Can Azure Traffic Manager be used with Mobile Apps specially with social login? I have configured a traffic manager and two app services (say, mobileapp1 and mobileapp2) to work with it.They seem to work pretty nice with postman and the response and everything is working. Now, I have declared traffic manager's URL as client in xamarin client app and the app throws exception when I am logging in into azure. After logging in facebook, when I am passing the token to server using this line
var user = await client.LoginAsync(MobileServiceAuthenticationProvider.Facebook, token);
it throws an exception at this line saying invalid operation.
In continuation to this doubt.. I have two mobile apps connected with one traffic manager. Both of them have facebook login configured. So, is it supposed to work? What happens if, when the user is registering he/she is redirected to mobileapp1 and azure authentication is done there while in some subsequent attempts user is redirected to mobileapp2. Does the identity database of mobileapp2 know about the user? This is when I am using the authentication service that comes with mobile app and not B2C.
Based on your code, you are using Client-managed authentication with Azure Mobile Apps. For App Service Authentication / Authorization, such as mobile client type, a JSON web token (JWT) would be issued to the client and the it would be presented in the x-zumo-auth
header when sending request to mobile backend. For more details, you could refer to How authentication works in App Service. Here is a JWT token when using Azure traffic manager with Mobile App, we could use jwt.io to decode the token:
For the JWT token, it would use the WEBSITE_AUTH_SIGNING_KEY
environment variable to sign audience
, issuer
, Claims
. For more details, you could refer to here about how to use custom authentication for your application.
Each Mobile App has the different WEBSITE_AUTH_SIGNING_KEY
, you could use kudu and click Environment to find the it. Moreover, I tried to update my two mobile apps to use the same sign key, but failed for no permission.
Your LoginAsync
would send the following request:
POST https://<yourname>.trafficmanager.net/.auth/login/facebook
Body {"access_token":"<access_token_from_facebook>"}
You could use fiddler to capture the network trace.
Can Azure Traffic Manager be used with Mobile Apps specially with social login?
For custom authentication, you could configure the sign key in your web.config file. For social login and use the authentication provided by azure, you could no share the sign key between different mobile apps. Moreover, if you set Routing method
to Geographic
and your mobile apps are in different Geographic locations, I assume that your scenario may work as expected.
UPDATE1:
After some trials, I found you could specific the WEBSITE_AUTH_SIGNING_KEY
setting under the "SETTING > Application settings" blade of your mobile app to override the WEBSITE_AUTH_SIGNING_KEY
environment variable as follows:
Note: The signing key needs to be a SHA-256 hashed string, you could sync the key between your two mobile apps or generate your custom key. After configure the setting, you could leverage kudu to check the newest WEBSITE_AUTH_SIGNING_KEY
.
UPDATE2:
my problem is figuring out how to use social auth with two different mobile apps where redirection by traffic manager is happening on the basis of performance
As the official documentation mentions about the traffic routing method Performance as follows:
Performance: Select Performance when you have endpoints in different geographic locations and you want end users to use the "closest" endpoint in terms of the lowest network latency.
I did some test, you could refer to it. Here is the Endpoints under my Traffic Manager profile:
Note: My two mobile apps have configured the same Client Id
for my MSA authentication and set the same WEBSITE_AUTH_SIGNING_KEY
value under "SETTINGS > Application settings" for encoding / decoding the token.
For my /api/values
API endpoint, I just return the WEBSITE_HOSTNAME
environment variable as follows:
return Request.CreateResponse(new { WEBSITE_HOSTNAME =Environment.GetEnvironmentVariable("WEBSITE_HOSTNAME") });
For the Performance routing method, all my requests would be routed to bruce-mobile02.azurewebsites.net
:
For the Weighted routing method, I configured the same WEIGHT for my two endpoints. Per my test, the requests with the same AuthenticationToken
that attached as the x-zumo-auth
header value for authorization would be routed to my two endpoints as follows:
来源:https://stackoverflow.com/questions/46718763/using-azure-traffic-manager-with-mobile-app