📣 Got feedback? Fill out this survey to help us shape the future of Enterprise App Patterns and understand whether we're focusing on the business goals and features important to you. Microsoft Privacy Statement
The reference implementation provides a production-grade web application that uses best practices from our guidance and gives developers concrete examples to build their own Reliable Web Application in Azure. This repository specifically demonstrates a concert ticketing application for the fictional company Relecloud, embodying the reliable web app pattern with a focus on .NET technologies. It guides developers through a simulated migration from an on-premises ASP.NET application to Azure, detailing the architectural changes and enhancements that capitalize on the cloud's strengths during the initial adoption phase.
This project has a companion article in the Azure Architecture Center that describes design patterns and best practices and a six-part video series (YouTube) that details the reliable web app pattern for .NET web app. Here's an outline of the contents in this readme:
Relecloud aligned to a hub and spoke network topology in the production deployment architecture to centralize common resources. This network topology provided cost savings, enhanced security, and facilitated network integration (platform and hybrid):
This diagram describes the production deployment which is described in the prod-deployment.md file. The following steps below are for a development deployment which is a simplified version.
- Cost efficiency: The hub acts as a central point for shared resources, promoting cost-effective resource reuse. For instance, Azure Bastion is a shared service in the hub, providing secure and cost-effective remote access without the need for separate deployments for each application.
- Traffic control and security: Network traffic is managed and secured using Network Security Groups and Route tables in each subnet, creating secure boundaries for Azure resources. Private endpoints add an extra layer of security, and a jump box allows for deployment within these boundaries, maintaining local IP access to resources.
- Network integration: The topology supports network integrations for data transfer across applications and hybrid scenarios. While the reference architecture doesn't include ExpressRoute or Azure VPN Gateway, these should be considered for applications requiring hybrid network connections.
This description details the workflow for Relecloud's concert ticketing application. It highlights key components and functionality to help you emulate its design:
- Global traffic routing: Azure Front Door acts as a global traffic manager, routing users to the primary region for optimal performance and failing over to a secondary region during outages for uninterrupted service.
- Security inspection: Incoming traffic is inspected by Azure Web Application Firewall to protect against web vulnerabilities before reaching the web app.
- Static and dynamic content delivery: Users receive static content, like the home page, immediately upon request. Dynamic content, such as 'Upcoming Concerts', is generated by making API calls to the backend, which fetches data from Azure SQL Database and returns it in a JSON format.
- Session state management: User sessions, including shopping cart data, are managed by Azure Cache for Redis, ensuring persistence and consistency across scale-out events.
- User authentication: Microsoft Entra ID handles user authentication, suitable for environments where accounts are centrally managed, enhancing security and control.
- API interaction and token management: The front-end web app uses the MSAL library to obtain tokens for authenticated API calls, caching them in Azure Cache for Redis to optimize performance and manageability.
- Payment and checkout flow: While this example doesn't process real payments, the web app captures payment information during checkout, demonstrating how a web app can handle sensitive data.
- Purchase and ticket generation: The backend API processes purchase requests and generates tickets that are immediately accessible to users.
- Networking and access control: Azure Private DNS, Network Security Groups, and Azure Firewall tightly control the flow of traffic within the app's network, maintaining security and isolation.
- Monitoring and telemetry: Application Insights provides monitoring and telemetry capabilities, enabling performance tracking and proactive issue resolution.
- Configuration and secrets management: Initial configuration and sensitive information are loaded from Azure App Configuration and Azure Key Vault into the app's memory upon startup, minimizing access to sensitive data thereafter.
The following detailed deployment steps assume you are using a Dev Container inside Visual Studio Code.
For your convenience, we use Dev Containers with a fully-featured development environment. If you prefer to use Visual Studio, we recommend installing the necessary dependencies and skip to the deployment instructions starting in Step 3.
For Windows users, we recommend using Windows Subsystem for Linux (WSL) to improve Dev Container performance.
wsl
Clone the repository from GitHub into the WSL 2 filesystem using the following command:
git clone https://github.com/Azure/reliable-web-app-pattern-dotnet.git
cd reliable-web-app-pattern-dotnet
If required, ensure Docker Desktop is started and enabled for your WSL terminal more details. Open the repository folder in Visual Studio Code. You can do this from the command prompt:
code .
Once Visual Studio Code is launched, you should see a popup allowing you to click on the button Reopen in Container.
If you don't see the popup, open the Visual Studio Code Command Palette to execute the command. There are three ways to open the command palette:
- For Mac users, use the keyboard shortcut ⇧⌘P
- For Windows and Linux users, use Ctrl+Shift+P
- From the Visual Studio Code top menu, navigate to View -> Command Palette.
Once the command palette is open, search for Dev Containers: Rebuild and Reopen in Container
.
Before deploying, you must be authenticated to Azure and have the appropriate subscription selected. Run the following command to authenticate:
If you are not using PowerShell 7+, run the following command (you can use $PSVersionTable.PSVersion to check your version):
pwsh
Import-Module Az.Resources
Connect-AzAccount -UseDeviceAuthentication
Set the subscription to the one you want to use (you can use Get-AzSubscription to list available subscriptions):
$AZURE_SUBSCRIPTION_ID="<your-subscription-id>"
Set-AzContext -SubscriptionId $AZURE_SUBSCRIPTION_ID
Use the next command to login with the Azure Dev CLI (AZD) tool:
azd auth login --use-device-code
Next we provide the AZD tool with variables that it uses to create the deployment. The first thing we initialize is the AZD environment with a name.
The environment name should be less than 18 characters and must be comprised of lower-case, numeric, and dash characters (for example, dotnetwebapp
). The environment name is used for resource group naming and specific resource naming.
By default, Azure resources are sized for a development deployment. If doing a production deployment, see the production deployment instructions for more detail.
azd env new <pick_a_name>
Select the subscription that will be used for the deployment:
azd env set AZURE_SUBSCRIPTION_ID $AZURE_SUBSCRIPTION_ID
(Optionally) Set your principal name:
azd env set AZURE_PRINCIPAL_NAME (Get-AzContext).Account.Id
Set the AZURE_LOCATION
(Run (Get-AzLocation).Location
to see a list of locations):
azd env set AZURE_LOCATION <pick_a_region>
Run the following command to create the Azure resources and deploy the code (about 15-minutes to complete):
azd up
Errors during provisioning? See our known issues list or file an issue on our GitHub repo.
Use the URL displayed in the console output to launch the web application that you have deployed:
You can learn more about the web app by reading the Pattern Simulations documentation.
Run the following command to tear down the deployment:
azd down --purge --force
- Known issues
- Troubleshooting
- Pattern Simulations
- Developer Experience
- Calculating SLA
- Find additional resources
- Report security concerns
- Find Support
- Contributing
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.
The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft's privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkId=521839. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
Telemetry collection is on by default.
To opt out, run the following command azd env set ENABLE_TELEMETRY
to false
in your AZD environment.