The Right Way of Implementing E2E in Azure

Introduction

Modern enterprise app development covers not only efficient secured working apps but also several non-functional requirements such as application availability monitoring, performance monitoring, service availability and application logging for better maintenance and support of the application. These non-functional and functional requirements could be well supported by the Microsoft Azure platform. In this blog, we will cover end to end flow of the web app using Azure infrastructure such as Azure AD B2C, App service, Azure Monitor, Application Insights, Logic App and APIM.

High Level Flow Diagram for the Web App

What is Azure AD B2C and its purpose?

Azure AD B2C is a separate service from Azure Active Directory (Azure AD). It is built on the same technology as Azure AD but for a different purpose. It allows businesses to build customer-facing applications, and then allow anyone to sign up for those applications with no restrictions on user accounts.

It is widely being used at the enterprise level as it provides a platform for any business or individual who wishes to authenticate end-users to their web/mobile applications using a white-label authentication solution. Apart from authentication, Azure AD B2C service is used for authorization, such as access to API resources by authenticated users.

In our case study hereafter, the request clears the firewall IP restrictions, being redirected to AD B2C by the App Gateway. The Azure AD B2C is authenticating the user using the credential and thus generating the token, guid etc.

What is APIM and how it can be used?

Azure API Management (APIM) provides a way to develop consistent and modern API gateways for existing back-end services.

API Management helps organizations publish APIs to external, partner, and internal developers to effectively provide the platform which unlocks the potential of their data and services. Enterprises everywhere are working in an agile environment to extend their operations as a digital platform, creating new channels, finding new customers and driving deeper engagement with existing ones. API Management provides the core competencies such as developer engagement, business insights, analytics, security, and protection which ensure a successful API program. In our case here, we are using Azure API Management to take the backend service and launch a full-fledged API program based on it.

Securing the app with APIM?

In our study, we are using the AD B2C to generate the valid token after authentication. This token needs to be validated at the APIM layer as the app makes the relevant call to the APIM endpoint.

Using the APIM policies and XML tags such as <validate-jwt> in APIM, we can validate the JWT token. Also, to better secure the app, we can use the XML tag such as <rewrite-uri> which can hide the actual URL from the frontend user.

Furthermore, APIM also provides features such as Limit call rate (by subscription or by key), which we are using in our case study architecture here.

Example : In the following example, the rate limit of 10 calls per 60 seconds is keyed by the caller IP address. After each policy execution, the remaining calls allowed in the time period are stored in the variable remainingCallsPerIP

<policies>
<inbound>
<base />
<rate-limit-by-key calls=”10"
renewal-period=”60"
increment-condition=”@(context.Response.StatusCode == 200)”
counter-key=”@(context.Request.IpAddress)”
remaining-calls-variable-name=”remainingCallsPerIP”/>
</inbound>
<outbound>
<base />
</outbound>
</policies>

For more details:

Azure API Management access restriction policies

Logic App and its use in the flow?

Azure Logic Apps provide a way to simplify and implement scalable integrations and workflows in the cloud. It provides a visual designer to model and automates your process as a series of steps known as a workflow. Logic Apps allow developers to design workflows that articulate intent via a trigger and series of steps, each invoking an App Service API app whilst securely taking care of authentication and best practices like durable execution.

In our case scenario here, we are using the logic app workflow in our architecture diagram because the response data coming from the backend service needs to be modified and then consumed by the frontend application. The logic app workflow here provides a simple way to develop and manage flow that helps us to change the structure of the response while also adding custom fields to the response. The alternative here could be to use Azure Functions, but that depends on the specific use case scenario.

Benefits of using Application Insights

Application Insights is an Azure performance management service mainly for web applications that enables you to do all the monitoring of your website performance in Azure.

It is beneficial in our case here as it also provides a powerful analytic tool that helps to diagnose issues and gain an understanding of how people are using your web application. It helps us to meet our non-functional requirements such as website availability, performance standards and alerting in case of any issues. We can create up to 100 availability tests per Application Insights resource.

Some of the tests which we may use in our case are:

• Monitoring availability with URL Ping Tests validates whether an endpoint is responding using an advanced HTTP request. Measures the performance associated with this response. Able to set custom success criteria.

• Similar to URL Ping Tests, Azure offers Standard Tests (Preview). In addition to validating whether an endpoint is responding and measuring the performance, Standard tests also include SSL certificate validity, proactive lifetime check, HTTP request verb (for example GET,HEAD,POST, etc.), custom headers, and custom data associated with your HTTP request.
• Reporting — Availability alerts to application insights. We can use an SLA workbook as a way to calculate and report SLA (service-level agreement) for Web Tests through a single pane of glass across your Application Insights resources and Azure subscriptions. The Downtime and Outage report provide powerful pre-built queries and data visualizations to enhance your understanding of your customer’s connectivity, typical application response time, and experienced downtime.
• Application Insights offer Proactive Diagnostics for monitoring performance “So for example, if there’s a failure in one of the services you depend on, or if the new build you just deployed isn’t working so well, then you’ll know about it as soon as you look at your email.” The Live Metrics Stream offered allows us to see metrics such as latency and also a way to inspect failures etc. Application Map automatically discovers your application topology, laying the performance information on top of it, to let you easily identify performance bottlenecks and problematic flows across your distributed environment.

Conclusion

This 5 to 6 minutes article intended to give you an understanding of the development and end to end implementation in an Azure environment. This article suggests an architectural flow which could be used by various enterprises for their projects. Although here I have tried to focus on some of the best tools provided by the Azure, the actual implementation is certainly based on the use case and business scenario.

About the Author:
Siddhant Kandoi is a Full Stack Engineer here at Version 1.