Aspect Oriented Programming Using Castle Windsor
Friday, 28 March 2014
If for some reason you have the need to manage App Services in Azure using C# then this post will show you how to do that. I'll cover authenticating with Azure & using the Microsoft Azure Website Management Library to create a website in Azure. Being able to manage your Azure resources using code can be useful in some situations but all resources can also be managed using the azure PowerShell modules. So, before you go down this route, make sure you've checked out the PowerShell module.
If you're just here for the answers, click the link below to go to the source for this example on GitHub. You will still need to create an application with the required permissions in the Azure Portal.
Microsoft Azure Management Libraries
The Microsoft Azure Management Libraries wrap the functionality provided by the Azure Service Management REST API. These libraries give developers the ability to provision and manage various Azure resources in any .NET application. There are over 100 different libraries available in nuget, the one we need to manage websites is called Microsoft.Azure.Management.Websites
We also need to be able to create resource groups for our website so we will also need Microsoft.Azure.Management.ResourceManager
To keep things simple for this post, we will just create a simple console app that will create an App Service plan, App Service and a resource group. You will need to have an azure account to follow along so sign up for one if you don't have one available.
Create client application in Azure
Before we write any code, we need to register a client for our application with the Azure active directory. Follow the steps below to register a client application.
- Log onto the Azure Portal
- Select Azure Active Directory
- If you can't see this in the left-hand panel, select all services then search for Azure Active Directory
- In the Active Directory menu select the app registrations menu option
- Select new application
- Click new registrations then enter a suitable name then hit create. For the purpose of this sample we don't need a redirect URI.
- Once the app has been created, you will be redirected to its overview screen. Take note of the Application client ID & Directory tenant ID
- In the Certificates & Secrets section generate a new client secret then take note of it. We need this later to authenticate with Azure.
Assign roles to application
Now that our application has an identity in Azure, we need to assign roles that will give it permissions to manage web resources.
- In the Azure portal, select subscriptions
- If you can't see this in the left-hand menu, select all services then search for subscriptions
- Take note of the subscription ID of the subscription you created the application in then select the subscription
- Select the Access Control (IAM) menu option then select role assignments
- In the top bar click the Add button to add a new role assignment
- We need to give our application the contributor role
- Select the role in the role dropdown then find the identity for our app using the search box:
Granting an application the contributor role is probably not the best thing to do as it means this app will have permissions to do anything with any type of resource. Currently there is no role that allows applications to create/manage resource groups. So, this is the only way to give an app permission to do so.
In order to manage websites, the application will need the following roles
Web Plan Contributor Role - Allows our app to create app services plans
Website Contributor - Allows our app to create websites.
A full list of roles and their uses can be seen here - https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Creating the application
Our application now has an identity in Azure and roles assigned to that identity that will let it do the following things:
- Create a resource group
- Create an app service plan
- Create a website.
We also have the client ID, tenant id, subscription id & client secret which will allow us to authenticate with the Azure API using the client libraries. Now we can write the code to do the work to create our site.
Before we can create any resources in Azure, we need to get an auth token which will be passed along with our requests.
- Start visual studio then create a new console application with an appropriate name
- First, we will add a reference to the following nuget packages
- Azure.Management.Websites - Allows you to manage Azure websites
- Azure.Management.ResourceManager - Allows you to manage resource groups
- IdentityModel.Clients.ActiveDirectory - Allows you to authenticate with Azure Active directory
- Next we can create variables for the information we need to authenticate with Azure AD. Create 4 variables to store the Subscription, tenant, client Ids & secret
- Copy the method below into your program.cs file
- The method will request an access token using our applications client id and secret
Creating resource group, app service plan and website
Now that we have a method to authenticate with Azure, we can add code to create the resources.
- Replace the main method with the following