This walkthrough will run through setting up AdminUI manually in Azure.
The IdentityExpress Admin UI consists of two sites: the UI, and the backend API. These thenĀ integrate with an IdentityServer installation for authentication and authorization.
AdminUI Deployment
AdminUI is deployed as 2 separate Azure Web Applications - one for the UI website and one for the API website.
It is envisaged that they will be configured to communicate with your existing (external) identity server.
Prerequisites
Before beginning the installation, please ensure that you haveĀ an IdentityServer4 installation and either a MySql, PostgreSQL or SqlServer database set up.
Walkthrough
If you already have a working IdentityServer installation up and running then this walkthrough is for you.
This walkthrough will take you through the entire Azure configuration process, resulting in a working environment for IdentityExpress AdminUI, with the UI and backend API running on the same machine and targeting an existing IdentityServer. This will also include migrating your user store to the AdminUI Identity Schema.
Configure a Database
AdminUI currently only supports MySql, PostgreSQL and SqlServer. These can run in any azure or non-azure service.
Any used databases must accept remote connections, also ensure that your firewall allows connections on any used ports.
Create Azure Website
Initially you will want to create 2 Azure Web Apps (note this process can also be done with Azure VM's, though you will need to follow the AdminUI IIS Installation guide.
One website will be for the UI and the other for the backend API.
AdminAPI Configuration
Once you have a Website Setup for the API, you will need to add some variables to the site in order to get it to run. The variables to be aware of for the API are:
DbProviderThis sets the database type you are using. Supported types and their values areSqlServer,MySql, orPostreSqlIdentityConnectionStringThe connection string for your Identity database (users)IdentityServerConnectionStringThe connection string for your IdentityServer database (clients, resources & grants)AuthorityUrlUrl of the IdentityServer installationUiUrlUrl of the AdminUI frontend (the idxui container)RequireHttpsMetadataSet totrueorfalseif you want to ensure IdentityServer discovery endpoint uses TLS. Must be true for production.RunIdentityMigrationsSet totrueorfalseif you require AdminUI to run Entity Framework migrations for ASP.NET Identity DbContext's. This is recommended.RunIdentityServerMigrationsSet totrueorfalseif you require AdminUI to run Entity Framework migrations for IdentityServer DbContext's. This is useful if you have a new instance of IdentityServer currently without databases.IdentityDatabaseToMigrateConnectionString(optional) The connection string of your existing ASP.NET Core Identity Entity Framework database that will be migrated to the database used in IdentityConnectionString (this must not be equal toIdentityConnectionString).AuditRecordsConnectionStringThe connection string for AdminUI audits, if missing will default to theIdentityServerConnectionStringAuditRecordsCultureLanguage used for generation of audit records, if missing or invalid will default to English (en-GB), supported cultures and their values are:deGermanzh-TWChinese (Traditional)zh-CNChinese (Simplified)esSpanishfrFrenchAuditReadActionsSet totrueorfalse, if missing will default totrue, iffalseno audit records will be generated for read actions e.g when a user views resources though AdminUI
In Azure, these variables will need to be added manually to the App Settings header in the Application Settings blade.
For a full list of configuration settings, see Configuring AdminUI.
AdminUI Configuration
Once you have a App Service Setup for the UI, you will need to add some variables to the site in order to get it to run. The variables to be aware of for the UI are:
AuthorityUrlUrl of the IdentityServer installation.UiUrlUrl of the AdminUI frontend (this Web APP).ApiUrlUrl of the API setup in the previous step.
In Azure, these variables will need to be added manually to the App Settings header in the Application Settings blade.
For the UI there is an extra configuration step needed after the App Settings.
Once you have configured these variables you will need to navigate to the folder that was placed in the WebApp wwwroot/assets folder and edit the env.js file in this folder. The variables in this will need to match the variables above:
var ENV = {
AuthorityUrl: 'Identity Server Url Here',
UiUrl: 'Url of this website',
ApiUrl: 'Url Setup in the previous step'
};
Deploying to Azure Web App
For each website you will need to FTP the folders supplied to the correct Azure folder. To achieve this you will need an FTP Client such as Filezilla. Once you have an FTP Client setup, you will need to go in to the Deployment Credentials blade of your app underneath the deployment header and setup the FTP credentials. Next go into the Properties blade underneath the Settings Header. From this blade you can grab your FTP HOST NAME.
Using your FTP Client, connect to this website, from here navigate to Site -> wwwroot. You will want to place the contents of the relevant folder in this wwwroot folder. Do this for both the API and the UI.
Note: Any EF migrations should run on Website startup, if not you can hit the URL for the API to ensure they have ran.
Migrations
Whether you are installing AdminUI for the first time or upgrading to the latest version of AdminUI, you will need to run some form of migrations to ensure your databases are inline with AdminUI
If you extract the zip on your local machine, You can run the following command to migrate your database
dotnet IdentityExpress.Manager.Api.dll -migrate all -connectionstring "Server=tcp:example.database.windows.net;Database=ExampleDatabase;User ID=Username;Password=Password;Trusted_Connection=False;Encrypt=True;" -dbprovider SqlServer
If you want more options when setting up your databases, then there are more fine tune migrations you can do, for more info see our full migration docs here
Troubleshooting
If you're having issues, we recommend you first Enable Logging for the API Site.