I am trying to add an ASP.NET 4.x app hosted externally (using AWS Elastic Beanstalk) into the Service-registry of an existing PCF.
Edit: Is this possible? If so, can someone give me an example about how this can be done
Assuming you have network connectivity in all directions between apps in PCF and the external app, yes this should be quite possible.
However, if you're using Spring Cloud Eureka, your externally-hosted app will need to get valid OAuth credentials so that it can authenticate prior to registering.
The comment by Daniel Mikusa is very appropriate for how I achieved this.
For Pivotal SCS, you would want to create a service instance (if you
don't have one already), then create a service key for your external
app. That will give you all of the binding info/creds you need to
connect from your remote service. A service key is the same as binding
a service to an app, except it's not tied to an app so it works well
for situations like this. Just give your service key a good name, so
you know that it's being used by an external app when you come back
and see it a year from now
Related
I'm sure this is a very basic question, but I have been spending a lot of time on it and have not found a clear answer.
I am trying to create a bicep file with the appropriate setup for my webapi, but have been struggling with vnet as I transition from a prototype to a beta release. I thought it might be easy to find a template for a app service for web api, connecting to an Azure SQL database and files from blob storage using a vnet. The place where I am stuck right now it
service endpoints
subnet delegation
I read this post, which was helpful, but did not address service endpoints. Do I use delegation wherever possible and service endpoints when they are not available?
I have other service to add like notification hubs and am considering api management as well as key vault but really need to get the basics down and I am struggling.
A great reference for learning Bicep and seeing examples of how to create them:
Azure/ResourceModules
Azure/azure-quickstart-templates
Note while the quick start repoistory is ARM templates, you can take most of those and use Bicep CLI to convert them to Bicep.
The primary difference between delegation and service endpoints with virtual networks (vnets):
delegation means a given subnet is only going to be used by that service (this is related to PaaS services)
service endpoint is allowing secure and direct connectivity for that service to the subnet assigned
An example of the above:
Delegation
Deploying App Services is one of the most common Azure services that requires a dedicated subnet be allocated just for that service, aka delegation.
Service Endpoint
Deploying a Virtual Machine that you need to access a Storage Account from? The subnet where the Virtual Machine is deployed will need to have the Microsoft.Storage service endpoint enabled to allow the secure, direct connection to it.
One thing to note on service endpoints, while they are still used Microsoft recommends use of Private Endpoints as well. This allows you to directly connect to the service endpoint over the private/internal network of your VNet.
I am trying to integrate the dialog flow agent with a middleware bot. However, due to some issue, I am not able to use service account keys and have to find some alternate method for communication of APIs, Can we use API keys for this purpose?
One solution is to use a solution such as Cloud Endpoint or API Gateway (which is a Cloud Endpoint fully managed, same configuration, same features for now).
I wrote an article on Coud Endpoint with ESPv2 on Cloud Run
I'm looking for a way to expose my customer's WCF Services as REST Services (and create all the security stack to support claims / oauth authentication and authorization)
I'm working on 2 different approach to do so:
Create a new REST Service which will act as a proxy to
expose my WCF Service as REST Services (11 services / 130 web methods to
migrate...) and secure it using an IP STS / RS STS
Use a existing product like Apigee which will do all those job for me and even more feature than initially planned.
I'm trying to play with Apigee first, but I'm facing an issue while creating the API Proxy.
I've deployed a simple WCF Service (with only 2 methods) on a Windows Azure VM exposed in basicHttp (which works as expected - means I test it in a Console app successfully, even when the client app is located outside my Azure's VM -).
Problem comes when I follow the Apigee workflow to expose it as a REST Service. I try to fetch service's wsdl on Apigee portal and got following error:
Error: Cannot invoke method getOperation() on null object
Does someone know where the issue come from ? I don't have much information from Apigee portal.
I already validate my wsdl through http://www.wsdl-analyzer.com/ but everything looks fine...
Meantime, Amazone webservice works fine on Apigee and generate the REST Service so problem seems to come from my service's WSDL
This bug has been fixed and will be included in the next release (R24.4). If you still have any problems with the new release, please let us know.
I recently got a similar error in the most recent version of Apigee (Version 141029).
The error: "Fetch WSDL Error: Cannot invoke method startsWith() on null object".
The fix was to rename my local file from "somename.xml" to "somename.wsdl".
I have been struggling with setting up an iOS (Objective-C) app which utilizes the Service Management APIs. I've successfully was able to get Storage API calls working fine, but from what I'm reading, one big difference between the two Azure APIs seems to be a matter of authentication. For reference, what I'd ideally like to do is setup a simple API call to list the Hosted Services accounts in an app (eventually geared for public deployment).
According to the API Azure documentation, the Service Management APIs require a management certificate (.cer) to be uploaded and then for the client to utilize that cert to authenticate the request. My hunch is that this will prevent an app like the one I want to create from being feasible by any means, since public users with devices containing the downloaded app won't have that cert or the ability to attach it programatically in the objective-c code.
Is my hunch correct on this? Is this a forlorn idea that should not be pursued? I would think for this to be possible, the user would be required to upload their device's cert file to Azure somehow, and then to somehow have the app use this cert for authentication. I'm a bit lost on where to even begin on that, even if it is possible. :(
Any helpful info would be greatly appreciated. I have a lot of experience in the iOS side of things, but specifically in authentication/certificates of this type, I unfortunately have minimal experience.
Thanks in advance!!
-Vincent
Actually, I have an app that does exactly what you're talking about. CloudTools for Windows Azure is an iOS app that uses the Azure Management Service API to perform Azure management. It's been on iTunes for over a year.
Your question is somewhat broad, but I can tell you that the certificate issues were by far the biggest issues in designing/developing the app. You can't store the certificate in keychain, because keychain works in a manner such as this: a) you request a remote url that requires a certificate; b) that url tells you that it needs a certificate and c) keychain provides an appropriate certificate. It's a multi-request process. That won't work for Azure, because Azure service management APIs expect the initial call to include the certificate.
I require the users to add their certificate through iTunes File Sharing (steps here). Of course, they have to upload the public key portion to Azure. Then, I provide the certificate and private key with each request. I use the HTTP library ASIHttpRequest, although I believe that the latest (iOS 5.x) Apple libraries have similar functionality.
I'd be happy to provide any further details if you have any follow-up questions.
With Windows Azure, if you are using Service Management API then you really need to have certificate based authentication to create a SSL tunnel between your machine which is requesting the connection and Windows Azure Management Portal. I am not sure how wide your iOS application distribution is.
My first thought is that why would you want to deploy Windows Azure application from an iOS application, are you going to build application in iOS devices and deploy? Windows Azure Application deployment is mostly done on client machines so, Azure application management on iOS is great idea, however Application deployment from iOS not sure why. May be you are on something big here.. In both cases you really need Service Management Certificate on iOS device. If it is an enterprise app where you can let users to install Service Management certificate, it would be easier for iOS devices to use Service Mgmt API.
So if you want to use Service Management API from a client iOS app, I think the best solution will be to have WCF service hosted in Windows Azure which is configured to directly connect with your Windows Azure Portal. And from your iOS app, you just make call to your WCF service. This is very popular method to access service management API (through WCF Service) from any client app (WP7, iOS, Android) and the client side code is very light. On other hand you may need to pay to host a WCF service on Windows Azure.
I have client apps that talk to my silverlight application and its web services. So the client app is running on the client machine and making calls directly to the silverlight app running on the machine and also making web service calls.
I want the usernames/password security to be handled by the 3rd party client app.
Any idea how I can do this?
I'd try the Application Scenario's, Guidelines and How Tos sections of this CodePlex Link. You should be able to find a scenario that matches closely to yours and follow the guidelines and configuration to get yourself going.
If I've understood this correctly, the client application would pass a username/password to your silverlight app which would require a wsHttpBinding that has clientCredentials="Username". You would need to be able to authenticate this against a user store configured on your server, for example you could configure a SQL Server provider.
I'm not sure how your 3rd party client app works, but you would require a seperate security configuration for that communication. You could use a less secure binding if the apps were on the same machine and possibly use clientCredentials="Windows"/"None"/"Basic".
Difficult to advise further without knowing your exact situation. What do you have so far?