In this first part we will see how to setup our Azure account to start working with Azure Resource Manager and be able to automatically deploy new web apps & databases.
Certainly is not a quirk. Think about a backend setup mean to be multitenant. A backend where new customers are being added constantly, each one isolated from the others with its own users and permissions but with the same feature set.
The most important thing in an environment like that is to comply with some security requisites:
- Data isolation.
- Availability isolation.
- Scalability isolation.
- Cost isolation.
To success with these requisites we can use one of the newest features available in Azure: Azure Resource Manager (ARM). ARM allows us to create multiple deployments of a Web App and it database from the code of our app.
There are multiple ways of creating a multitenant backend, you can use a single Web API and different databases for example, or multiple Web APIs each with its own database like what we are doing in this article. There is not a silver bullet, but for our case, this is what we think will work best and gives us all the features we need.
Let take a look at how to create an automated deployment with C# and ARM.
To complete this task you would need some tools, be sure to have it installed before start:
- Azure account. (if you don’t have one, get a free trial here.
- Visual Studio 2015.
- Windows PowerShell.
- About 40 minutes of your time.
To work with ARM you would need to create an Active Directory (AD) application in your Azure account. You can do this using Azure portal or directly using PowerShell. But using PowerShell is more direct and easy:
Look in your desktop for Windows PowerShell ISE.
Open it and follow these steps to create a new application for the AD:
First, sign in with your user executing “Add-AzureRmAccount”. Your account need to have admin rights to continue so be sure to use the right account:
After the sign in, PowerShell will show the next values, the most important values here are the TenantId and SubscriptionId values who we will need in next steps.
Now we can create the application. To make it easy to reuse the application in next steps, you can store it in a variable. Simply execute this command to create the application:
$azureAdApplication = New-AzureRmADApplication -DisplayName "applicationAD" -HomePage "https://www.applicationAD.org" -IdentifierUris "https://www.applicationAD.org" -Password "<the sign in account password>"
Here DisplayName, HomePage and IdentifierUris are defined by you to identify your new Application in the Active Directory of your Azure Account.
After executing that command, the new application should be created and the $azureAdApplication variable should contain it. The important property of it is the ApplicationId:
To be able to assign permissions to your new AD application, you will need to create an application linked service, using the ApplicationId value we get before in the $azureAdApplication variable:
New-AzureRmADServicePrincipal –ApplicationId $azureAdApplication.ApplicationId
Now you can give permissions to the new application linked service to be able to create resource groups and deploy web apps, databases or anything we need. The least permission level we can use is the “Contributor” one. Again, you can use the $azureAdApplication variable to get the ApplicationId needed in this step:
New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $azureAdApplication.ApplicationId.Guid
Now you have a valid application in your AD that will allow you to use Azure Resource Manager to deploy new services from C# code.
In the next article you will learn how to create ARM templates, and how to invoke them from your C# code to trigger the deployment, how to read the results and use the new web apps.
See you on the next one! Happy Coding!