Set Path Variable(CMD):
PATH=%PATH%;"C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn"
Download Project Files(CMD):
git clone https://github.com/udacity/nd081-c1-provisioning-microsoft-azure-vms-project-starter
Navigate to Downloaded Folder and Rename the Project Folder(CMD):
ren nd081-c1-provisioning-microsoft-azure-vms-project-starter SourceProject
Login to Azure with CLI:
az login
Create a Resource Group:
az group create --name ArticleCmsRg --location <YOUR-LOCATION>
Create an SQL Server:
az sql server create --name <YOUR-SQL-SERVERNAME> --admin-user <USERNAME> --admin-password <PASSWORD> --resource-group ArticleCmsRg
Replace | With |
---|---|
SQL_SERVER_NAME | <YOUR-SQL-SERVERNAME> |
SQL_SERVER_USERNAM | <USERNAME> |
SQL_SERVER_PASSWORD | <PASSWORD> |
Create a Database:
az sql db create --name UdaProjectCMS --resource-group resource-group-west --server <YOUR-SQL-SERVERNAME>
Replace | With |
---|---|
SQL_DB_NAME | ArticleCmsDb |
Locate Your Public IP Address (Copy Address from Name):
nslookup myip.opendns.com resolver1.opendns.com
Enable Firewall Access for Your IP:
az sql server firewall-rule create --resource-group ArticleCmsRg --server <YOUR-SQL-SERVERNAME> --name "AllowMyIP" --start-ip-address <IP-FROM-PREVIOUS-STEP> --end-ip-address <IP-FROM-PREVIOUS-STEP>
Create user and article tables and insert data:
sqlcmd -S <YOUR-SQL-SERVERNAME>.database.windows.net -d ArticleCmsDb -U sqladmin -i .\sql_scripts\users-table-init.sql
sqlcmd -S <YOUR-SQL-SERVERNAME>.database.windows.net -d ArticleCmsDb -U sqladmin -i .\sql_scripts\posts-table-init.sql
Create a Storage Account:
az storage account create --name <YOUR-STORAGE-ACCOUNT-NAME> --resource-group ArticleCmsRg --sku Standard_ZRS
Under Settings Copy an Access Key
Replace | With |
---|---|
BLOB_STORAGE_KEY | <YOUR-ACCESS-KEY> |
In Azure Active Directory Create App Registration Copy <CLIENT_ID> from App Registration Overview
Create and Copy <CLIENT_SECRET> from Certificates & Secrets
Replace | With |
---|---|
CLIENT_ID | <CLIENT_ID> |
CLIENT_SECRET | <CLIENT_SECRET> |
Under FlaskWebProject in init.py File add these lines:
app.logger.setLevel(logging.INFO)
streamHandler = logging.StreamHandler()
streamHandler.setLevel(logging.INFO)
app.logger.addHandler(streamHandler)
In views.py File Add-
- For Invalid Password add this Line:
app.logger.warning("Logging in failed for user:{}".format(form.username.data))
- For Successful Login add this Line:
app.logger.info("Logging in user:{}".format(form.username.data))
- For Logout:
app.logger.info("Logging out user: {}".format(session.get("user")))
In authorized function add this Line:
result = _build_msal_app(cache=cache).acquire_token_by_authorization_code(request.args['code'],scopes=Config.SCOPE,redirect_uri=url_for('authorized', _external=True, _scheme='https'))
- Remove result = None
In _load_cache function add these Lines:
cache = msal.SerializableTokenCache()
if session.get('token_cache'):
cache.deserialize(session['token_cache'])
return cache
- Remove cache = None
In _save_cache function add these Lines:
if cache.has_state_changed:
session['token_cache'] = cache.serialize()
In _build_msal_app function add this Line:
return msal.ConfidentialClientApplication(
Config.CLIENT_ID, authority=authority,
client_credential=Config.CLIENT_SECRET, token_cache=cache)
In _build_auth_url function add this Line:
return _build_msal_app(authority=authority).get_authorization_request_url(scopes,state=state,redirect_uri=url_for('authorized', _external=True, _scheme='https'))
az webapp up --name FinalCmsProgApp --sku F1 --resource-group ArticleCmsRg
In the App Overview Page Copy App URL In Azure Active Directory Under your App Registration Click Add a Redirect URI Click Add a Platform Under Web Set The following URls-
Field | Value |
---|---|
Redirect URIs | <YOUR-APP-URL>/getAToken |
Front-channel logout URL | <YOUR-APP-URL>/login |
Get Public IP Address of the app:
az webapp show --resource-group resource-group-west --name UdaProjectCMS --query outboundIpAddresses --output tsv
Copy the Smallest and Latrgest IP's as and
Allow App to access internal sql server:
az sql server firewall-rule create --resource-group resource-group-west
--server <YOUR-SQL-SERVERNAME> --name "AllowAppIP" --start-ip-address <SMALLEST-IP-FROM-PREVIOUS-STEP> --end-ip-address <LARGEST-IP-FROM-PREVIOUS-STEP>