Manual Deployment to local web server
My first procedure for getting the new bits onto the relevant domain IIS webserver were:
-
VS Code terminal: dotnet publish –configuration Release
-
Browse to \LegacyDatabaseMaintenanceApp\bin\Release\net7.0\publish
- Sort files by date modified.
- Copy the files that have just been updated.
-
Remote onto the IIS webserver and stop the application’s app pool.
-
Browse to the application folder on the web server and paste the files, overwriting those already there.
-
Start the AppPool for the app in IIS Manager.
Migrating from On-Premise App to Azure App Service
Our app is now hosted on an on-prem IIS server, displaying and updating data from our on-prem SQL Server database.
The app is now going to be moved into the Azure cloud. I only want some developers and managers to have access to this app, so I need to somehow authenticate who the user is. Being hosted in Azure, allows me to seamlessly use Entra ID (formerly Active Directory) to wrap authentication around my app.
Accessing internal Database from Azure
As an on-premise IIS hosted web app, connecting to the SQL Server over the LAN is pretty straightforward. However, when the app is moved to Azure and the database remains on-prem, another method of accessing the database is required.
Azure Relay and Azure Hybrid Connections provide an easy access option.
Download and install Hybrid Connection Manager.
The first time this is done, the Hybrid Connection Manager UI displayed a “Not Connected” warning message. Restarting the HybridConnectionManager windows service could resolve this.
Create the hybrid connection in your app with these [instructions] (https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections#add-and-create-hybrid-connections-in-your-app)
Configure access to On-prem SQL Server from Azure Function
- Function App resource => Networking (in Settings section) => Outbound Traffic => Hybrid Connections => Add Hybrid Connection => Select existing hybrid connection
- Function App resource => Configuration => New connection string Server=tcp:MySqlServer,1433;Initial Catalog=master;Persist Security Info=False;User ID=[user];Password=[password];MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=True;Connection Timeout=30;
Initial Deployment to Azure
- Install Azure Resources extensions for VS Code.
- Select the new Azure menu item.
- Expand the App Services dropdown.
- Right click the App Services dropdown, select Add New App and enter the details requested by the wizard.
- After the wizrd completes, you should get a toast alert asking if you want to deploy the app - click Deploy.
- Click “Add config” button that is displayed - this will create a settings.json file containing the details for deployment ot the app service.
- Another toast alert will ask you to “Always deploy the workspace “your app’s workspace” to “your new app service” - click yes.
- After the deployment is completed, you will get another toast asking you if you would like to “Browse Website” - yes please.
Subsequent Deployments to Azure
Right-click the App Service for the maintenance app, Deploy to Web App Click the Deploy button in the pop-up warning.
Subsequent Deployments to Azure - Keyboard Shortcuts
F1 button Type aasdwa and select “Azure App Service: Deploy to Web App” Microsoft guidance
Development & Live Databases
While in development, the app is (hopefully) interacting with a test database, as defined in the appSettings.json file:
{
"ConnectionStrings": {
"LegacyDbConnectionString": "SERVER=LegacyServer;DATABASE=LegacyDb_TEST;User ID=userID;PASSWORD=userPassword;Encrypt=False;"
},
"AllowedHosts": "*"
}
In Azure portal, in the App Servive for the app, go to the Environment Variables screen and click Connection Strings. Add a new setting here, using the same name as the connection string in the appsettings file and point it towards your live database.
Authentication
I cannot believe how simple this was!
Follow these steps to simply and quickly add Azure AD authentication to the app.
And then to restrict access to the app to only those in the AD that should have access, I use the oh so easy approach described [here] (https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-restrict-your-app-to-a-set-of-users#update-the-app-to-require-user-assignment)