Question

shiv455 on Fri, 05 Sep 2014 06:51:17


HI,

     Is it possible to invoke the WebAPI controller actions of the custom resource provider api from a custom UI

other than admin and tenant portal UI extensions.

As the custom resource provider api will be deployed as a service in IIS, once the msi is installed.

if yes please lemme know if there is any best practice to invoke the custom resource provider api from custom UI..if possible with a code snippet ..




Sponsored



Replies

Manesh Raveendran on Fri, 05 Sep 2014 07:24:27


Even UI don't call the custom resource provider API directly. They always get routed through tenant API or Admin API. So you should be able to construct the request based on the original configuration provided (while registering the RP) and hit the tenant API / Admin API to get it invoked.

[TenantSourceUriTemplate]  : {subid}/services/storagesample/{*path}
[TenantTargetUriTemplate]  : subscriptions/{subid}/{*path}
Above is the storage sample (https://github.com/terawe/WindowsAzurePack) RP registration information. If you are hitting the tenant API you can post request to "{subid}/services/storagesample/{*path}" in tenant API endpoint and it should get routed storage API.


shiv455 on Tue, 14 Oct 2014 21:05:39


when im trying to browse the customresource provider from inetmgr as below

http://localhost:30666/admin/vmsizes or

http://<myservername>:30666/admin/vmsizes

im able to get the json data...So if i replace the localhost with the server name it is accessble to anyone rt??

but when i tried browsing the below url in any other rmachine

http://<myservername>:30666/admin/vmsizes

im getting error like This webpage is not available

So how can i invoke these apis from any other UI application,

do i need to build the proper uri to invoke tenant api/admin api and invoke from my custom UI??

so that the tenant /admin apis will inturn call the custom resource provider api

if yes how it validates my admin api calls ??

where as for tenant api there is anyway valid subscription id needs to passed from my custom UI

Manesh Raveendran on Wed, 15 Oct 2014 19:31:46


You can't access your RP API directly from other applications. Always you will have to go through Admin API or Tenant API.

There is a message flow diagram I have put together at http://manesh.me/2014/10/07/troubleshoot-message-flow-for-windows-azure-pack/.

Instead of browser, it will be your external application calling through Admin/Tenant API to get data back from your RP API.

shiv455 on Thu, 16 Oct 2014 00:58:19


No When i tried accessing the webapi controller from other machines using below url

http://<myservername>:30666/admin/vmsizes

im able to get the json data,

i have just enabled all ports for inbound and outbound rules in windows firewall advanced settings,

im able to fetch the json data with the above url in other machines even without logging into tenant/admin sites..

As per my understanding if want to interact to webapi through wap it should flow through tenant/admin api(which validates the rquest based on the logged in portal either admion/tenant),but if im creating a custom Ui and from the above try i can consume the webapi w/o following the tenant/admon Api route(cos w/o tenant/admin api its just a webapi project wherein i can deploy as a service but need to implement the security)

So i guess we can directly expose the api by the above experiment..please correct me if im wrong..





Manesh Raveendran on Fri, 17 Oct 2014 20:57:33


Can you attach a fiddler trace for the HTTP header part of this call? Thanks.

shiv455 on Fri, 17 Oct 2014 21:53:39


So when you said 

Instead of browser, it will be your external application calling through Admin/Tenant API to get data back from your RP API

the tenant/Admin Api will validate the user (and associated subscriptionid) who is invoking these apis from external application??

and no need to bother about security??if im invoking tenant/admin api from wap then we have login scrrens for both the portals

Manesh Raveendran on Sat, 18 Oct 2014 18:45:49


There is a sample published for this. You should checkout the blog http://blogs.technet.com/b/privatecloud/archive/2013/11/28/sample-portal-code-based-on-windows-azure-pack-service-provider-foundation-and-virtual-machine-manager.aspx

It has a complete code for login to a different portal. The above sample uses same ASP .NET auth credentials to sign in. Tenant API support both ASP Auth & ADFS Auth. If you are hitting the tenant public API, you can use certificates to authenticate (public key of the cert should be uploaded to my account > management certificates by the tenant and be associated with the subscription).