Cosmos DB–Free Practice Resources

As you know Azure Cosmos DB will cost high if you are spending time on learning & experimenting.  Alternatively, following are different options inside/outside the Azure Portal to try with:

MSDN $200 Free Plan

https://azure.microsoft.com/en-us/free/free-account-faq/

Emulator

https://aka.ms/cosmosdb-emulator

Sandbox

https://docs.microsoft.com/en-us/learn/modules/create-cosmos-db-for-scale/2-create-an-account

Advertisements

Cosmos DB–Choosing the right Model

Cosmos DB offer multiple models as below:

  • Document Model with SQL API
  • MongoDB Model with MongoDB API
  • Cassandra Model with Cassandra API
  • Table Model with Table API
  • Graph Model with Gremlin API

In this article we can see which model to choose based on the requirement.

Note As informed previously we are making a Choice of CosmosDB here due to Dynamic Schema requirement & Geo-replication.

Document Model with SQL API

If you are starting with a new project which requires storage of similar items, schema changes a lot, then SQL API is the best choice.

MongoDB with MongoDB API

If you are Migrating from existing MongoDB which have Investments of MongoDB Queries then MongoDB API is the best choice.

Cassandra Model with Cassandra API

If your project requires Web Analytics capabilities, then Cassandra API is the right choice.

Table Model with Table API

If your data consists of Key-Value pairs OR if you wanted to Migrate data from Azure Table Storage, then Table Model API would be right choice.

    • Cosmos DB (access based pricing) is Cheaper than Table Storage (size based pricing) depending on the case

Graph Model with Gremlin API

If you have relationships between data, then Graph Model is the best choice.

Example: Amazon wanted to show Product Recommendations like customer who bought LG TV 46” also bought another product TV Stand 46”

graph.V().hasLabel(‘product’).has(‘productName’, ‘LG TV’).addE(‘boughtWith’).to(g.V().hasLabel(‘product’).has(‘productName’, ‘TV Stand’))

CosmosDB–Schemaless Scenario

As discussed earlier, the Decision for choosing CosmosDB rather than SQL Server is mostly one of the following:

  • Schemaless Advantage
  • Geo Replication

In this post we can explore the same with few scenarios.

Player Table

Let us think of a Table named Player in SQL Server.  There will be properties like following:

  • ID
  • Name
  • Age
  • Address

Requirement 1

Now, the Player table NEED TO support both Football player & Cricket player.

We resolve this by adding a Type column to differentiate between the players.

image

Requirement 2

The requirement changed that:

  • The Football Player should have a Goals column of type int
  • The Cricket Player should have a Run Rate column of type float

We resole this by adding 2 more columns. 

image

Problems in Design

As you can see, there are few problems in current design:

  • There is unwanted column GOALS being allocated for CRICKET Player
  • There is unwanted column RUN RATE being allocated for FOOTBALL Player

The problem is more complicated when the FUTURE REQUIREMENT to support Tennis Player, Badminton Player also comes through.

How COSMOS DB resolves this issue?

Cosmos DB resolves this issue by using only required columns.

{

“name”: “John”,

“age”: “30”,

“type”: “Football”,

“goals”: 4,

}

{

“name”: “Kevin”,

“age”: “25”,

“type”: “Cricket”,

“runrate”: 5.3

}

Summary

In this post we have observed the Schemaless advantage of Cosmos DB.

401 Unauthorized Error–Azure Active Directory (AD)

Here I am listing down all the possible solutions for 401 Unauthorized Error during AAD configuration for your App Service or Resources.

image

The scenario can be like this:

  • You are able to Authenticate & Get a Valid Token
  • While presenting the Token for service access the Error 401 Unauthorized is happening

Solution 1: Ensure Resource Parameter

Ensure that while requesting the Authentication Token you are specifying the resource parameter.  Without the parameter you will still get the token but the 401 Error will occur as there is no valid resource.

image

Solution 2: Ensure App ID URI mentioned in the Service

Go to App Services > Authentication blade > Advanced Settings

image

Solution 3: Delete & Create new App Registration

Some of the configuration errors will be tricky to find – especially in restricted access production environments.  So you can try following:

  • Delete the App Registration
  • Create new App Registration
  • Set the new App Registration parameters in App Service

Solution 4: View Application Logs

Go to Log Streaming to view the Application Logs.

image_thumb[10]

You can search on the Detailed error code (401.83) OR IDX10214 error code for more details.

Solution 5: View Kudu Logs

You can see the Authentication Token is passed or not through the Kudu > Debug Console > CMD > W3SVC Logs.

image

Summary

In this post we have seen how to troubleshoot AAD Authorization Error.  If you find another solution not listed here, please comment below so I can update back in the article.  Help us to Help you!

References

Testing with Postman

Testing with Postman

Now we can test the previous service with Postman.

Postman

Postman is a GUI Tool for testing HTTP APIs. It is much popular today that almost all Developers have it installed it in their machine.

You can download latest version of Postman from here.

https://www.getpostman.com/tools

Steps

Following are the steps to use Postman.

Get the Token

Create a new GET REQUEST as shown below.

image

Enter the following Values.

· Auth URL use the URL https://login.microsoftonline.com/Your-AAD-Tenant-Name-OR-Guid/oauth2/token and replace the highlighted area

· Client ID You can get this from Azure > App Service > Properties

· Client Secret You can get this from Client Credentials blad

· Grant Type Hardcode as client_credentials

· Resource You can get this from Service > Expose an API blade

image

Call the Service

Now call the service & If everything went fine you will see the response as below.

image

Now follow these steps:

· Create a new GET request

· Add the highlighted headers below

· Set the Token copied from previous step with the Bearer prefix on it

· Click the SEND button in Postman

On successful execution, you will get the results as shown above.

Summary

In this post you have seen how to call an AAD protected API Service with Postman. In real world scenarios we can combine the Token generation & attaching to Service request as a single step.

References

Postman – Automatically attach Token

AZ300 – AAD Service Registration

Azure Active Directory provides Identity Platform which allows Secured Access to your Application & Services. In this article we can explore how to create a Web API Service & Protect it with AAD App Registration.

Create New API Service

Open Visual Studio & Create a new Web API Service.

image

Run the Service and Ensure you are able to access the Results as displayed below.

http://localhost:62573/api/values

Publish the Service

Now right click on the project & publish the service to Azure App Service.

image

image

You need an Azure Subscription to perform this. You can use following link to do the same.

https://azure.microsoft.com/en-us/free/

Choose the App Service option.

image

Enter the App Service option.

image

Azure App Service is a PaaS (Platform as a Service) way of Hosting web sites.

image

You can test your new App Service with the URL.

https://aadservice2019.azurewebsites.net/api/values

If you are getting the same results, you are good!

Protect the Service

Now we can protect the Service with Azure Active Directory. There is a Quick Way to achieve the same without writing a single line of code.

Go to Azure Portal > App Services blade > Click on your service.

image

Go to Authentication/Authorization blade.

image

Turn App Service Authentication to On. Then in the appearing options choose the following:

· Login with Azure Active Directory

· Choose Azure Active Directory from Authentication Providers > Then choose Express option

Save changes.

Test the Service

Now test the service again with the previous URL. This time you will be prompted for Login.

image

This means the Service is protected from Anonymous Access now.

References

https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-scenarios

Summary

In this article we have explored how to create a Web API Service & Protect it with AAD App Registration.