com/en-ca/azure/architecture/microservices/design/api-design

BSD - Civil Aviation

API .Net Core 6 and Azure