My companys Services are a little bit complicated. Thats why my company demands that i write an NestJS API that requests the Data from the Azure Industrial IoT Services(those are APIs or hubs i dont realy know) for a particular job.
My problem now is, that i dont know how to authenticate nestjs to azure. So that i can request from those Azure Services the Data.
The structure of this project looks like this:
AZURE - Services are behind<--------->NestJS-Api + Postgres<---------->AngularApp
The nestJS-Api should have authorisation to request data 24/7(the whole time)
If you want to manage Azure services such as create/delete an Azure IOT hub service, you will need to get an access token by passport.js and call Azure management API.
But if you already have an Azure IOT hub service, you want to use this service by API, and you are facing the authentication issue, you can just refer to this official guide.
Related
I am working with a device that cannot include Azure IoT SDK. It can only send HTTO calls.
Is there any guide explain the simplest REST calls that allow my device send telemetry data to Azure IoT Hub?
Azure IoT Hub also offer the REST API to Send a device-to-cloud message.
The REST APIs for IoT Hub offer programmatic access to the device, messaging, and job services, as well as the resource provider, in IoT Hub. You can access messaging services from within an IoT service running in Azure, or directly over the Internet from any application that can send an HTTPS request and receive an HTTPS response.
You can use the Send Device Event for sending device-to-cloud message.
POST https://fully-qualified-iothubname.azure-devices.net/devices/{id}/messages/events?api-version=2020-03-13
You can go through the below documentations for more details.
Azure IoT Hub Device Rest API Operations and Azure IoT Hub REST API
I'm looking into securing both my Web Application and Web API running on Azure, using Azure Managed Service Identities.
However, I am wondering if the On-behalf-of authentication flow works in this case?
I can't find any clear documentation on either answer.
OBO using managed identities is not supported.
I will use Azure AD B2C for service fabric App Security. I will have Stateless front end web service (ASP.NET Core) and stateless services to blob storage + stateful service as data storage.
Is good idea create special security stateless service for communication with Azure AD? Or is better "direct" connection from each own service to Azure AD?
We have similar set up and here is what we did.
All public Api/Service are behind Azure Api Management. API Management will validate the token for all the API. This is good for us to have a central configuration place for token validation as we have a large number of services.
If your service is on Azure then you can use API Management(Premium tier) within you VNET this will give you built in support of API Management with service fabric which is really useful.
If you dont use API management, then you should define any service which are public entry point then validate with Azure B2C there. After that you can trust the JWT in subsequent call to other services.
This article is very useful
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-api-management-overview
I dont think validate the JWT at each service is a good idea. For example you have one request which then trigger 5 services. If you validate token in each one then it might slow your response.
Hope this helps
I am trying to port my Android application into a Cloud based one. Where I wanted the data stored in cloud. I am a .NET guy so looking into Azure. I see Azure Mobile services which allows me to create tables and ability to authenticate. I also Looked into Azure SQL database.
I would like to know what is the difference between these two services and what are the scenarios using mobile services gives values than using Azure SQL database
Actually, the tables you see listed in Azure Mobile Services are actually tables that are in an Azure SQL Database instance. The Mobile Services provides an abstraction layer on top of the tables in SQL Server. If you use the current JavaScript back-ended mobile services you'll see the table in the management portal and it uses the dynamic nature of JavaScript to provide what appears to be a NoSQL like experience with Azure SQL DB in that you can send in an object and properties it doesn't recognize will be added to the table schema (you turn this off when you ship to production :) ). The big thing to remember is that under the hood the database is an Azure SQL DB, so you should have access and do anything via the one created by Azure Mobile Services as you can with the raw Azure SQL DB.
By using Azure Mobile Services you get an API hosting layer that you can use to do direct access to the tables (based on the permissions you hinted at) but also to just about anything utilizing the custom API feature.
If you chose to bypass the Azure Mobile Services you'd likely want to have some API layer between your Android app and the data for a variety of reasons (security, abstraction of data location, etc.). In which case you'd have to write and host that API layer somewhere. Other options within Azure would be a Web API site in Azure Web Sites, an API hosted in an Azure Cloud Service or all the way up to an Azure VM; however, as you slide up that scale you're taking on more and more responsibility and work.
The scenario that is useful to use Azure Mobile Services over the Azure SQL DB is pretty much the scenario you have. You don't have to maintain your own hosting API layer, just the code the API layer executes. You can scale an necessary (to a very large scale indeed) and also get features like the push notifications and web jobs (though those are also things you can do via other services in Azure if you'd like). Thinks of Azure Mobile Services as a higher level grouping of Azure services that are helpful to mobile developers.
Mobile services provide you with built-in push notification features and other such mobile friendly features too. They are more mobile oriented in a way.
I've a WCF service hosted at internal domain with AZMan role provider. All works great.
We would like to take the same approach of authorization in Azure as well. Could anyone please tell me whether Azman is supported in Azure. If not, what are options for ROLE BASED AUTHORIZATION WCF Services in AZURE.
Thank you
Azman is not supported natively in Azure - it is heavily COM-based. You would need to use Azure ACS (Access Control Services). You could tie this into your on-premise AzMan provider if you used the Azure Service Bus Relay and created some services above AzMan.
Both the Service Bus and Access Control components are part of the Azure AppFabric SDK.