services	platforms	author
government	aspnetcore2.1	yujhong

Azure Government PaaS Sample

This sample shows how to build an ASP.NET Core 2.0 MVC web application that uses Azure AD for sign-in using the OpenID Connect protocol, reads from and writes to an Azure SQL Database, writes to a Queue in Azure Storage, and uses a Redis Cache.

How To Run This Sample

Getting started is simple! To run this sample in Azure Government you will need:

• An Azure Active Directory (Azure AD) tenant in Azure Government. You must have an Azure Government subscription in order to have an AAD tenant in Azure Government. For more information on how to get an Azure AD tenant, please see How to get an Azure AD tenant
• A user account in your Azure AD tenant. This sample will not work with a Microsoft account, so if you signed in to the Azure Government portal with a Microsoft account and have never created a user account in your directory before, you need to do that now.

To run locally you will additionally need:

• Install .NET Core 2.1.0 or later.
• Install Visual Studio 2017 version 15.3 or later with the following workloads:
  • ASP.NET and web development
  • .NET Core cross-platform development

Run and Test Sample in Azure Government

Step 1: Register the sample with your Azure Active Directory tenant

1. Sign in to the Azure Government portal.

2. On the top bar, click on your account and under the Directory list, choose the Active Directory tenant where you wish to register your application.

3. Click on More Services in the left hand nav, and choose Azure Active Directory.

4. Click on App registrations and choose Add.

5. Enter a friendly name for the application, for example 'Inventory App' and select 'Web Application and/or Web API' as the Application Type. For the sign-on URL, enter a temporary placeholder - for example, https://mywebapp/signin-oidc.

   [!Note] We will change this URL later after creating the web application and deploying to Azure Government.

   Click on Create to create the application.

6. While still in the Azure portal, choose your application, click on Settings and choose Properties.

7. Find the Application ID value and copy it to the clipboard.

8. Find and save your Azure AD Domain name found at the top of the Overview Page under Azure Active Directory.

Step 2: Deploy Resources to Azure Government

After clicking on the "Deploy to Azure Gov" button below, you will be prompted with a ARM deployment template in the portal. Fill in the values for your AAD client id and domain name with the values saved in step 7 and 8 in the previous section. Enter the name of your choice for the App plan name parameter, and click create.

Step 3: Configure Reply Uri for AAD application

1. After your resources have finished deploying, navigate to the web app and copy the url.
2. In the Azure Government portal navigate to Azure Active Directory and click on App Registrations. Click on the App that you have registered for this sample and navigate to Settings -> Reply URLs.
3. Edit the Reply url to be "/signin-oidc".

Now you should be able to navigate to your web app, login, and start testing!

Run and Test Sample Locally

Step 1: Clone or download this repository

From your shell or command line:

`git clone https://github.com/Azure-Samples/azure-gov-paas-sample.git

Step 2: Register the sample with your Azure Active Directory tenant

The project in this sample needs to be registered in your Azure AD tenant.

Register the InventoryApp web application

1. Sign in to the Azure Government portal.

2. On the top bar, click on your account and under the Directory list, choose the Active Directory tenant where you wish to register your application.

3. Click on More Services in the left hand nav, and choose Azure Active Directory.

4. Click on App registrations and choose Add.

5. Enter a friendly name for the application, for example 'Inventory App' and select 'Web Application and/or Web API' as the Application Type. For the sign-on URL, enter the base URL for the sample, which is by default http://localhost:57062/signin-oidc.

   [!Note] We will change this URL later after creating the web application and deploying to Azure Government.

   Click on Create to create the application.

6. While still in the Azure portal, choose your application, click on Settings and choose Properties.

7. Find the Application ID value and copy it to the clipboard.

8. For the App ID URI, enter https://<your_tenant_name>/InventoryApp, replacing <your_tenant_name> with the name of your Azure AD tenant.

Step 3: Configure the sample to use your Azure AD tenant

Azure Government Variations

The only variation when setting up AAD Authorization on the Azure Government cloud is in the AAD Instance:

• "https://login.microsoftonline.us"

Configure the InventoryApp project

1. Open the solution in Visual Studio 2017.
2. Open the appsettings.json file.
3. Find the Authentication section. We will be filling out the properties with your AAD tenant information.
4. Find the ClientId property and replace the value with the Client ID for the InventoryApp from the Azure Government portal. We can find the Client ID by navigating to AAD -> App Registrations -> InventoryApp -> Application ID.
5. Find the TenantId property and replace the value with the Tenant ID for the InventoryApp from the Azure Government portal. We can find the Tenant ID by navigating to AAD -> Properties -> Directory Id.
6. Find the Domain property and replace the value with ".onmicrosoft.com".
7. Open the startup.cs file.
8. The services.AddAuthentication method is where the AAD authentication is added.

Step 4: Connect to Azure SQL Database

Azure Government Variations

The only variation lies in the endpoint suffix when connecting to your Azure SQL Database:

• "database.usgovcloudapi.net"

Note

If you clicked on the "Deploy to Azure Government" button, you can skip step 1.

1. Navigate to the Azure Government Portal and create an Azure SQL Server and Database. Make sure you save your server admin and password.
2. Now we must create the table that the application will write to. In this project find the "ProductTable.sql" file and run the query on your Azure SQL Database (using a SQL Server tool such as SQL Server Management Studio).
3. Open the appsettings.json file and navigate to the Connection Strings section.
4. Find the DefaultConnection property and replace the value with your Azure SQL Server connection string. In order to get the connection string, go to the Portal and navigate to your SQL Database -> connection strings. Grab the "primary" connection string and replace the User Id and Pasword properties with your server admin and password.

Step 5: Connect to Azure Storage

Azure Government Variations

The only variation lies in the endpoint suffix when connecting to your Azure Government storage account.

• "core.usgovcloudapi.net"

Note

If you clicked on the "Deploy to Azure Government" button, you can skip step 1.

1. Navigate to the Azure Government Portal and create an Azure Storage account. Once your storage account has been provisioned navigate to the Access Keys section on Storage Accounts and copy the access Key. Go back to your Storage Account in the portal and add a queue.

2. Open up the appsettings.json file and navigate to the Storage section. Fill out the AccountName property with the name of your storage account.

3. Fill out the AccountKey property with the name of the access Key for your storage account, which can be accessed through the portal.

4. Open up the Startup.cs file, and navigate to the ConfigureServices method. Here you can see that Azure storage was configured and connected to the application.

5. Open up the ProductsController.cs file. Navigate to the Restock method. Replace the <nameofQueue> tag with the name of your queue.

Step 6: Connect to Redis Cache

Azure Government Variations

The only variation lies in the endpoint suffix when connecting to your Redis Cache in Azure Government.

• "redis.cache.usgovcloudapi.net"

Note

Even if you clicked on the "Deploy to Azure Government" button, you must still provision a redis cache by following these steps.

1. Navigate to the Azure Government Portal, Click on the "New" button and type in "Redis Cache". Click "create" to provision your redis cache.
2. Click on your redis cache and navigate to the "Access Keys" section. Copy your Primary Connection String.
3. Open up the Appsettings.json file. Navigate to the ConnectionStrings section and replace the value for RedisConnection with your primary connection string.
4. Open up the ProductsController.cs file and navigate to the Restock and RestockList methods. The Restock method is writing the names of the items that need restocking to the cache, and the RestockList method is retrieving the stored names from the cache and displaying them.

Step 7: Run the sample

Once you have gone through all of the steps above, you are ready to run your sample.

1. Navigate to the Azure Government portal and click on "Azure Active Directory" -> "App Registrations -> InventoryApp -> Reply URLS. Make sure the reply url is "http://localhost:57062/signin-oidc".
2. Run the sample on Visual Studio, and you should see the Microsoft login page appear. Make sure to login with the credentials for the tenant that you registered the app with.
3. After logging in, you should see the InventoryApp main page. You should be able to create, edit, and delete items.
4. If an item has the quantity of 0, the item will be written to your queue. You can see that this was done succesfully by using the Azure Storage Explorer or looking at your queue through the portal.
5. The items with quantity 0 are also written to the redis cache, and when you click on the "Products to Restock" button the items will be read from the cache and displayed on the page.