Explore Azure App Service Flashcards
What is Azure App Service (AAS)
Used for hosting web apps or mobile backends
What does AAS contain support for?
- auto scaling with vertical and horizontal scalinh
- CI with devops, github and bitbucket
- deployment slots
- Linux (with some limitations)
What is an app service plan (asp)
- Defines a set of compute resources for a web app to run
- 1 or more apps can be configured to run on the same plan
What does an app service plan define?
OS
Region
Number of VMs
Size of VMs
Pricing tier
Describe the Shared compute pricing tiers
- Free and Standard Tiers
- Run on an app on the same VM as other AAS apps, including apps of other customers
- Cant scale out
Describe the dedicated compute pricing tiers
- Basic. standard, premium, premium V2, premium V3
- Run on dedicated Azure VMs
- Only apps in the same service plan share the same resources
- higher tiers have more VM instances available to you for scale out
Descirbe the isolated compute pricing tier
- Isolated and isolatedV2
- Provides max scale out capabilities
How can I improve app performance with app service plans?
Isolate the compute resource by moving the app into a separate app service plan so it isn’t sharing resources with other apps in the original plan
What are the two methods of deploying app services?
- Automated Deployment; CI is a repetitive process to push out new features and bug fixes in a fast and repetitive pattern with minimal effect on end users. Can use DevOps, GitHub and bitbucket
- Manual Deployment; can use Git, CLI, Zip Deploy or FTP/s
What are deployment slots (briefly in relation to App Service Plan)
- Recomended way to deploy app services
- apps are deployed to a slot and can then be swapped over
- the swap operation warms up the necessary worker instances to match production scale, eliminating downtime
Briefly describe app Services built in auth
- Allows you to integrate various auth capabilities into your web app or API without implementing them yourself
- Built directly into the platform
- Can integrate with multiple login providers (Microsoft Entra ID, Facebook, Google Twitter)
What is the authentication and authorisation module?
- Runs in same sandbox as your app code
- when its enabled every incoming HTTP request passes through it before being handled by app code
- runs separately from the app code and can be configured with ARM or config file, no SDK or programming changes to app code are required
What does the authentication and authorisation module do?
- Authenticates users and client with the specified Identity providers (facebook, google, twitter etc)
- validates, stores and refreshes Oauth tokens issued by the configured identity providers
- manages authenticated session
- injects ID information into HTTP request headers
- signs user in -> post authentication -> establish authenticated session -> serve authenticated code
How does authentication flow work with the providers SDK
- app delegates sign-in to app service
- typically used in browser apps which can present the providers login page to the user
- server code manages the sign-in process
how does authentication flow work without the providers SDK
- app signs users in to the provider manually and then submits the auth token to app service for validation
- browserless apps use this as they cant present providers sign-in page to the user
- app code manages the sign-in process
- Applies to REST APIs, Azure functions and native mobile apps
