This step 2 of 10 in the post-serie “How-To: How installing a secure Service Azure Fabric Cluster (ASF) with Azure Resource Management (ARM) Template”. In this step we will register the Service Fabric Application in Azure Active Directory (AAD) and create the AppKey. It regards here SF application(s) which you have build yourself. In mine screenshots you will see the name “DeviceRegistration” as mine custom build application.
This step is necessary so we can orchestrate which SF application is allowed to call which SF application which is running on the Service Fabric Cluster.
|Overview of the steps|
|01.||Create and import the certificates|
|02.||[Current] Register SF Application in AAD and create AppKey|
|03.||Generate encrypted AppKey|
|04.||Lookup the service principles|
|05.||Create the Key Vaults with ARM|
|06.||Adjust the SF Application settings|
|07.||Upload certificates to Key Vault|
|08.||Register the Service Fabric System Applications|
|09.||Install SF Cluster with ARM|
Step 02: Register Service Fabric Application in AAD and create AppKey
In the Azure portal, it is necessary to register the Service Fabric applications (e.g. Web API’s). When an application is registered, it has an ApplicationId and a ServicePrinciple ObjectID, you need these IDs later in one of the following steps.
- Open your browser and go to http://portal.azure.com
- Go to Azure Active Directory.
- Go to App Registrations.
- Click on “New application registration”
- Sign-On URL don’t have to be an existing URL. A valid Uri will do.
- After creation, you can see the ApplicationId in the overview/properties blade.
- It is also necessary to create an AppKey for the application, this can be done by clicking on KEYS in the settings blade of the application.
Lookup Service Principle of the created application
We also have to look up the Service Principle of the application created, there are 2 ways to do that:
- Method 1: Go to Powershell and execute the command ‘Get-AzureRMADServicePrincipal’ and find for every Application that you registered the objectId of the ServicePrinciple and remember this ID together with the applicationId. When you have multiple Azure subscriptions, you have to execute several commands,. In mine case:
Select Azure Subscription
- Login with the same credentials, you use for http://portal.azure.com. (In mine case the popup keeps popup, I clicked it away). Result will look like this.
- When you are not in the correct subscription, then you have to select the correct subscription. Run command:
You will see an overview of all the subscriptions which are connected to your login.
- Select the correct subscription with the command:
Select-AzureRmSubscription -SubscriptionName ‘<name of subscription>’.Now you are switched to the correct Azure subscription. If you want to verify if you are in the correct subscription you can run command
- Method 2: The Service Principle ObjectId can also be found with portal. In de overview blade, click on the link below ‘Managed application in local directory’.
ATTENTION: In the overview/property blade there is also an ObjectID mentioned this is NOT the ID we are looking for!
In the blade that opens (Enterprise Application) click on PROPERTIES and the you both see ApplicationId and ObjectId of the Service Principle.
Repeat this for all applications
- Repeat the actions “Add Application”, “Create AppKey” & Lookup Service Principle of the create application for all Service Fabric Applications you made.
Next step: Step 03 – Generate Encrypted AppKey