All geek questions in one place

How to enable application authentication and login to the control unit using the ARM template?

How to enable authentication and registration in the application using the ARM template?

Hi everyone, I have a question that I want to activate authentication of application applications for anonymous requests, as well as logging everything that can happen on a website into a storage notepad through a resource template. What should I add to the template-json file for this?

thanks for any help

Edit:

I learned something. it works with this fragment, but these are incorrect settings

"properties": { "name": "<#= website.Name #>", "siteConfig": { "alwaysOn": true, "siteAuthEnabled": true, "siteAuthSettings": null, "httpLoggingEnabled": true, "logsDirectorySizeLimit": 35, "detailedErrorLoggingEnabled": true },

now it looks like this:

enter image description here

but here is what it should look like:

enter image description here

+5
source share
3 answers

According to your scenario, I deployed my ARM template to enable application logging and web server logging using Blob repository, enable application service authentication and allow anonymous requests for my web application. Here are some detailed steps you can link to.

1.Create an Azure Resource Group project and add a web application template;

2. Add the configuration "MONITORING> Diagnostic Logs" as follows:

3.Add the setting "SETTINGS> Authentication / Authorization" as follows:

4. Deploy the web application and test it on the Azure Portal:

Here is my .json site, you can link to it.

 { "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "hostingPlanName": { "type": "string", "minLength": 1 }, "skuName": { "type": "string", "defaultValue": "F1", "allowedValues": [ "F1", "D1", "B1", "B2", "B3", "S1", "S2", "S3", "P1", "P2", "P3", "P4" ], "metadata": { "description": "Describes plan pricing tier and capacity. Check details at https://azure.microsoft.com/en-us/pricing/details/app-service/" } }, "skuCapacity": { "type": "int", "defaultValue": 1, "minValue": 1, "metadata": { "description": "Describes plan instance count" } } }, "variables": { "webSiteName": "[concat('webSite', uniqueString(resourceGroup().id))]" }, "resources": [ { "apiVersion": "2015-08-01", "name": "[parameters('hostingPlanName')]", "type": "Microsoft.Web/serverfarms", "location": "[resourceGroup().location]", "tags": { "displayName": "HostingPlan" }, "sku": { "name": "[parameters('skuName')]", "capacity": "[parameters('skuCapacity')]" }, "properties": { "name": "[parameters('hostingPlanName')]" } }, { "apiVersion": "2015-08-01", "name": "[variables('webSiteName')]", "type": "Microsoft.Web/sites", "location": "[resourceGroup().location]", "tags": { "[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]": "Resource", "displayName": "Website" }, "dependsOn": [ "[resourceId('Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]" ], "properties": { "name": "[variables('webSiteName')]", "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('hostingPlanName'))]" }, "resources": [ { "name": "logs", "type": "config", "apiVersion": "2015-08-01", "dependsOn": [ "[resourceId('Microsoft.Web/sites/', variables('webSiteName'))]" ], "tags": { "displayName": "websiteLogs" }, "properties": { "applicationLogs": { "fileSystem": { "level": "Off" }, "azureTableStorage": { "level": "Off", "sasUrl": null }, "azureBlobStorage": { "level": "Error", "sasUrl": "https://{your-storageaccount-name}.blob.core.windows.net/{container-name}?{sasToken}", "retentionInDays": null } }, "httpLogs": { "fileSystem": { "retentionInMb": 35, "retentionInDays": null, "enabled": false }, "azureBlobStorage": { "sasUrl":"https://{your-storageaccount-name}.blob.core.windows.net/{container-name}?{sasToken}", "retentionInDays": null, "enabled": true } }, "failedRequestsTracing": { "enabled": true }, "detailedErrorMessages": { "enabled": true } } }, { "name": "authsettings", "type": "config", "apiVersion": "2015-08-01", "dependsOn": [ "[resourceId('Microsoft.Web/sites/', variables('webSiteName'))]" ], "tags": { "displayName": "websiteAuthSettings" }, "properties": { "enabled": true, "httpApiPrefixPath": null, "unauthenticatedClientAction": 1, "tokenStoreEnabled": true, "allowedExternalRedirectUrls": null, "defaultProvider": 0, "clientId": null, "clientSecret": null, "issuer": null, "allowedAudiences": null, "additionalLoginParams": null, "isAadAutoProvisioned": false, "googleClientId": null, "googleClientSecret": null, "googleOAuthScopes": null, "facebookAppId": null, "facebookAppSecret": null, "facebookOAuthScopes": [ "" ], "twitterConsumerKey": null, "twitterConsumerSecret": null, "microsoftAccountClientId": null, "microsoftAccountClientSecret": null, "microsoftAccountOAuthScopes": [ "" ] } } ] } ] }

Alternatively, you can get configurations from resources.azure.com . Here is a screenshot for you to better understand the ARM pattern:

enter image description here

+3
source

WebApp logging and authentication can be enabled using the following resources in your template

  { "apiVersion": "2015-08-01", "name": "logs", "type": "config", "location": "[resourceGroup().location]", "dependsOn": [ "[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]" ], "properties": { "applicationLogs": { "fileSystem": { "level": "off" }, "azureTableStorage": { "level": "off", "sasUrl": null }, "azureBlobStorage": { "level": "off", "sasUrl": null, "retentionInDays": null } }, "httpLogs": { "fileSystem": { "retentionInMb": 35, "retentionInDays": null, "enabled": true }, "azureBlobStorage": { "sasUrl": null, "retentionInDays": null, "enabled": false } }, "failedRequestsTracing": { "enabled": true }, "detailedErrorMessages": { "enabled": true } } }, { "apiVersion": "2015-08-01", "name": "authsettings", "type": "config", "location": "[resourceGroup().location]", "dependsOn": [ "[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]" ], "properties": { "enabled": false, "isAadAutoProvisioned": false } }

If you are not sure what values ​​should be in the template. Do the following:

  • Providing a web application through a portal
  • Enable required settings
  • Go to https://resources.azure.com/ and check how the template is configured for your web application.
  • Make changes to your json file template
+1
source

Write down all things

You can enable diagnostic logging ( https://docs.microsoft.com/en-us/azure/app-service-web/web-sites-enable-diagnostic-log ) for your application and add it to your website applications following this guide https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-enable-diagnostic-logs-using-template

For a general registration solution that helps keep track of (almost) everything that happens on the Application Services website, you can use Application Insights (AI). You can add Application Insights to your ARM template by following this article https://docs.microsoft.com/en-us/azure/application-insights/app-insights-powershell#create-an-azure-resource-manager-template . This will help you configure the AI ​​for your website and identify any specific tracking and telemetry that you want to register.

This is basically what you need to add to your ARM template in order to add AI to the App service:

  "resources": [ { "apiVersion": "2014-08-01", "location": "[parameters('appLocation')]", "name": "[parameters('appName')]", "type": "microsoft.insights/components", "properties": { "Application_Type": "[parameters('applicationType')]", "ApplicationId": "[parameters('appName')]", "Name": "[parameters('appName')]", "Flow_Type": "Redfield", "Request_Source": "IbizaAIExtension" } }, { "name": "[variables('billingplan')]", "type": "microsoft.insights/components/CurrentBillingFeatures", "location": "[parameters('appLocation')]", "apiVersion": "2015-05-01", "dependsOn": [ "[resourceId('microsoft.insights/components', parameters('appName'))]" ], "properties": { "CurrentBillingFeatures": "[variables('pricePlan')]", "DataVolumeCap": { "Cap": "[parameters('dailyQuota')]", "WarningThreshold": "[parameters('warningThreshold')]", "ResetTime": "[parameters('dailyQuotaResetTime')]" } } }, "__comment":"web test, alert, and any other resources go here" ]

Of course, you need to provide values ​​for all parameters and variables based on the price plan and quotas that you want to set.

Then you can configure Continuous Export ( https://docs.microsoft.com/en-us/azure/application-insights/app-insights-export-telemetry ) from AI to export all registered telemetry to a separate Azure Storage unit for long-term storage your registered data. Unfortunately, you cannot configure Continuous Export from the ARM template, but it will be available soon: https://visualstudio.uservoice.com/forums/357324-application-insights/suggestions/13718607-enable-programatic-configuration-of-continuous -exp

Authenticate all things

Configuring authentication in the App service, you can specify authentication settings as properties for your WebSite resource. I suggest you start by setting up your desired authentication model using a portal or PowerShell first, and then extract the template from the resulting deployment https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export -template as the actual properties and values ​​for the set are not documented.

Creating an ARM template from a portal

You can make all the changes on your website, configure the diagnostics directly on the portal, and then extract the template that reflects what is currently deployed in this resource group.

Just go to your resource group and select the β€œAutomate” script, this will extract the template definition. It may not be the most beautiful template or the best structured, but it will contain your deployment (unless it shows a warning for some resources).

Azure Portal Resource Group> Automation script

0
source

Source: https://habr.com/ru/post/1263259/

More articles:


All Articles