OAuth2 vs OpenID Connect & Azure AD Seamless SSO

OAuth 2 is an Authorization Framework.  It allows 3rd party application to get access to an HTTP Service.  It is primarily used as Token for API Access.

OpenID Connect is an Authentication Framework.  It is primarily used as ID Token for SSO.

Azure AD Seamless SSO automatically signs in users from their corporate devices to Azure Active Directory.

References.

Internet Engineering Task Force https://tools.ietf.org/html/rfc6749

CosmosDB vs. Azure SQL–Performance Benchmark

I was doing Benchmarking on CosmosDB vs Azure SQL for a Performance Critical application.  Our needs was fulfillable through Azure SQL but there was some CosmosDB use cases like Schemaless, Geo-replication etc.

So let us see the Performance Benchmark

Configurations

CosmosDB

  • Default Configuration
  • East US
  • SQL API

Azure SQL

  • Standard S1
  • East US

Test 1 : Accessing from Laptop

The Test 1 was conducted from a Laptop within US region.  The test was conducted with 100 continuous Inserts of 10KB data on each.

The observations are below.


100 Count 1 Count (Average)
CosmosDB 3 second 30 millisecond
Azure SQL 3 second 30 millisecond

Test 2  : Accessing from Azure VM

The Test 2 was conducted from an Azure VM within East US region to ensure minimum latency.  The test was conducted with 100 continuous Inserts of 10KB data on each.



100 Count 1 Count (Average)
CosmosDB 2 second 20 millisecond
Azure SQL 1 second 10 millisecond

Inference

Cannot find much speed advantage on Cosmos DB

SLA

As per the SLA on CosmosDB there need to be following criterias to get the 1 digit millisecond response:

  • Within same Region
  • TCP configuration
  • High Speed Internet

Summary

Azure SQL on Standard Configuration is providing better Speed than Cosmos DB.   Choose Cosmos DB based on the right use case.

I can publish the Database Benchmark Application on demand.

Azure Key Vault & Access from C#

Azure Key Vault & Access from C#

In this article we can explore how to create an Azure Key Vault & Access from C#.

Azure Key Vault

Azure Key Vault allows to keep encrypted secured strings. Eg: Connection Strings, Passwords etc.

Create Azure Key Vault

Open Azure Portal & Create a new Key Vault as shown below.

image

Go the Secrets blade and create a new Secret with name as key1 and value as value1

image

Create App Registration

We need to create an App Registration for our Console Application. This will enable to Authenticate our Console Application using the Credentials.

Go to Azure Portal > Azure Active Directory > App Registrations. Create new App Registration as below.

image

Create new client secret too.

image

Now copy the Client ID and Client Secret which you need in the next steps.

Authorize Console Application

We need to Authorize the Console Application to the Key Vault. Without this step you will get Forbidden error.

Go to Key Vault > Access Policies blade

image

Click Add Access Policy and select our Console Application as Principal.

image

image

Now onwards any application authenticated through Client Credentials of the Console App Registration will be considered as Principal – which is the Security Identity for the application.

Create Project

Create a new console application in Visual Studio. Add references to following:

· Microsoft.Azure.KeyVault

· Microsoft.IdentityModel.Clients.ActiveDirectory

Replace the code with following.

using Microsoft.Azure.KeyVault;

using Microsoft.IdentityModel.Clients.ActiveDirectory;

using System;

using System.Threading.Tasks;

namespace KeyVault

{

class Program

{

static void Main(string[] args)

{

Console.WriteLine($”Secret Value from Vault is: {GetVaultValue()}”);

Console.ReadKey(false);

}

static string GetVaultValue()

{

KeyVaultClient client = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetToken));

var vaultAddress = “https://your-key-vault.vault.azure.net”;

var secretName = “key1”;

var secret = client.GetSecretAsync(vaultAddress, secretName).GetAwaiter().GetResult();

return secret.Value;

}

static async Task<string> GetToken(string authority, string resource, string scope)

{

var clientId = “YOUR CLIENT ID”;

var clientSecret = “YOUR CLIENT SECRET”;

ClientCredential credential = new ClientCredential(clientId, clientSecret);

var context = new AuthenticationContext(authority, TokenCache.DefaultShared);

var result = await context.AcquireTokenAsync(resource, credential);

return result.AccessToken;

}

}

}

On running the application, you will get the following output.

image

Summary

In this article we have explored how to create an Azure Key Vault & Access from C#.

How to Install Swagger for .Net 2.2 Web API?

I had a “WTHek” time installing Swagger, the documentation tool.

Solution

So here is how to install Swagger in the right way.

Create a new Web API project.

Create a new Web API project in .Net Core 2.2

Ensure it is compiling fine.

Run Package Manager

Go to your Web API project & Run Package Manager command

Install-Package Swashbuckle.AspNetCore -Version 5.0.0-rc4

Install-Package Microsoft.OpenApi.Models

Add Code to ConfigureServices() method

Towards the last.

services.AddSwaggerGen(c =>
{
c.SwaggerDoc(“v1”, new OpenApiInfo { Title = “My API”, Version = “v1” });
});

// Resolve namespace for OpenApiInfo

Add Code to Configure() method

app.UseSwagger();

app.UseSwaggerUI(c =>

{
c.SwaggerEndpoint(“/swagger/v1/swagger.json”, “API V1”);

});

 

Run the Application

 

You should be able to access the Swagger documentation as below:

http://localhost/swagger

More Debugging

If you missed any [HttpGet] attributes also swagger will give above “swagger.json” error.

Open the Output window to view which Controller method is causing trouble.

Azure API Management

Following are the advantages of Azure API Management

Platform Independence enabling multiple clients to call the API through Standard protocols.

Service Evolution enabling adding new functionalities regardless of the clients.

Discoverability enabling documentation on existing services Discoverable by clients.

Backward Compatibility to ensure old version clients are still supported

Security prevents from automated attacks

Caching for faster & cost effective responses

API-First Approach enables Designing application with API consumption in mind.

RESTful enabling usage of HTTP & Common HTTP Verbs GET, PUT, POST, DELETE for CRUD operations, Stateless Request Model enabling easier Scalability.

Creating a VNET (Virtual Network) in Azure

VNET (Virtual Network)

VNET provides the following advantages:

  • Isolation by providing a subnet within the Azure
  • Protection from public Internet & Other VNETs

Create a VNET

We need to create 2 VNETs:

  • frontend VNET for the web application
  • backend VNET for the sql database

Open Azure Portal & Go to Create Resource > VNET.

image

We can create a frontend subnet now.

image

We can create a backend subnet now.

(Go to Home > Virtual Networks > Choose our VNET > Subnet blade)

image

You can see the Subnets have different Address ranges.

image

In the next post we can create a web application & host in the VNET.

Summary

In this post we can see how to create a VNET (Virtual Network) in Azure.