- Click this link to navigate to the Microsoft Learn Security Module:
- (Optional) On the Microsoft Learn page, sign into your Azure account
- Microsoft Learn offers badges and points for completing modules
- On the Microsoft Learn page, select Start
- Complete the security module
- Navigate to the Azure Portal
- On the Azure Portal, on the left-hand menu, select Al services
- In the All services window, in the Filter bar at the top, type Security
- In the All services window, select Security Center
- In Security Center on the left hand menu, select Recommendations
- Let's walk through some of the recommendations together
- Navigate to the Azure Portal
- On the Azure Portal, navigate to your App Service resource
- On the App Service Overview page, on the left-hand menu, select Managed service identity
- On the Managed service identity page, select On
- On the Managed service identity page, select Save
- Navigate to the Azure Portal
- In the Azure Portal, select +Create a Resource
- In the New window, type Key Vault into the search bar
- From the search results, select Key Vault
- On the Key Vault page, select Create
- On the Create key vault page, create a unique key vault name for Name:
- On the Create key vault page, select your Azure subscription
- On the Create key vault page, select the location closest to you
- On the Create key vault page, Pricing Tier: Standard
- On the Create key vault page, select Access policies
- On the Access policies page, select + Add new
- On the Add new policy page, select Select principal
- In the Principal page, enter the name of your app service in the search bar
- In the Principal page, select your app service
- In the Principal page, click Select
- On the Add new policy page, add the following Secret Permissions:
- Note: Ensure you are modifying Secret Permissions, not Key or Certificate permissions
- Get
- List
- On the Add new policy page, select Ok
- On the Access policies page, select Ok
- On the Create key vault page, select Create
- On the Azure Portal, select the bell-shaped notification icon
- Stand by while the Notifications window says Deployment in progress...
- Once the deployment has finished, on the Notifications window, select Go to resource
- On the Key Vault resource page, select Secrets
- On the Secrets page, select + Generate/Import
- On the Create a secret page, make the following selections:
- Upload options: Manual
- Name: TextAnalyticsBaseUrl
- Value: [Your Text Analytics Base Url]
- Content type: [Leave blank]
- Set activation date? [Unchecked]
- Set expiration date? [Unchecked]
- Enabled? Yes
- On the Create a secret page, select Create
- On the Secrets page, select + Generate/Import
- On the Create a secret page, make the following selections:
- Upload options: Manual
- Name: TextAnalyticsApiKey
- Value: [Your Text Analytics Api Key]
- Content type: [Leave blank]
- Set activation date? [Unchecked]
- Set expiration date? [Unchecked]
- Enabled? Yes
- On the Create a secret page, select Create
- On the Key Vault resource page, select Overview
- On the Key Vault Overview page, locate the DNS name
- Copy down the value of DNS name. We will use it to connect our Key Vault to our App Service
- Navigate to the Azure Portal
- On the Azure Portal, navigate to your App Service resource
- On the App Services Overview page, on the left-hand menu, select Application settings
- In Application settings, scroll down to the Application settings section
- In the Application settings section, select + Add new setting
- In the + Add new setting section, Enter the following values:
- Enter a name: KeyVaultEndpoint
- Enter a value: [Your Azure Key Vault DNS name]
- On the Application settings page, select Save
- In the hotelsweb solution, open
appsettings.json - In
appsettings.json, remove the value ofTextAnalyticsApiKeyleaving it as an empty string- E.g.
"TextAnalyticsApiKey": "",
- E.g.
- In
appsettings.json, remove the value ofTextAnalyticsBaseUrlleaving it as an empty string- E.g.
"TextAnalyticsBaseUrl": "",
- E.g.
- In the hotelsweb solution, open
appsettings.Development.json - In
appsettings.Development.json, remove the value ofTextAnalyticsApiKeyleaving it as an empty string- E.g.
"TextAnalyticsApiKey": "",
- E.g.
- In
appsettings.Development.json, , remove the value ofTextAnalyticsBaseUrlleaving it as an empty string- E.g.
"TextAnalyticsBaseUrl": "",
- E.g.
- Build/Deploy
hotelsweb.csprojto the Azure Web App instance created earlier - On the Hotels360 website, click Reviews from the top menu
- On the Reviews page, enter a positive review
- Example positive review: "Best hotel ever!"
- On the Review page, ensure that a happy emoji appears
- On the Hotels360 website, click Reviews from the top menu
- On the Reviews page, enter a negative review
- Example negative review: "Terrible hotel. Will never stay here again!"
- On the Review page, ensure that a sad emoji appears
- On the Hotels360 website, click Reviews from the top menu
- On the Reviews page, enter a neutral review
- Example neutral review: "This is a big hotel"
- On the Review page, ensure that a neutral emoji appears
- Navigate to the Azure Portal
- On the Azure Portal, navigate to your App Service resource
- On the App Services Overview page, locate the App Service URL
- We will use this URL later
- On the App Services Overview page, on the left-hand menu, select Authentication / Authorization
- On the Authentication / Authorization page, make the following selections:
- App Service Authentication: On
- Action to take when request is not authenticated: Log in with Microsoft Account
- On the On the Authentication / Authorization page, select Save
- On the Authentication / Authorization page, select Microsoft Not Configured
- On the Microsoft Account Authentication Settings page, click Tese settings allow users to sign in with Microsoft Account. Click here to learn more.
- On the How to configure your App Service application to use Microsoft Account login page, click **[My Applications]
- On the Application Registration Portal, login with your Microsoft username/password
- On the My applications page, select Add an app
- On the Register applications page, create a name for your app
- On the Register applications page, select Create
- On the App Registration page, select Generate New Password
- On the New password generated popup, copy the password and paste it in a text file on your local computer
- Note: We will use this password later, but you will be unable to access the password after clicking Ok and closing the popup
- On the New password generated popup, select Ok
- On the Register applications page, in Home page URL, locate the Application Id
- Note: We will use Application Id later
- On the Register applications page, in Home page URL, paste the formatted App Service URL
- Formatted App Service Url:
[Your App Service Url]/.auth/login/microsoftaccount/callback - E.g., https://minnickhotelsweb.azurewebsites.net/.auth/login/microsoftaccount/callback
- Formatted App Service Url:
- On the Register applications page, click Save
- On the Azure Portal on the Microsoft Account Authentication Settings page, enter the following values:
- Client Id: [Your Microsoft Application Id]
- Client Secret: [Your Microsoft Application Password]
- On the Microsoft Account Authentication Settings page, select Ok
- On the Authentication / Authorization page, select Save
- Build/Deploy
hotelsweb.csprojto the Azure Web App instance created earlier - Navigate to the Hotels360 website
- On the Hotels360 website, ensure you are prompted with a Microsoft login
- Enter your Microsoft user/name password
- Grant login access to your app