Category: App Services

All about application services for example, Azure App Service. Angular application, Microsoft .NET Core and EF

Cloud computing

Cloud computing is the on-demand delivery of IT resources over a network. In traditional data centers, compute and storage resources used to be allocated manually by a dedicated IT team. In the cloud, this process is fully automated, leading to increased agility and significant cost savings.

Types of clouds

Cloud types vary depending on who owns or operates them. It is also possible to use more than one cloud at a time in a hybrid or multi-cloud architecture.

Public cloud

Public clouds are owned and managed by a cloud service provider. All resources are shared between multiple tenants. Even though the public cloud market is dominated by three major players, hundreds of smaller public cloud providers exist all over the world and run their public cloud infrastructure on Ubuntu.

More about public clouds ›

Private cloud

A private cloud is owned by an organization or an individual. All resources are exclusively dedicated to a single entity or a service. It runs on the organization’s premises or in an external data center. It is managed by the organization’s operations team or a managed service provider.

More about private clouds ›

Managed cloud

Managed clouds are private clouds that are fully managed by a third-party organisation (aka managed service provider). The customer provides the hardware, but cloud operations and maintenance tasks are outsourced. The cloud can either run on the organisation’s premises or in the managed service provider’s data centre.

More about managed clouds ›

Micro cloud

Micro clouds are a new class of infrastructure for on-demand computing at the edge. They differ from the internet-of-things (IoT), which uses thousands of single machines or sensors to gather data, yet they perform computing tasks. Micro clouds reuse proven cloud primitives but with the unattended, autonomous and clustering features that resolve typical edge computing challenges.

More about micro clouds ›

Hybrid cloud

Hybrid cloud is a cloud computing architecture that consists of at least one public cloud, at least one private cloud and a hybrid cloud manager (HCM). It is one of the most popular trends in the IT industry, adopted by 82% of IT leaders, according to the Cisco 2022 Global Hybrid Cloud Trends Report.

More about hybrid clouds ›

Multi-cloud

Multi-cloud (also referred to as multi cloud or multicloud) is a concept that refers to using multiple clouds from more than one cloud service provider at the same time. The term is also used to refer to the simultaneous running of bare metal, virtualised and containerised workloads.

More about multi-cloud ›

Cloud computing models

Cloud computing services are usually available to end users in the form of three primary models. Those include infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) and software-as-a-service (SaaS). Some more specific use cases exist too, such as container-as-a-service (CaaS). However, in essence, they are a subset of the main three.

IaaS

In the IaaS model, you provision resources. Those include the number of virtual CPUs (vCPUs), the amount of RAM, storage, etc. They come in the form of VMs or containers with a pre-installed operating system (OS). You manage everything up from there. IaaS is the most common cloud computing model as it allows for more freedom.

PaaS

In the PaaS model, you provision workloads. While you are still responsible for delivering application code and data management, the PaaS platform takes care of scheduling resources (usually containers) and manages them, including the OS, middleware and runtime. The PaaS model has never been widely adopted due to its overall complexity.

SaaS

In the SaaS model, you provision applications. They are deployed from pre-defined templates and can be configured according to your needs. Everything is managed by the cloud provider. Interest in the SaaS model is constantly increasing as it allows for full automation from the ground up.

 Legacy data centreIaaSPaasSaas
ApplicationsYou manageYou manageYou manageCloud provider
DataYou manageYou manageYou manageCloud provider
RuntimeYou manageYou manageCloud providerCloud provider
MiddlewareYou manageYou manageCloud providerCloud provider
O/SYou manageYou manageCloud providerCloud provider
VirtualisationYou manageCloud providerCloud providerCloud provider
ServersYou manageCloud providerCloud providerCloud provider
StorageYou manageCloud providerCloud providerCloud provider
NetworkingYou manageCloud providerCloud providerCloud provider

Reference

https://ubuntu.com/cloud/cloud-computing

idTokenClaims vs accessTokenClaims

n the context of authentication, an “idtokenclaims” refers to the specific user identity information contained within an ID token, used primarily for verifying a user’s identity, while an “access token” grants authorization to access specific resources on a server, essentially acting as a key to access protected data based on the user’s permissions; meaning, an ID token tells you who the user is, while an access token tells you what the user is allowed to do.

Key differences: 

  • Purpose: An ID token is used for user authentication, displaying user information on the front-end like name and email, while an access token is used to authorize access to specific resources on a server. 
  • Claims: ID token claims usually include basic user information like name, email, and user ID, while access token claims specify the allowed scopes or permissions for a particular resource. 
  • Usage: A front-end application typically directly reads and displays information from an ID token, while an access token is sent with API requests to the server to verify authorization. 

Example:

  • ID token claim example: When you log in to a website, the ID token might contain your username and email address, which the website can display on your profile page. 
  • Access token claim example: If you want to access your private documents on a cloud storage service, the access token would specify your permission level (read only, read/write) to access those documents. 

Extending HttpClient With Delegating Handlers in ASP.NET Core

Delegating handlers are like ASP.NET Core middleware. Except they work with the HttpClient. The ASP.NET Core request pipeline allows you to introduce custom behavior with middleware. You can solve many cross-cutting concerns using middleware — logging, tracing, validation, authentication, authorization, etc.

But, an important aspect here is that middleware works with incoming HTTP requests to your API. Delegating handlers work with outgoing requests.

Read more here

https://www.milanjovanovic.tech/blog/extending-httpclient-with-delegating-handlers-in-aspnetcore

App Registration vs Enterprise Applications

All applications that get registered in AAD, in the tenant, two types of objects get created once the app registration is done.

  • Application Object
  • Service Principal Object

The Application Object is what you see under App Registrations in AAD. This object acts as the template where you can go ahead and configure various things like API Permissions, Client Secrets, Branding, App Roles, etc. All these customizations that you make to your app, get written to the app manifest file. The application object describes three aspects of an application: how the service can issue tokens in order to access the application, resources that the application might need to access, and the actions that the application can take.

The Service Principal Object is what you see under the Enterprise Registration blade in AAD. Every Application Object (created through the Azure Portal or using the Microsoft Graph APIs, or AzureAD PS Module) would create a corresponding Service Principal Object in the Enterprise Registration blade of AAD. A service principal is a concrete instance created from the application object and inherits certain properties from that application object. A service principal is created in each tenant where the application is used and references the globally unique app object. The service principal object defines what the app can actually do in the specific tenant, who can access the app, and what resources the app can access.

Similar to a class in object-oriented programming, the application object has some static properties that are applied to all the created service principals (or application instances).

You can read more on the following objects here: https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals

Reference

https://learn.microsoft.com/en-us/training/modules/implement-app-registration/2-plan-your-line-business-application-registration-strategy