Category Archives: Azure

Azure and Let’s Encrypt certificate

In this post I will show you how to

  1. Create a sample .net core 3.0 website.
  2. Deploy a website to an Azure App Service.
  3. Assign a custom domain.
  4. Enable Let’s Encrypt certificate

Create a sample .net core 3.0 website

Startup Visual Studio 2019 and create a new project. Choose “ASP.NET Core Web Application” as your project template.

Create new ASP.NET Core web application

Press Create. Then choose “Web Application” .

Create an empty web application

Pres Create and Visual Studio opens with an overview screen of your new ASP.NET Core application. Press F5 to see it in action.

Now it is time to publish (or deploy) your (skeleton) application to Azure.

Deploy website to Azure

Deploying your website to Azure is simple. Right click on the solution and select Publish. Make sure App Service and Create New is selected and press Create Profile.

Publish a website to Azure

Now we have to fill in the details for the App Service. Please fill out the screen as you see fit.

Create a new App Service

Press Create and wait for the App Service to be created (this could take a while). When the window closes the App Service is created. Now it is time to publish the website to this app service. Press Publish

After a few moments the website is published and visual studio will start a new browser and open the website from the Azure environment.

As you can see the site has a domain name of “frubelen.azurewebsites.net”. Now it is time to assign our custom domain name to this site. After doing this we can send our browser to azure.frubelen.nl (for example) instead of the azure domain.

Assign a custom domain

Now we are going to assing our custom domain name. First of all you will have to decide if you want to assign the domain to the azure website or a subdomain.

If you want to assign the entire domain (not a subdomain) to this azure site you will have to create an A record at your dns provider. If you only want this azure site for a subdomain you should create a alias record, a CNAME record.

I have choosen to only send the subdomain azure.frubelen.nl to this site so I create a CNAME record at my DNS provider:

Create a CNAME record if you want to redirect a subdomain to azure

After changing your DNS registration it takes some time before all DNS servers have received this change. To check if DNS servers have received the change you could send your browser to https://digwebinterface.com/

Now go back to the azure portal and navigate to your App Service and select Custom Domains.

Press on “Add custom domain”. Fill in your subdomain to redirect to azure. In my example it is “azure.frubelen.nl”. Press Validate to let Azure retrieve the DNS records for the domain.

If the DNS servers are updated Azure will let you add the domain; press “Add custom domain”.

As you can see the domain is added. The next step is to secure our domain with a Let’s Encrypt certificate.

Enable Let’s Encrypt certificate

Now it is time to add the Let’s encrypt certificate to our domain. First of all you need a storage account. Let’s encrypt stores it certificate information on this storage account. Go to your resource group (mine is FRUBEL_RG) and press Add. Type “Storage account” and select the item from the dropdown. Press create. Type in a storage account name ( I will use letsencryptfrubelen). Press “Review and create” press “Create”.

Next navigate to the storage account just created and selected the keys “Access Keys” page.

Copy the connectionstring for Key you will need this later on. Now in the Azure portal go back to your App Service and select Configuration on the left navigation.

Now we are going to add 2 app settings to the app service. Both have as value the connection string to the storage account. Add the key AzureWebJobsStorage and AzureWebJobsDashboard.

First create a new App Registration. Select “Azure Active Directory”.

The select App Registration in the navigation on the left and then press “New Registration”.

Press Register. On the overview screen press “Add an application ID URI”. Then press “Add a scope”. Remove the default and fill in (in my case) “http://frubelen” and press “Save and Continue”.

Fill out the next screen as shown below and press Add Scope.

First, you need to install the Azure PowerShell module, which can be done though WebPI or the PowerShell Gallery.

Execute the Powershell commands below. It will create an App Registration in your Azure Active directory.

As you can see the site has a domain name of “frubelen.azurewebsites.net”. Now it is time to assign our custom domain name to this site. After doing this we can send our browser to azure.frubelen.nl (for example) instead of the azure domain.

Assign a custom domain

Now we are going to assing our custom domain name. First of all you will have to decide if you want to assign the domain to the azure website or a subdomain.

If you want to assign the entire domain (not a subdomain) to this azure site you will have to create an A record at your dns provider. If you only want this azure site for a subdomain you should create a alias record, a CNAME record.

I have choosen to only send the subdomain azure.frubelen.nl to this site so I create a CNAME record at my DNS provider:

Create a CNAME record if you want to redirect a subdomain to azure

After changing your DNS registration it takes some time before all DNS servers have received this change. To check if DNS servers have received the change you could send your browser to https://digwebinterface.com/

Now go back to the azure portal and navigate to your App Service and select Custom Domains.

Press on “Add custom domain”. Fill in your subdomain to redirect to azure. In my example it is “azure.frubelen.nl”. Press Validate to let Azure retrieve the DNS records for the domain.

If the DNS servers are updated Azure will let you add the domain; press “Add custom domain”.

As you can see the domain is added. The next step is to secure our domain with a Let’s Encrypt certificate.

Enable Let’s Encrypt certificate

Now it is time to add the Let’s encrypt certificate to our domain. First of all you need a storage account. Let’s encrypt stores it certificate information on this storage account. Go to your resource group (mine is FRUBEL_RG) and press Add. Type “Storage account” and select the item from the dropdown. Press create. Type in a storage account name ( I will use letsencryptfrubelen). Press “Review and create” press “Create”.

Next navigate to the storage account just created and selected the keys “Access Keys” page.

Copy the connectionstring for Key you will need this later on. Now in the Azure portal go back to your App Service and select Configuration on the left navigation.

Now we are going to add 2 app settings to the app service. Both have as value the connection string to the storage account. Add the key AzureWebJobsStorage and AzureWebJobsDashboard.

First, you need to install the Azure PowerShell module, which can be done though WebPI or the PowerShell Gallery.

Execute the Powershell commands below. It will create an App Registration in your Azure Active directory.

The commands above create an App Registration in the Azure Active Directory.

Next go to the App service and select Extensions in the left navigation. Add the Let’s encrypt extension. Press Add and search for “”

Select the Legal Terms item, press Ok and next press Ok to add the extension. Then select the Extension and press Browse. A new browser window will open in which you van configure Let’s encrypt.

Go to your App Service and select Configuration on the left navigation.

Add the following App Settings

letsencrypt:Tenant The name of the directory you are working in
letsencrypt:SubscriptionId The id of your subscription
letsencrypt:ResourceGroupName The name of the resource group
letsencrypt:ClientId This is the ApplicationId of the app service (in the powershell $app.ApplicationId)
letsencrypt:ClientSecret The password (clear text)

Now go to the extensions page of the App Service and select Let’s Encrypt

In the screen that opens press Browse.

Fill in connection strings for the storage account and press Next.

Press Next.

Select the domain you want a certificate for, fill in your email and press “Request and install certificate”.

Your certificate is requested and installed. Now open a browser and navigate to https://azure.frubelen.nl. There you go your site is secured with a SSL certificate.

Share

NET CORE 3.1 Cookie Authentication

In this short post I will show you how to implement Cookie authentication with Visual Studio 2019 and ASP.NET CORE 3.1.

Create a new project

In Visual Studio create a new .NET CORE Web Application project. Press Next

Configure the project

Give it a name, “BasicCookies” for example. Press Create.

Select Empty web application

Create a empty web application, press Create. This will create the solution structure as shown below.

In the generated startup.cs replace the entire Configure function with the code below.

Also replace the entire ConfigureServices function with the code below.

Now create a new folder “Controllers” and add a new class “HomeController” to it. Replace the entire generated contents with the code shown below. The code below shows that a user ClaimsPrincipal can have multiple identities coming from different sources.

As you can see we have three actions. Two action return the view for the given action and the third, Authenticate, returns to the Index view.

Create the Index view and the ProtectedPage view. As you can see the ProtectedPage view has an Authorize attribute. This means that we first have to authorize before we can access the view.

Create a new folder Views and within the Views folder create a folder Home. Right click on the new Home folder and select Add -> View.

Create a new razor view

Replace the entire file contents with the contents below. Do the same for the ProtectedPage view, replace the contents with something you will recognize as the protected page…

Now you can start debugging the site. When you start the web application the home page will show up. Once you navigate to https://localhost:[port]/home/protectedpage you will be redirected to the home page. The Authenticate method has authenticated you and a cookie is stored in the browser.

Your Homepage after pressing the Login link
Share

ASP.NET Core Tips and Quick Setup Identity System

In this blog post we are going to setup a basic invoice system. It uses the ASP.NET Core identity system. Every step for creating the app is described and at the end you should have a working Invoicing system (being it a bit simple one).

For convenience install the sqlitebrowser

If you did not already installed the dotnet-aspnet-codegenerator already….

And also install the libman Client Side library manage

Create the intial WebApp project

A folder, WebApp, with the new web application is created

Add the required package for the aspnet-codegenerator tool

Optional; add the package below manually so you use the newest version (not the one installed default by the aspnet-codegenerator)

In Visual Studio you can install the package as a nuget package through the Package Manager console with

Scaffold the Identity pages you want to change later on, for now we are going to use a SqLite database and override the Register, Login and Logout pages.

Before we are going to add the migrations we change the name (and location) of the database to dbs/identity.db (we will have separate databases for users and data).

Start Visual Code in the root of the WebApp directory.

Wait a few seconds for the window below to appear and answer Yes. If the window below does not appear press F1 and type “.NET”, then select “.NET: Generate assets for build and debug”.

Open the file appsettings.json in the root of the project and change WebApp.db to dbs/identity.db. Also create the folder dbsin the root of WebApp.

Now we are going to create the Migrations for the initial Identity database and update the database with this migration.

Create the initial migration for the identity system

Create the database

Check the databastructure with SQLite browser

Because we did not use the --auth parameter on initial create of the project our Startup.cs is not prepared to use authentication. Add the line below right after app.UseCookiePolicy

We also have to add the _LoginPartial to _Layout.cshtml because of this. Add the partial _LogingPartial to /Pages/Shared/_Layout.cshtml right before the ul which contains the Home link. Add the line below:

To test authorization place the [Authorize] attribute on the PrivacyModel class and add the using Microsoft.AspNetCore.Authorisation

It is possible to configure password options in /Areas/Identity/IdentityHostingStartUp.cs. For example: do not require an uppercase character in the password:

Now we are going to add our first CRUD pages. We are going to store Invoices with our application. First create a directory Models and place a file Invoice.cs in it with the following code in it:  

Scaffold model CRUD pages   Execute the command below:

The following files will be generated or adjusted:

In /Startup.cs the InvoiceDbContext is added to the services configuration
A directory /Pages/Invoice is created and all files in there are also generated
A directory /Data is created in which a file InvoiceDbContext.cs is stored with the data context for the invoices
The file appsettings.json is modified. A connection string is added for the InvoiceDbContext (we will change this below)

In case you are on Linux. Default the DbContext is using SqlServer, that is not supported on the Linux platform. Goto the file Startup.cs and replace SqlServer with SqLite for the InvoiceDbContext.

Next edit the file appsettings.json and replace the connection string value with "DataSource=dbs/invoices.db"

Next create the initial migrations and update the invoice database for the InvoiceDbContext.

Start the sqlitebrowser to check the structure of your database (/WebApp/dbs/invoice.db)

Now to protect our Invoices folder for unauthorized access add the code below to your services configuration (ConfigureServices) in Startup.cs

References and handy URL’s

This url was very helpfull

Aantekeningen nav ContosoUniversity  tutorial

Some common errors

dotnet restore gives 401 error

Update your credentials for nuget, first download the nuget cli. Next execute the command:

nuget.exe sources update -name RDW -source [url] -username [user] -password [pwd]

Retrieve your name and url with the command:
nuget sources

When you get the error “Scheme already exists: Identity.Application” you probably generated the Identity pages with a different context then ApplicationDbContext.

Build the solution (Ctrl-Shift-B, Enter) en start debugging F5. Navigate to the Privacy page and verify that you have to login before you can continue to this page.

In case you get error “PlatformNotSupportedException: LocalDB is not supported on this platform.” you probably generated the Identity pages with a different context then ApplicationDbContext.

Share