WEBVTT 00:00:00.000 --> 00:00:02.400 >> All right, good afternoon everybody. 00:00:02.400 --> 00:00:06.510 The last session of what's becoming quickly 00:00:06.510 --> 00:00:08.715 my favorite conference of the year of 00:00:08.715 --> 00:00:11.745 Xamarin developer summit right. 00:00:11.745 --> 00:00:15.210 Yeah, because everybody here are mobile developers, 00:00:15.210 --> 00:00:17.025 my type of people. This is great. 00:00:17.025 --> 00:00:19.020 So today, we are going to be talking 00:00:19.020 --> 00:00:21.434 about little bit of mobile development, 00:00:21.434 --> 00:00:23.595 little bit of Cloud development, 00:00:23.595 --> 00:00:27.390 little bit of both that's going to be partly cloudy. 00:00:27.390 --> 00:00:30.170 We're going to be talking about little tips and trips about 00:00:30.170 --> 00:00:34.570 making Azure and mobile work together great. 00:00:34.570 --> 00:00:36.300 My name is Matt Soucoup. 00:00:36.300 --> 00:00:38.120 I'm a senior Cloud Advocate at 00:00:38.120 --> 00:00:41.645 Microsoft and that's a pretty weird title to have. 00:00:41.645 --> 00:00:43.910 So what is Cloud Advocacy? 00:00:43.910 --> 00:00:47.765 In short it means I heart developers. 00:00:47.765 --> 00:00:49.790 I love going out and talking to everybody. 00:00:49.790 --> 00:00:52.145 I make podcasts, do the Xamarin podcasts. 00:00:52.145 --> 00:00:54.320 I do videos, lot of blogs, 00:00:54.320 --> 00:00:55.730 a lot of articles. 00:00:55.730 --> 00:00:58.640 But most importantly, I advocate 00:00:58.640 --> 00:01:01.775 for you-all within Microsoft itself. 00:01:01.775 --> 00:01:04.550 So I want to make sure your voice is heard to the product teams. 00:01:04.550 --> 00:01:07.309 So if you have any issues with any products, 00:01:07.309 --> 00:01:08.810 you have any ideas just want to 00:01:08.810 --> 00:01:12.095 have some code reviews, feel free to hit. 00:01:12.095 --> 00:01:14.425 My DMs are always open on Twitter. 00:01:14.425 --> 00:01:19.650 I have office hours aka.ma/office-hours. 00:01:19.650 --> 00:01:20.925 Got to open up my calendar. 00:01:20.925 --> 00:01:22.980 You can schedule time with me or sit down 00:01:22.980 --> 00:01:25.060 for a half hour anything you want to talk 00:01:25.060 --> 00:01:27.445 about from how to get into public speaking 00:01:27.445 --> 00:01:30.175 to some debugging to some issues. 00:01:30.175 --> 00:01:31.840 I can bring them back to the product team make 00:01:31.840 --> 00:01:34.195 sure your voice is heard within Microsoft. 00:01:34.195 --> 00:01:37.045 So with that said, 00:01:37.045 --> 00:01:41.095 how many people have ever written an app that has 00:01:41.095 --> 00:01:45.710 not talked to some Internet API at all? 00:01:46.070 --> 00:01:49.290 One person, two people, me too. 00:01:49.290 --> 00:01:54.370 My very first app I wrote was for a zoo in Madison, Wisconsin. 00:01:54.370 --> 00:01:57.140 What it did is that when you stood in front of 00:01:57.140 --> 00:02:00.050 an exhibit it talked to the GPS, 00:02:00.050 --> 00:02:02.030 so I guess it was space enabled. 00:02:02.030 --> 00:02:04.640 It went on to the GPS satellites and it brought up. 00:02:04.640 --> 00:02:06.550 Say you're standing in front of the bear exhibit, 00:02:06.550 --> 00:02:09.250 it brought up information about the bears, 00:02:09.250 --> 00:02:11.690 which probably was the same information on 00:02:11.690 --> 00:02:14.630 the sign that you're standing right next to but 00:02:14.630 --> 00:02:17.210 it was information that was 00:02:17.210 --> 00:02:19.880 everything was built right into the app images, 00:02:19.880 --> 00:02:24.895 text, and everything, not a Cloud in the sky right there. 00:02:24.895 --> 00:02:29.750 But as we started growing we had to figure out how we were going 00:02:29.750 --> 00:02:32.210 to move beyond having everything just 00:02:32.210 --> 00:02:35.750 packaged right into the app more than just that. 00:02:35.750 --> 00:02:37.800 So how do we do it? 00:02:37.800 --> 00:02:43.070 Well, of course, you find your friend who works at a ISP 00:02:43.070 --> 00:02:45.530 ask him if you can take a server and put it right in 00:02:45.530 --> 00:02:48.560 rack and you make that server have IIS on it, 00:02:48.560 --> 00:02:49.685 SQL Server on it, 00:02:49.685 --> 00:02:52.460 and you put some images probably right in SQL Server 00:02:52.460 --> 00:02:55.910 as blobs and he's server at all from that. 00:02:55.910 --> 00:02:59.269 You have a 100 percent 00:02:59.269 --> 00:03:03.380 tuned back-end because you know exactly how it works. 00:03:03.380 --> 00:03:05.300 You know all the nooks and crannies of it, 00:03:05.300 --> 00:03:07.730 it's going to be working perfect for you. 00:03:07.730 --> 00:03:09.800 It works so perfect that you're programming in 00:03:09.800 --> 00:03:12.410 binary for it you know it back and forth. 00:03:12.410 --> 00:03:16.500 The problem is you're going to outgrow that back-end very 00:03:16.500 --> 00:03:21.305 quickly and I mean you're serving files from SQL Server. 00:03:21.305 --> 00:03:23.570 That's not going to last very 00:03:23.570 --> 00:03:26.330 long at all and eventually you're going to hate your life. 00:03:26.330 --> 00:03:27.980 So you're going to start looking up for the 00:03:27.980 --> 00:03:31.220 Cloud and Azure and all these products 00:03:31.220 --> 00:03:34.895 that have these weird logos to it. What do they mean? 00:03:34.895 --> 00:03:37.850 There's literally hundreds of them. 00:03:37.850 --> 00:03:40.220 The problem here is that this not so 00:03:40.220 --> 00:03:43.910 much knowing about them or knowing in depth, 00:03:43.910 --> 00:03:45.455 it's knowing about them. 00:03:45.455 --> 00:03:48.260 What new things do and knowing the tips and tricks about them 00:03:48.260 --> 00:03:51.565 like how to use them in a mobile context. 00:03:51.565 --> 00:03:53.250 So you can go to the docs, 00:03:53.250 --> 00:03:54.615 you can go to blogs, 00:03:54.615 --> 00:03:55.700 you can go to what's 00:03:55.700 --> 00:03:58.280 Microsoft Learn and I'll touch on that just for a second. 00:03:58.280 --> 00:04:00.250 But you don't even know what you don't know in 00:04:00.250 --> 00:04:03.050 certain instances and sometimes using 00:04:03.050 --> 00:04:05.825 one Azure service in the context of 00:04:05.825 --> 00:04:09.485 web is totally different when you're using it for mobile. 00:04:09.485 --> 00:04:11.690 So with that said 00:04:11.690 --> 00:04:13.400 and that's what we're going to talk about today though is 00:04:13.400 --> 00:04:15.380 using several Azure services in 00:04:15.380 --> 00:04:18.755 the context of mobile just some tips and tricks about it. 00:04:18.755 --> 00:04:22.730 But I do want to talk about one thing and that's Microsoft Learn. 00:04:22.730 --> 00:04:25.070 So what Learn does if you listened to 00:04:25.070 --> 00:04:27.380 the Xamarin podcast at all is that James that I made 00:04:27.380 --> 00:04:32.900 a joke about it it's 100 percent free is that it has 00:04:32.900 --> 00:04:35.510 both Xamarin content on it to learn 00:04:35.510 --> 00:04:37.355 the successor for Xamarin University 00:04:37.355 --> 00:04:39.590 and also a lot of Azure content as well. 00:04:39.590 --> 00:04:42.200 So what you can do is follow this aka.ms 00:04:42.200 --> 00:04:45.950 link and what it does is step-by-step tutorials. 00:04:45.950 --> 00:04:50.660 You're actually able to new up sandbox portions of Azure to it. 00:04:50.660 --> 00:04:52.580 So as you go through the tutorial you're 00:04:52.580 --> 00:04:55.960 typing and creating services and learning as you go. 00:04:55.960 --> 00:04:57.855 So it's actually pretty cool. 00:04:57.855 --> 00:05:03.290 So just waiting for some photos and we're off. 00:05:03.290 --> 00:05:04.940 So the things that we're going to talk 00:05:04.940 --> 00:05:06.550 about today some of our tips and 00:05:06.550 --> 00:05:10.235 tricks are going to deal with security of your apps. 00:05:10.235 --> 00:05:13.115 So what I'm going to call Auth and Auth authentication 00:05:13.115 --> 00:05:16.970 and authorization and then performance, 00:05:16.970 --> 00:05:20.065 how to make things run faster in the Cloud. 00:05:20.065 --> 00:05:23.930 All right. Let's first off then security. 00:05:23.930 --> 00:05:25.430 This is one of 00:05:25.430 --> 00:05:28.985 the only not hand-drawn slides I have because it is an important. 00:05:28.985 --> 00:05:32.285 Security, very important topic. 00:05:32.285 --> 00:05:35.195 Let's say you have a app. 00:05:35.195 --> 00:05:37.850 It's the world's greatest weather app. 00:05:37.850 --> 00:05:42.050 It's stick figures and what you have there is call out to 00:05:42.050 --> 00:05:44.840 a weather API service and it brings out this 00:05:44.840 --> 00:05:48.305 partly cloudy brings out a Cloud with a little stick figure son, 00:05:48.305 --> 00:05:51.155 partly cloudy happens to be the name of the target. 00:05:51.155 --> 00:05:53.900 It's written perfectly, it's wonderful. 00:05:53.900 --> 00:05:58.280 Problem is it has this very expensive third-party API key 00:05:58.280 --> 00:06:00.950 that you have to call to the weather service with. 00:06:00.950 --> 00:06:04.465 So what do you do? Well, hard-code it in why not? 00:06:04.465 --> 00:06:06.710 Well, the problem is that you might have 00:06:06.710 --> 00:06:09.815 somebody who decompiles your app Android, 00:06:09.815 --> 00:06:11.870 you lose your API key. 00:06:11.870 --> 00:06:15.095 Then maybe you have to cycle that API key. 00:06:15.095 --> 00:06:16.610 If you have it hard-coded you're going to have 00:06:16.610 --> 00:06:18.140 to redeploy the whole app and that's going 00:06:18.140 --> 00:06:20.645 to be a pain even if 00:06:20.645 --> 00:06:23.270 you're just deploying it within your own company. 00:06:23.270 --> 00:06:25.955 Even just internally just having to do a deploy for 00:06:25.955 --> 00:06:30.010 cycling an API key that's a big issue. 00:06:30.010 --> 00:06:32.450 Then there's also what I'm going to call credential passing. 00:06:32.450 --> 00:06:34.100 This is what I mean by credential 00:06:34.100 --> 00:06:36.680 passing is something that we don't want to really have to do. 00:06:36.680 --> 00:06:39.530 Let's say this is you, you're happy right, 00:06:39.530 --> 00:06:41.750 sole developer you have your API keys, 00:06:41.750 --> 00:06:45.110 your hard-coded all over the place big deal and life is good. 00:06:45.110 --> 00:06:48.854 You bring on three more happy faces, 00:06:48.854 --> 00:06:51.375 how do you get them the keys to your app? 00:06:51.375 --> 00:06:53.210 Well, if you're like me you're going to check them 00:06:53.210 --> 00:06:54.760 into GitHub and not worry about it. 00:06:54.760 --> 00:06:58.975 However, you might want to e-mail them, 00:06:58.975 --> 00:07:01.405 slack channel them, or whatever. 00:07:01.405 --> 00:07:04.370 Four people not too bad. 00:07:04.370 --> 00:07:07.090 You're doing great, you're bigger team now. 00:07:07.090 --> 00:07:08.130 You've got 13 people, 00:07:08.130 --> 00:07:09.890 how do you handle the credential passing? 00:07:09.890 --> 00:07:11.400 It gets even worse. 00:07:11.400 --> 00:07:15.460 So the issue comes on more and more it's not 00:07:15.460 --> 00:07:19.535 a good idea how do you handle credentials to one back-end service? 00:07:19.535 --> 00:07:21.770 Even worse we're remote teams, 00:07:21.770 --> 00:07:23.440 people are working from coffee shops. 00:07:23.440 --> 00:07:27.220 Let's say it's not just an API key your database service. 00:07:27.220 --> 00:07:29.410 Somebody is at a coffee shop they get up and leave and 00:07:29.410 --> 00:07:31.945 another person takes a snapshot of their screen. 00:07:31.945 --> 00:07:34.690 You also have a big database breach. 00:07:34.690 --> 00:07:39.640 In case you're wondering who did that database breach, Steve? 00:07:39.640 --> 00:07:43.060 Can never trust Steve going out to coffee shops. 00:07:43.060 --> 00:07:47.155 Anyways, Azure Key Vault. 00:07:47.155 --> 00:07:49.270 So Azure Key Vault is one of those things 00:07:49.270 --> 00:07:52.240 that you don't want to use it locally, 00:07:52.240 --> 00:07:54.835 we just want to use it up in Azure. 00:07:54.835 --> 00:07:57.280 So let's take a peek at what we're going to do and how we can 00:07:57.280 --> 00:08:04.270 actually use it up in Azure. All right. 00:08:04.270 --> 00:08:07.960 So before we get 00:08:07.960 --> 00:08:10.360 into it I want to show you the app that we're going to be demoing 00:08:10.360 --> 00:08:16.290 with for the rest of today as it'll come up on here. 00:08:16.290 --> 00:08:20.170 All right. So it's going to be a clone of the Microsoft News app. 00:08:20.170 --> 00:08:24.145 So it actually, I'm really proud at how this looks. 00:08:24.145 --> 00:08:26.920 It's using Shell, it's using 00:08:26.920 --> 00:08:31.090 material or visual material is coming through. 00:08:31.090 --> 00:08:35.565 We're going to actually have collection view here as well. 00:08:35.565 --> 00:08:37.430 I can go in and I can, 00:08:37.430 --> 00:08:39.590 our collection view is actually on this one, I'm sorry. 00:08:39.590 --> 00:08:42.115 You can actually go in then and sign in. 00:08:42.115 --> 00:08:45.260 It'll go up call to Azure B2C. 00:08:45.260 --> 00:08:49.760 I will log in and 00:08:49.760 --> 00:08:52.820 please if you ever have any questions e-mail me here. 00:08:52.820 --> 00:08:58.800 If you ever want to get into my banking account, it's abcd1234! 00:09:05.110 --> 00:09:08.870 Log in, and then back to the start and 00:09:08.870 --> 00:09:11.830 one thing you can see is that for my products, I mean. 00:09:11.830 --> 00:09:14.510 I'm interested in these certain things products, 00:09:14.510 --> 00:09:16.085 science, and tech and so on. 00:09:16.085 --> 00:09:19.480 So this is a news app where I can just go through and say, 00:09:19.480 --> 00:09:20.895 "All right I'm interested in products, 00:09:20.895 --> 00:09:22.495 I'm interested in science and tech." 00:09:22.495 --> 00:09:24.660 So I'm just going through and saying, 00:09:24.660 --> 00:09:27.110 "Hey, I'm interested in it." Let's save it. 00:09:27.110 --> 00:09:29.330 It's going to go through different, 00:09:29.330 --> 00:09:30.950 it's going to follow me around on my different 00:09:30.950 --> 00:09:32.930 devices so to speak. 00:09:32.930 --> 00:09:34.910 Logging in with B2C, 00:09:34.910 --> 00:09:37.745 setting the stage for certain things that we're going to use. 00:09:37.745 --> 00:09:41.690 This as I mentioned the news is actually coming down 00:09:41.690 --> 00:09:46.985 with Microsoft Cognitive Services News Search. 00:09:46.985 --> 00:09:51.530 It has an API key. All right. 00:09:51.530 --> 00:09:53.825 So that's what we're playing with today. 00:09:53.825 --> 00:09:56.540 Here's what the New Search looks like right now. 00:09:56.540 --> 00:09:59.660 It's just calling out using 00:09:59.660 --> 00:10:01.790 the NuGet package for 00:10:01.790 --> 00:10:05.350 News Search and I have a Bing API key right here. 00:10:05.350 --> 00:10:08.585 Right there I just leaked it. 00:10:08.585 --> 00:10:10.330 Everybody here knows it. It's on the live stream. 00:10:10.330 --> 00:10:13.565 Everybody like I'm sure there's 10,000 people watching right now. 00:10:13.565 --> 00:10:15.500 The entire world knows my API key. 00:10:15.500 --> 00:10:16.610 So I wanted to get rid of it. 00:10:16.610 --> 00:10:18.230 I want to cycle it around. 00:10:18.230 --> 00:10:19.970 So the first thing I want to do is 00:10:19.970 --> 00:10:22.095 I don't want to have this all locally. 00:10:22.095 --> 00:10:26.255 So I'm calling out to Azure anyway to get it. 00:10:26.255 --> 00:10:29.705 So a better way to do this would be to call through functions. 00:10:29.705 --> 00:10:33.380 So calling out to Azure Functions does a couple of things for me. 00:10:33.380 --> 00:10:39.500 One it lets me essentially hide that API key up in Azure. 00:10:39.500 --> 00:10:41.510 So before I start talking about it, 00:10:41.510 --> 00:10:45.845 so my Azure functions really here is you can see my, 00:10:45.845 --> 00:10:47.880 here I just have things like get top news, 00:10:47.880 --> 00:10:50.435 get news by category and so on. 00:10:50.435 --> 00:10:55.100 In my Azure functions I just recreated that get top news, 00:10:55.100 --> 00:10:56.405 get news by category. 00:10:56.405 --> 00:10:58.940 It's the same thing I just moved them up into functions. 00:10:58.940 --> 00:11:01.860 One function for each thing I'm doing. 00:11:04.080 --> 00:11:08.695 So then on my resources here, up in Azure. 00:11:08.695 --> 00:11:11.170 Make that smaller, and how we doing on, 00:11:11.170 --> 00:11:12.880 can people see in back? 00:11:12.880 --> 00:11:16.720 Good. Silence means everything's perfect? 00:11:16.720 --> 00:11:21.085 So I will go here and then up here in Azure, 00:11:21.085 --> 00:11:24.140 I have my functions deployed. 00:11:24.510 --> 00:11:27.295 One of the things you'll note 00:11:27.295 --> 00:11:29.530 here is when I go and get my functions, 00:11:29.530 --> 00:11:31.645 when I knew it up, 00:11:31.645 --> 00:11:36.680 Get top news, I'm pulling in this new search key. 00:11:37.260 --> 00:11:43.340 This new search key is coming from my configuration, 00:11:43.710 --> 00:11:47.295 and I'll make this a little bit bigger as I scroll down, 00:11:47.295 --> 00:11:48.555 new search key right here. 00:11:48.555 --> 00:11:50.310 All right. So things are a little bit more 00:11:50.310 --> 00:11:52.995 secure right now, and that's a little bit better. 00:11:52.995 --> 00:11:57.980 I'm just having my API keys up here in Azure. It's okay. 00:11:57.980 --> 00:11:59.860 It should be secure, it's only limited to 00:11:59.860 --> 00:12:01.660 people who can actually get up there with my account. 00:12:01.660 --> 00:12:05.140 It's a little bit better. It's not the greatest though. 00:12:05.140 --> 00:12:09.535 So what I want to do is putting this into Azure Key Vault. 00:12:09.535 --> 00:12:13.195 So what is Azure Key Vault then? 00:12:13.195 --> 00:12:16.390 It pretty much does exactly what it sounds like. 00:12:16.390 --> 00:12:19.690 It's highly encrypted things where you put your secrets. 00:12:19.690 --> 00:12:21.640 You can put secrets, 00:12:21.640 --> 00:12:24.460 certificates, keys, and so on into it. 00:12:24.460 --> 00:12:26.980 What you can do with this is restrict access to 00:12:26.980 --> 00:12:30.280 whatever you want to have access to within it. 00:12:30.280 --> 00:12:33.700 So a secret is 00:12:33.700 --> 00:12:36.790 actually what your API keys would be. It's like a string. 00:12:36.790 --> 00:12:38.710 So what I want to do is, 00:12:38.710 --> 00:12:40.795 go back to my constants, 00:12:40.795 --> 00:12:44.320 copy that old, and I'm going to put a new one in here. 00:12:44.320 --> 00:12:47.230 So I'm going to call this Bing-News 00:12:47.230 --> 00:12:51.655 copy the value into it, and then create it. 00:12:51.655 --> 00:12:54.415 All right. So it's going to create the Bing news thing. 00:12:54.415 --> 00:12:56.755 I'm going to be able to go in here. 00:12:56.755 --> 00:12:59.815 It comes with a URL, 00:12:59.815 --> 00:13:03.670 a secret identifier that I can go and copy in for it. 00:13:03.670 --> 00:13:06.580 I could also version it's around too. 00:13:06.580 --> 00:13:08.095 So if I ever with my key, 00:13:08.095 --> 00:13:09.460 which I did several times, 00:13:09.460 --> 00:13:12.550 I can create a new version for it as well here. 00:13:12.550 --> 00:13:15.610 Great. So what I'm going to do then, 00:13:15.610 --> 00:13:18.260 is go back into my function. 00:13:25.820 --> 00:13:31.120 So within my function, I'm going to go to the edit, 00:13:31.120 --> 00:13:34.945 and instead of having this, 00:13:34.945 --> 00:13:44.650 I'm going to say Microsoft.KeyVault 00:13:44.650 --> 00:13:50.240 secret URI equals that value. 00:13:51.540 --> 00:13:54.640 So now, it's saying, "All right, 00:13:54.640 --> 00:13:58.075 Azure Function go talk to Key Vault and get it." 00:13:58.075 --> 00:14:00.610 But I still have to do one final step, 00:14:00.610 --> 00:14:05.290 and that's actually give the Azure Function access to it. 00:14:05.290 --> 00:14:11.590 That's done through this thing called identity, 00:14:11.590 --> 00:14:14.620 Managed Server Identity, which is simply as 00:14:14.620 --> 00:14:18.460 going set it on and save, and then let it go. 00:14:18.460 --> 00:14:19.480 So what I'm doing here is, 00:14:19.480 --> 00:14:22.855 I'm actually saying to Active Directory behind the scenes, 00:14:22.855 --> 00:14:27.370 which you get every time you create a subscription for an Azure. 00:14:27.370 --> 00:14:29.290 I'm saying, "Hey, Active Directory make my 00:14:29.290 --> 00:14:32.860 function," like an entity in here, "Make it like a person." 00:14:32.860 --> 00:14:35.230 So I can actually go through and give 00:14:35.230 --> 00:14:37.585 it permissions to my Key Vault. 00:14:37.585 --> 00:14:39.025 So I went through and it says, 00:14:39.025 --> 00:14:40.840 "All right, we're all cool." 00:14:40.840 --> 00:14:44.260 Back to the Dashboard over to Key Vault, 00:14:44.260 --> 00:14:46.960 and then I can go to access policies. 00:14:46.960 --> 00:14:49.690 So right now, I'm the only one who could go and read Key Vault, 00:14:49.690 --> 00:14:51.745 or I can go and add new. 00:14:51.745 --> 00:14:54.580 I may go to "Secret management", 00:14:54.580 --> 00:14:57.355 because that's where all my API keys are, 00:14:57.355 --> 00:15:00.230 and then select "Principle." 00:15:00.570 --> 00:15:03.460 Once that loads up, 00:15:03.460 --> 00:15:09.145 it's going to be xam-dev-summit-function. 00:15:09.145 --> 00:15:10.899 It should go around, 00:15:10.899 --> 00:15:13.270 and it's going to take a little bit to come through. 00:15:13.270 --> 00:15:15.710 So I'm going to try it one more time. 00:15:22.170 --> 00:15:27.680 We'll refresh and come back in. That's fine. 00:15:38.130 --> 00:15:40.840 Of course, it takes up just a little bit. 00:15:40.840 --> 00:15:42.820 So I'm going to back, I'd go back in, 00:15:42.820 --> 00:15:44.140 and if it doesn't work this time, 00:15:44.140 --> 00:15:46.610 we'll pretend it just did. 00:15:47.550 --> 00:15:51.145 Back to "Access policies", "Add new", 00:15:51.145 --> 00:15:58.640 "Secret management" select "Principle" xam-dev-summit-function. 00:15:59.610 --> 00:16:02.710 Of course, it doesn't show up. 00:16:02.710 --> 00:16:06.070 All right. It will be there in just a couple of seconds. 00:16:06.070 --> 00:16:11.710 So what I'll go back then in the here is for my Bing news service, 00:16:11.710 --> 00:16:15.320 I'm not going to use that locally any longer. 00:16:16.350 --> 00:16:18.730 I might have a function's new service. 00:16:18.730 --> 00:16:22.225 So this is in my core portion of Xamarin.Forms, 00:16:22.225 --> 00:16:24.370 and what I'm going to do here is just go 00:16:24.370 --> 00:16:27.040 over and call my functions. 00:16:27.040 --> 00:16:28.615 I'm using a refit, 00:16:28.615 --> 00:16:30.670 all the way at the bottom here to actually do it. 00:16:30.670 --> 00:16:32.605 So I'm just saying, "Whack, 00:16:32.605 --> 00:16:35.020 get news by category or get top news, 00:16:35.020 --> 00:16:37.975 return everything and populate that way." 00:16:37.975 --> 00:16:41.900 So let's see if it actually came through yet. 00:16:50.640 --> 00:16:54.115 There it is, xam-dev-summit-scus, 00:16:54.115 --> 00:16:59.740 select "Secret Permission", and it's one, 00:16:59.740 --> 00:17:02.095 two, three, four, five. 00:17:02.095 --> 00:17:03.985 It really only needs get, 00:17:03.985 --> 00:17:06.700 but I'm going to give it all just so. 00:17:06.700 --> 00:17:09.295 Nothing like going overboard. 00:17:09.295 --> 00:17:11.995 So it has everything it needs right now. 00:17:11.995 --> 00:17:14.035 I'm going to just double-check, 00:17:14.035 --> 00:17:20.980 and I think I type something in wrong. 00:17:20.980 --> 00:17:24.140 So I'm not going to play around with it too long. 00:17:32.190 --> 00:17:37.495 So what I did here is I must have mistype Microsoft. 00:17:37.495 --> 00:17:42.670 So I'm going to grab it from 00:17:42.670 --> 00:17:53.390 a different one and retype it in. 00:17:56.370 --> 00:17:59.630 So I have it. 00:18:11.250 --> 00:18:15.050 Updating web app settings. 00:18:15.150 --> 00:18:19.070 Once this saves, good. 00:18:21.270 --> 00:18:23.770 Then when I go back to postman, 00:18:23.770 --> 00:18:26.980 it should be good here, loading, good. 00:18:26.980 --> 00:18:30.745 We have our stuff back, so I can reload my app. 00:18:30.745 --> 00:18:35.710 Now, it's using functions instead of local, 00:18:35.710 --> 00:18:38.695 and I have my key vaulted API key. 00:18:38.695 --> 00:18:42.130 So now I could cycle it if I need it to. 00:18:42.130 --> 00:18:43.900 So it's just way more secure. 00:18:43.900 --> 00:18:48.685 So I'm not holding any API keys on device any longer. 00:18:48.685 --> 00:18:51.280 This will be really good as far as when it comes 00:18:51.280 --> 00:18:54.310 to connection strings as well when we get to that. 00:18:54.310 --> 00:18:56.350 You don't want to have any database connection strings 00:18:56.350 --> 00:18:58.750 locally if you can avoid it. 00:18:58.750 --> 00:19:04.120 All right. You see that one, 00:19:04.120 --> 00:19:05.575 Apple's killing the notch, 00:19:05.575 --> 00:19:08.410 look at that. Who would have guessed? 00:19:08.410 --> 00:19:12.560 Anyways. Here we go. 00:19:15.720 --> 00:19:23.125 Auth & Auth, authentication and authorization. All right. 00:19:23.125 --> 00:19:25.480 So authentication and authorization really are 00:19:25.480 --> 00:19:28.495 two different things that go hand in hand. 00:19:28.495 --> 00:19:32.455 There is the authentication part of it. 00:19:32.455 --> 00:19:35.050 Who is, I am who I am and here's 00:19:35.050 --> 00:19:39.130 my backing ID credentials who says, "Who I am." 00:19:39.130 --> 00:19:41.530 Then there's the authorization part, 00:19:41.530 --> 00:19:43.360 who is the guy who says, "No, 00:19:43.360 --> 00:19:45.890 either you can or you can't come in, 00:19:45.960 --> 00:19:50.180 here's who I am and here's what I want to do." 00:19:50.640 --> 00:19:54.340 So Azure has really two parts of it. 00:19:54.340 --> 00:19:57.700 We have Azure Active Directory B2C, 00:19:57.700 --> 00:19:59.395 which you can think of as a core. 00:19:59.395 --> 00:20:01.390 There's an Active Directory core to it, 00:20:01.390 --> 00:20:04.630 and then there's a bunch of identity providers that sit around it. 00:20:04.630 --> 00:20:08.155 So the identity providers really do a lot of things by saying, 00:20:08.155 --> 00:20:10.165 "Here's who you are". 00:20:10.165 --> 00:20:12.370 Twitter, you can log in and Twitter can vouch, 00:20:12.370 --> 00:20:14.470 all right, this is code Mailman. 00:20:14.470 --> 00:20:16.720 Or you can use GitHub to vouch for, 00:20:16.720 --> 00:20:18.400 yeah, this is.code mailman, 00:20:18.400 --> 00:20:24.010 which then has a backing person in Active Directory. 00:20:24.010 --> 00:20:27.085 All right. So Active Directory B2C here is 00:20:27.085 --> 00:20:30.265 like an abstraction over all those identity providers. 00:20:30.265 --> 00:20:32.755 But it's still the WHO right. 00:20:32.755 --> 00:20:34.000 And in our apps, 00:20:34.000 --> 00:20:38.860 we use MSAL to get to it, Microsoft Authentication Library. 00:20:38.860 --> 00:20:41.335 This is all fine. 00:20:41.335 --> 00:20:43.150 It works great. 00:20:43.150 --> 00:20:46.930 The problem is that it works very tricky. 00:20:46.930 --> 00:20:50.905 It's low level, it can be hard to set up. 00:20:50.905 --> 00:20:56.875 I have a 13-part blog series on using B2C with MSAL, 00:20:56.875 --> 00:20:59.980 and I can easily write 10 more parts on it. 00:20:59.980 --> 00:21:01.360 Identity is tough. 00:21:01.360 --> 00:21:03.400 It's really really tough. 00:21:03.400 --> 00:21:07.930 So enter App Center. 00:21:07.930 --> 00:21:09.775 If you all haven't tried 00:21:09.775 --> 00:21:14.485 Apps Center's authentication piece yet, give it a shot. 00:21:14.485 --> 00:21:16.330 It has a beautiful, beautiful, 00:21:16.330 --> 00:21:19.315 beautiful API surface to it. 00:21:19.315 --> 00:21:20.890 It wraps up MSAL, 00:21:20.890 --> 00:21:22.675 so it uses MSAL underneath the covers, 00:21:22.675 --> 00:21:25.000 wraps up MSAL that still uses B2C. 00:21:25.000 --> 00:21:29.140 It just gives us a little better API surface for it. 00:21:29.140 --> 00:21:30.400 So you would use MSAL if you really 00:21:30.400 --> 00:21:31.810 want to get down to the nitty gritty, 00:21:31.810 --> 00:21:33.805 but if you don't need to, you would use App Center. 00:21:33.805 --> 00:21:37.690 But that's only giving us the who, 00:21:37.690 --> 00:21:40.750 it's not giving us the what can I do yet. 00:21:40.750 --> 00:21:42.820 So the tip and trick here is, 00:21:42.820 --> 00:21:45.865 how do we figure out what we can do. 00:21:45.865 --> 00:21:48.880 So on the app, the what we can do 00:21:48.880 --> 00:21:52.059 part was the saving our preferences, 00:21:52.059 --> 00:21:55.645 and what news functions we wanted to look at, 00:21:55.645 --> 00:21:59.695 the product, the science and technology, that type of stuff. 00:21:59.695 --> 00:22:02.725 So I'm using Cosmos DB as my backend, 00:22:02.725 --> 00:22:06.625 and so you can think of how Cosmos stores that stuff. 00:22:06.625 --> 00:22:08.710 It stores it as a NoSQL database. 00:22:08.710 --> 00:22:13.195 So we have most of our data is pushed away and it's big JSON blob. 00:22:13.195 --> 00:22:16.150 But there's a couple other portions of Cosmos as well. 00:22:16.150 --> 00:22:19.060 There's this ID column, that's there. 00:22:19.060 --> 00:22:21.280 Then there's this partition, 00:22:21.280 --> 00:22:23.559 and this partition really, 00:22:23.559 --> 00:22:26.245 I think of it as a sitting kind of separately, 00:22:26.245 --> 00:22:27.310 it kind of doesn't, 00:22:27.310 --> 00:22:30.955 but it sits separately and we can use 00:22:30.955 --> 00:22:34.855 that as a little bit of a security thing. 00:22:34.855 --> 00:22:38.095 Because ideally, what we want to have happen is 00:22:38.095 --> 00:22:42.040 we don't want to have our connection string for Cosmos 00:22:42.040 --> 00:22:50.080 sitting in our client that has absolute superuser rights to it. 00:22:50.080 --> 00:22:54.460 Because then I'll be able to get at somebody else's data or 00:22:54.460 --> 00:22:56.320 you'll be able to get at my data if there's maybe 00:22:56.320 --> 00:22:58.765 a bug in the system or something like that. 00:22:58.765 --> 00:23:02.830 So we want to be able to get at only one user's data at a time. 00:23:02.830 --> 00:23:06.220 So ideally, we want to able to have less Cosmos come back. 00:23:06.220 --> 00:23:08.305 Instead of us sending it the connection string, 00:23:08.305 --> 00:23:10.270 we want to have Cosmos tell us 00:23:10.270 --> 00:23:14.140 a particular string for us to operate with. 00:23:14.140 --> 00:23:16.915 So essentially, we want to Cosmos that give us a token 00:23:16.915 --> 00:23:19.570 and that token is able to say, "All right, 00:23:19.570 --> 00:23:21.700 Matt, you only have access in 00:23:21.700 --> 00:23:25.750 this connection to hit User One's data." 00:23:25.750 --> 00:23:29.185 User One's data is in this partition. 00:23:29.185 --> 00:23:35.665 So how do we go about doing that with all of these arrows? 00:23:35.665 --> 00:23:40.105 I wrote the the Microsoft Docs 00:23:40.105 --> 00:23:44.965 Getting Started with Cosmos DB on Xamarin, 00:23:44.965 --> 00:23:49.045 and we could not put this in because all those arrows, 00:23:49.045 --> 00:23:51.400 and there's a big blob right on top of it. 00:23:51.400 --> 00:23:54.730 It says, "Don't put your connection string in the app", 00:23:54.730 --> 00:23:56.830 because all of these arrows, 00:23:56.830 --> 00:23:59.950 but yet this is essential to when 00:23:59.950 --> 00:24:03.220 you want to connect to Cosmos on device. 00:24:03.220 --> 00:24:04.390 You really should do it this way, 00:24:04.390 --> 00:24:06.130 and I call it the broker pattern. 00:24:06.130 --> 00:24:07.840 So here's what it's doing, 00:24:07.840 --> 00:24:12.730 is I'm already assumed that you've logged in with B2C. 00:24:12.730 --> 00:24:14.800 You have the credentials that's saying, 00:24:14.800 --> 00:24:17.005 "Ooh, I happen to be. " 00:24:17.005 --> 00:24:18.850 So number one, you're going to go up to 00:24:18.850 --> 00:24:20.650 this broker in the Cloud somewhere, 00:24:20.650 --> 00:24:21.790 whether it's a web API, 00:24:21.790 --> 00:24:23.260 whether it's an Azure function, 00:24:23.260 --> 00:24:25.330 and you're going to be giving it your token, 00:24:25.330 --> 00:24:27.935 your credentials saying, "Here's who I am. " 00:24:27.935 --> 00:24:30.195 The broker is going to take and is going to say, 00:24:30.195 --> 00:24:32.445 "Okay, well let me check this out." 00:24:32.445 --> 00:24:35.880 That's going to go over to B2C and say, "Do you trust this?" 00:24:35.880 --> 00:24:38.190 B2C is going to give it the thumbs up, cool, 00:24:38.190 --> 00:24:39.855 and then with number two, 00:24:39.855 --> 00:24:41.505 and it's going to go to Cosmos and say, 00:24:41.505 --> 00:24:43.990 "Okay, how should we handle this?" 00:24:43.990 --> 00:24:47.935 Here's who we are, and this is our app logic then saying, 00:24:47.935 --> 00:24:50.545 "Okay, let's do this on a partition." 00:24:50.545 --> 00:24:52.060 So in Cosmos' case, 00:24:52.060 --> 00:24:53.320 in our case right here, we're going to 00:24:53.320 --> 00:24:54.820 partition it out and I'll say, 00:24:54.820 --> 00:24:58.600 "For this user and its authToken we get", we're going to say, 00:24:58.600 --> 00:25:03.775 "authToken for this particular user's partition". 00:25:03.775 --> 00:25:06.309 Pass that back with number 3, 00:25:06.309 --> 00:25:09.475 and then pass it back number four. 00:25:09.475 --> 00:25:12.010 So now, we have this particular token that when 00:25:12.010 --> 00:25:14.560 we knew up our cosmos client on-device, 00:25:14.560 --> 00:25:19.540 that it's only good for that partition. 00:25:19.540 --> 00:25:22.885 So in step two when we're creating our token, 00:25:22.885 --> 00:25:24.550 we could actually create a for just one single 00:25:24.550 --> 00:25:26.440 document if we wanted to. 00:25:26.440 --> 00:25:28.690 So there's nothing saying that we have to create it 00:25:28.690 --> 00:25:30.865 for the entire partition. 00:25:30.865 --> 00:25:34.060 That's just what we happen to be doing in this use case. 00:25:34.060 --> 00:25:35.980 That's our app logic. 00:25:35.980 --> 00:25:37.795 Number two is our how we want to do it, 00:25:37.795 --> 00:25:41.665 how much we wanted to give to the user. 00:25:41.665 --> 00:25:43.900 But this is something that we should always 00:25:43.900 --> 00:25:45.895 be doing we connect to a database. 00:25:45.895 --> 00:25:47.650 Don't connect with the connection string, 00:25:47.650 --> 00:25:49.795 let's connect with a token 00:25:49.795 --> 00:25:52.795 that gives the least amount of privilege as possible. 00:25:52.795 --> 00:25:57.380 So let's check out a demo on how that's going to happen. 00:25:58.230 --> 00:26:03.085 All right. So let me shut down all the windows here. 00:26:03.085 --> 00:26:07.120 So right now, I'm connecting with the Cosmos data service, 00:26:07.120 --> 00:26:11.080 Cosmos API, key in my document client. 00:26:11.080 --> 00:26:13.870 So this is just the document client that straight up on 00:26:13.870 --> 00:26:18.580 the Cosmos New Get that I'm using it here, 00:26:18.580 --> 00:26:20.290 and I want to move that over. 00:26:20.290 --> 00:26:22.330 I don't want to use that. 00:26:22.330 --> 00:26:29.410 So what I'm going to do is I'm going to use a different one, 00:26:29.410 --> 00:26:36.715 and that's going to be call Cosmos partition service. 00:26:36.715 --> 00:26:40.180 So the only thing different in this Cosmos partition service, 00:26:40.180 --> 00:26:43.330 all their gets of data and everything else are going to 00:26:43.330 --> 00:26:46.840 be exactly the same because I'm using document client. 00:26:46.840 --> 00:26:49.090 I'm doing though here, 00:26:49.090 --> 00:26:55.870 is I'm going to be calling a function to go get my data, 00:26:55.870 --> 00:27:04.310 like my token and that function here is underneath this, 00:27:04.590 --> 00:27:09.910 and there's a lot of creation for Cosmos. 00:27:09.910 --> 00:27:12.820 Functions or Cosmos tokens. 00:27:12.820 --> 00:27:17.230 So I'll give you the the GitHub URL for all this. 00:27:17.230 --> 00:27:19.120 But essentially what it's doing is just 00:27:19.120 --> 00:27:21.160 going out and creating a bunch of permissions for 00:27:21.160 --> 00:27:23.785 this particular user based off of 00:27:23.785 --> 00:27:28.360 this ClaimsPrincipal that's coming in and passing it back. 00:27:28.360 --> 00:27:29.995 But one thing I do want to note, 00:27:29.995 --> 00:27:34.840 this is an Azure function and it's operating off of HTTP trigger, 00:27:34.840 --> 00:27:36.850 that's firing, it's taking 00:27:36.850 --> 00:27:40.330 a claims principal on the input, on the function. 00:27:40.330 --> 00:27:41.635 So it's saying, "All right. 00:27:41.635 --> 00:27:42.940 I need to be hooked up to 00:27:42.940 --> 00:27:45.550 a claims principal by tokens coming into it." 00:27:45.550 --> 00:27:48.025 So this is new and functions 2.0, 00:27:48.025 --> 00:27:49.510 and that we can actually say, "Hey, 00:27:49.510 --> 00:27:51.970 claims principal right there," and then it's saying, 00:27:51.970 --> 00:27:54.430 "Hey, Cosmos DB, I'm hooked up to here too. 00:27:54.430 --> 00:27:55.975 Let's buy the input." 00:27:55.975 --> 00:27:59.620 So I don't have to actually knew up a document client here at all, 00:27:59.620 --> 00:28:01.390 because everything's done for me. 00:28:01.390 --> 00:28:05.380 It's taken care of by Cosmos or by functions, 00:28:05.380 --> 00:28:08.905 that's just a neat thing going on. So all right. 00:28:08.905 --> 00:28:14.150 Now, what I'm going to do first then is, 00:28:14.610 --> 00:28:17.050 before we call that Cosmos, 00:28:17.050 --> 00:28:20.485 is I'm going to swap to App Center. 00:28:20.485 --> 00:28:23.439 So I want to show you what we have currently 00:28:23.439 --> 00:28:26.750 for authentication with MSAL. 00:28:26.750 --> 00:28:28.065 I'm not going to walk through it, 00:28:28.065 --> 00:28:30.720 it's just that this is all the code that we 00:28:30.720 --> 00:28:34.230 need to use to talk to B2C. 00:28:34.230 --> 00:28:36.120 That's a lot of code, 00:28:36.120 --> 00:28:38.445 and I'm not doing anything special. 00:28:38.445 --> 00:28:43.485 Let's use App Center instead. All right. 00:28:43.485 --> 00:28:48.105 Here we go, App Center always has a really pretty UI, 00:28:48.105 --> 00:28:49.380 as far as I'm concerned. 00:28:49.380 --> 00:28:51.330 So what I'm going to do first is connect to 00:28:51.330 --> 00:28:59.695 my Azure subscription over conference Wi-Fi and here we go. 00:28:59.695 --> 00:29:02.980 This is my subscription, hit "Next". 00:29:02.980 --> 00:29:06.084 Now, I already have a B2C tenant setup, 00:29:06.084 --> 00:29:07.930 because that's how it's working before with my MSAL, 00:29:07.930 --> 00:29:09.595 so it's going to ask me which one I want. 00:29:09.595 --> 00:29:12.685 This one happens to be Xam Dev Summit B2C. 00:29:12.685 --> 00:29:17.725 Next, which application? Partly newsy. 00:29:17.725 --> 00:29:21.820 Next, which scope is in there? 00:29:21.820 --> 00:29:24.040 Newsy. So I've already set all these up, 00:29:24.040 --> 00:29:25.150 as I said before. 00:29:25.150 --> 00:29:28.180 So it gets kind of walk me through what I've already did. 00:29:28.180 --> 00:29:29.890 So you still have to do this, 00:29:29.890 --> 00:29:33.295 and then finally it's saying which sign in policy do I want, 00:29:33.295 --> 00:29:39.111 and the sign-in policies are your user flows. 00:29:39.111 --> 00:29:44.480 Which is this B2C_1 signup. 00:29:46.230 --> 00:29:50.510 That's the only thing that it doesn't bring in for me. 00:29:51.270 --> 00:29:55.795 It connects, I "Grant Access" to it. 00:29:55.795 --> 00:30:01.370 That's it. I have now connected App Center to B2C. 00:30:01.710 --> 00:30:04.540 There's one other thing I need to do 00:30:04.540 --> 00:30:06.835 before I can make it actually talk to it, 00:30:06.835 --> 00:30:09.590 and that is change my info.plist. 00:30:10.140 --> 00:30:17.575 So the reason I have to change my info.plist is because 00:30:17.575 --> 00:30:25.645 whenever it calls out and logging in, it brings up a WebView. 00:30:25.645 --> 00:30:29.170 That WebView then you enter your username, password, 00:30:29.170 --> 00:30:32.845 and it calls back to the web app. 00:30:32.845 --> 00:30:34.300 So I'm putting in 00:30:34.300 --> 00:30:38.140 the URL that it's going to callback to, essentially. 00:30:38.140 --> 00:30:43.015 So App Center uses a different URL, than MCEL did. 00:30:43.015 --> 00:30:45.625 So that's this one I'm just sending setting up. 00:30:45.625 --> 00:30:48.520 So one question that I get asked a lot is do I need to 00:30:48.520 --> 00:30:51.910 show that WebView all the time that thing that shows up? 00:30:51.910 --> 00:30:54.745 No, you don't need to show it. 00:30:54.745 --> 00:30:57.040 But please, please, please, 00:30:57.040 --> 00:30:59.425 please, please, always do. 00:30:59.425 --> 00:31:01.300 You don't want to get into business of 00:31:01.300 --> 00:31:03.040 paneling our users passwords. 00:31:03.040 --> 00:31:06.325 That WebView takes care of all this security for you. 00:31:06.325 --> 00:31:09.355 Essentially, when you start handling your users' passwords, 00:31:09.355 --> 00:31:10.930 you become a man-in-the-middle. 00:31:10.930 --> 00:31:13.360 You have put a security hole in your app 00:31:13.360 --> 00:31:16.450 by handling your user's password, 00:31:16.450 --> 00:31:18.595 you got to store and then pass it yourself. 00:31:18.595 --> 00:31:20.305 So let that WebView do it. 00:31:20.305 --> 00:31:21.910 It's an operating system feature that 00:31:21.910 --> 00:31:26.170 lets you not have to worry about passwords. 00:31:26.170 --> 00:31:30.130 So use it, please. 00:31:30.130 --> 00:31:33.625 Cool. All right. So anyways. 00:31:33.625 --> 00:31:36.940 So now, we authentication services up, 00:31:36.940 --> 00:31:39.655 and then now AppCenterAuthService. 00:31:39.655 --> 00:31:47.500 This is all I need to do to sign in this. 00:31:47.500 --> 00:31:50.440 All this right here is just me doing some storage. 00:31:50.440 --> 00:31:52.315 This is just a sign in. 00:31:52.315 --> 00:31:56.695 That whole file before was the sign in. 00:31:56.695 --> 00:31:59.035 This is what it is now. 00:31:59.035 --> 00:32:05.965 That's crazy. This is what it is a sign out, it's much easier. 00:32:05.965 --> 00:32:08.260 So let's run this, 00:32:08.260 --> 00:32:09.460 and I'm going to set a break point. 00:32:09.460 --> 00:32:15.055 Make sure my CosmosPartitionService is set up, 00:32:15.055 --> 00:32:23.630 CosmosDataService commented out, and let's actually do this. 00:32:24.600 --> 00:32:33.200 Clean it, delete it. 00:32:33.390 --> 00:32:35.770 The reason I'm doing this is just to be 00:32:35.770 --> 00:32:40.840 sure everything is cleaned from the last time I logged in, 00:32:40.840 --> 00:32:45.920 because I don't want to have any tokens laying around. 00:32:52.530 --> 00:33:01.780 Here we go. All right. 00:33:01.780 --> 00:33:04.100 How about I go back to XR. 00:33:08.280 --> 00:33:15.530 I know what I did. App Center. 00:33:41.430 --> 00:33:47.485 All right. So here I go. I'm going to login, 00:33:47.485 --> 00:33:49.030 and so right now it prompts me. 00:33:49.030 --> 00:33:51.325 So this is part of what App Center is doing. 00:33:51.325 --> 00:33:52.450 Before when I tried to log in, 00:33:52.450 --> 00:33:53.620 I didn't get this pop up and say, 00:33:53.620 --> 00:33:55.900 "Hey, I want to try and assign in." All right. 00:33:55.900 --> 00:33:58.195 Cool. Brings me in, 00:33:58.195 --> 00:34:00.400 and because it's the same one as before, 00:34:00.400 --> 00:34:09.020 I can use my username and banking password again, ABCD1234! 00:34:11.840 --> 00:34:15.405 Then I should go over here, 00:34:15.405 --> 00:34:18.330 and then this will come out should hit Cosmos in a second, 00:34:18.330 --> 00:34:25.525 and this is the cosmosToken. 00:34:25.525 --> 00:34:28.795 So this will only be available for a certain amount of time. 00:34:28.795 --> 00:34:30.130 It's only going to allow me to hit 00:34:30.130 --> 00:34:33.710 my particular partition that I want to hit. 00:34:34.740 --> 00:34:37.300 So that way if I have any bugs in my code, 00:34:37.300 --> 00:34:39.920 I don't have to worry about anything at all. 00:34:39.990 --> 00:34:44.260 Very cool. Then this is always interesting to look at. 00:34:44.260 --> 00:34:47.830 This is a token that came back from App Center. 00:34:47.830 --> 00:34:50.510 I'll just let this run. 00:34:57.450 --> 00:35:00.340 So this is the App Center token and just tells me 00:35:00.340 --> 00:35:04.000 who I am, essentially. 00:35:04.000 --> 00:35:07.975 So me, and I ran on this thing. The newsy. 00:35:07.975 --> 00:35:11.960 So cool. 00:35:12.120 --> 00:35:18.320 My app is up and running. All right. 00:35:18.690 --> 00:35:21.370 So the moral of the story here 00:35:21.370 --> 00:35:25.284 is only connect to databases with tokens, 00:35:25.284 --> 00:35:28.225 and App Center here has a beautiful API, 00:35:28.225 --> 00:35:29.320 and if you can get away with it, 00:35:29.320 --> 00:35:32.710 if you don't need to use the low-level stuff that MCEL gives you, 00:35:32.710 --> 00:35:36.355 try using the App Center API, 00:35:36.355 --> 00:35:40.450 it's sign in and log out, sign out. 00:35:40.450 --> 00:35:46.180 All right. Performance. Then let's make our stuff faster. 00:35:46.180 --> 00:35:49.870 The whole key with performance when you're dealing with the Cloud 00:35:49.870 --> 00:35:55.300 is to bring your data closer to the users. 00:35:55.300 --> 00:35:57.790 So somebody, you can have your data center here. 00:35:57.790 --> 00:36:00.160 Everything that I've been showing you here so far has been set 00:36:00.160 --> 00:36:02.740 up in the South Central US data center, 00:36:02.740 --> 00:36:05.050 which I believe is in the Dallas area. 00:36:05.050 --> 00:36:08.019 But if somebody is over in Europe, 00:36:08.019 --> 00:36:11.395 and it's going to be a little bit slower for them. 00:36:11.395 --> 00:36:14.335 So we want to make it faster. How do we do that? 00:36:14.335 --> 00:36:16.855 Well, if we have Blobs, 00:36:16.855 --> 00:36:18.910 there's a super easy way to do that, 00:36:18.910 --> 00:36:21.460 and it's just wrap it in a CDN. 00:36:21.460 --> 00:36:24.040 I'll show you how to do that real quickly. 00:36:24.040 --> 00:36:25.870 So it's what a CDN is going to do. 00:36:25.870 --> 00:36:27.910 I'm sure we're all familiar with that from the web days 00:36:27.910 --> 00:36:30.010 is a content delivery network, 00:36:30.010 --> 00:36:32.230 it's great for static resources, 00:36:32.230 --> 00:36:35.350 and if we're using Blob Storage on Azure, 00:36:35.350 --> 00:36:38.305 it sets up super, super quick. 00:36:38.305 --> 00:36:40.780 So wrap it in a CDN, 00:36:40.780 --> 00:36:42.850 and serve everything from a CDN. 00:36:42.850 --> 00:36:46.885 Everything isn't to serve from the Azure Edge at that point. 00:36:46.885 --> 00:36:49.555 Secondly, the talk about Cosmos. 00:36:49.555 --> 00:36:52.150 Cosmos lets us do reading and 00:36:52.150 --> 00:36:55.090 writing from many different locations across the globe. 00:36:55.090 --> 00:36:57.715 It's really a matter of just clicking on 00:36:57.715 --> 00:37:00.835 a web page to set up more read and write regions. 00:37:00.835 --> 00:37:03.670 So the way this is cool in a way it works is 00:37:03.670 --> 00:37:07.495 that cosmos itself has a Traffic Manager. 00:37:07.495 --> 00:37:10.630 When you set up a Cosmos instance, you get a URL. 00:37:10.630 --> 00:37:14.140 That URL sits in front of a Traffic Manager. 00:37:14.140 --> 00:37:15.670 So it's going to be like say 00:37:15.670 --> 00:37:20.020 Math's cool Cosmos instance that documents that Azure,.NET, 00:37:20.020 --> 00:37:24.010 something like that, I'm issuing a crest requests against it. 00:37:24.010 --> 00:37:25.615 It first hits a Traffic Manager 00:37:25.615 --> 00:37:28.105 sees that I'm sitting in Europe somewhere, 00:37:28.105 --> 00:37:29.170 and it's going to wrote me to 00:37:29.170 --> 00:37:32.890 my closest Cosmos read region that I had set up. 00:37:32.890 --> 00:37:35.800 Cool. Everything's working as I would 00:37:35.800 --> 00:37:40.285 expect if I'm just accessing Cosmos for my app. 00:37:40.285 --> 00:37:43.975 However, I had that permissions function, 00:37:43.975 --> 00:37:46.150 which was accessing Cosmos for me, 00:37:46.150 --> 00:37:49.435 and if that's set up in South Central US, 00:37:49.435 --> 00:37:51.250 that's going to take a little bit longer then. 00:37:51.250 --> 00:37:52.720 If I'm sitting over in Europe, 00:37:52.720 --> 00:37:54.265 and I have to go route to that, 00:37:54.265 --> 00:37:55.525 and then route's back to me. 00:37:55.525 --> 00:37:57.580 So the question is how can I make 00:37:57.580 --> 00:38:02.750 my functions work faster as well? 00:38:03.030 --> 00:38:06.505 There's something called Azure Front Door. 00:38:06.505 --> 00:38:11.200 So Azure Front Door really is a global entry point for all of 00:38:11.200 --> 00:38:13.560 our web APIs that we 00:38:13.560 --> 00:38:17.370 write whether these are hosted on Azure or not. 00:38:17.370 --> 00:38:19.950 So what we do is we define routing. 00:38:19.950 --> 00:38:22.230 These are going to be URL matched. 00:38:22.230 --> 00:38:25.440 He's routing, then it's going to allow us to 00:38:25.440 --> 00:38:27.660 save where we want these ago 00:38:27.660 --> 00:38:29.640 and comes with a pretty cool GUI editor, 00:38:29.640 --> 00:38:31.860 which we'll get into, and it does 00:38:31.860 --> 00:38:34.790 allow us as well as seamless failover. 00:38:34.790 --> 00:38:36.910 So I can have one lets say, 00:38:36.910 --> 00:38:39.130 Azure Function spun up in 00:38:39.130 --> 00:38:43.285 South Central US another one somewhere over in Asia. 00:38:43.285 --> 00:38:46.885 If they wanted to hear South Central US goes down, 00:38:46.885 --> 00:38:49.570 the one in Asia will take on all the traffic for me. 00:38:49.570 --> 00:38:51.340 I don't have to do anything. 00:38:51.340 --> 00:38:53.335 It will just seamlessly do it. 00:38:53.335 --> 00:38:55.720 It's all SSL terminated as well. 00:38:55.720 --> 00:38:57.880 So SSL termination meaning, 00:38:57.880 --> 00:39:02.860 that my SSL's taken care of by the Azure Front Door server and 00:39:02.860 --> 00:39:05.230 my web app or function servers not getting 00:39:05.230 --> 00:39:08.875 overloaded and having to do SSL decryption and everything else, 00:39:08.875 --> 00:39:11.365 Front Door's not take care of it for me as well. 00:39:11.365 --> 00:39:16.090 This is all sits on the Azure Edge meaning that 00:39:16.090 --> 00:39:18.400 a web request is not going to have to route through 00:39:18.400 --> 00:39:20.320 the whole Azure system to find 00:39:20.320 --> 00:39:22.675 the one that's sitting let's say in Asia, 00:39:22.675 --> 00:39:25.510 it's going to get this URL that sits over on 00:39:25.510 --> 00:39:29.740 the Azure Edge which is going to be optimized for quick response. 00:39:29.740 --> 00:39:34.560 All right. CDNs and Front Doors. 00:39:34.560 --> 00:39:44.155 All right. The CDN then, Azure Storage. 00:39:44.155 --> 00:39:46.375 In here, I have 00:39:46.375 --> 00:39:53.860 the blobs that we 00:39:53.860 --> 00:39:57.010 show underneath the categories in the grid view. 00:39:57.010 --> 00:39:59.395 So what I want to do here is wrap 00:39:59.395 --> 00:40:02.500 that in a CDN to make it work a little bit faster. 00:40:02.500 --> 00:40:04.660 So all I have to do is, type in "Azure CDN, 00:40:04.660 --> 00:40:07.810 " it's right in there for you and create a new one. 00:40:07.810 --> 00:40:11.300 So I'm going to just do xamarin-dev-summit-cdn. 00:40:11.610 --> 00:40:14.665 That name is not taken, 00:40:14.665 --> 00:40:17.290 looks good to me and in the pricing tier. 00:40:17.290 --> 00:40:19.630 So what's offered on several different pricing tiers 00:40:19.630 --> 00:40:22.435 from Standard Microsoft horizon and Akamai, 00:40:22.435 --> 00:40:25.810 Standard Microsoft usually works just fine. 00:40:25.810 --> 00:40:28.315 Then the endpoint name, 00:40:28.315 --> 00:40:29.590 that one is also good. 00:40:29.590 --> 00:40:35.200 So it's going to be xdscdn.Azureedge.net, create it. 00:40:35.200 --> 00:40:36.460 As it go through, 00:40:36.460 --> 00:40:38.080 it's going to create it and push it out 00:40:38.080 --> 00:40:40.705 to all the CDN points around. 00:40:40.705 --> 00:40:44.380 So what I want to do here then is go into, 00:40:44.380 --> 00:40:50.450 stop this, my models class and make sure that's updated. 00:40:54.380 --> 00:41:01.440 I call that xds-cdn. 00:41:01.440 --> 00:41:04.300 Xam-dev-summit.cdn. 00:41:09.240 --> 00:41:12.025 Cool. Our images will be served 00:41:12.025 --> 00:41:14.725 from a CDN next time we run the app. 00:41:14.725 --> 00:41:17.750 Next thing up is Front Door. 00:41:19.500 --> 00:41:23.330 I want to set up a new portal. 00:41:28.590 --> 00:41:31.150 So what I have done, 00:41:31.150 --> 00:41:32.380 everything here is being served from 00:41:32.380 --> 00:41:35.575 South Central US, my two functions. 00:41:35.575 --> 00:41:38.290 I've already then repeated things, 00:41:38.290 --> 00:41:43.555 so I have two coming from Japan East and also West US too. 00:41:43.555 --> 00:41:47.950 So what I want to do is put these into a Front Door. 00:41:47.950 --> 00:41:52.900 So I mentioned Front Door has a pretty neat UI designer within. 00:41:52.900 --> 00:41:55.180 So what I'm going to have here 00:41:55.180 --> 00:41:59.470 is xam-dev-summit.Azurefd.net is now 00:41:59.470 --> 00:42:05.350 going to be my new URL Front Door for everything. 00:42:05.350 --> 00:42:10.300 All my requests are going to now go to that URL. 00:42:10.300 --> 00:42:16.405 Then for anything that ends with api/news, 00:42:16.405 --> 00:42:22.310 I'm going to route that to this back-end pool called news. 00:42:22.380 --> 00:42:27.850 That back-end pool called news then it's going to 00:42:27.850 --> 00:42:32.785 have this scus function in it, 00:42:32.785 --> 00:42:38.030 but I'm going to add more and I can add an App Service. 00:42:38.640 --> 00:42:43.045 In that then, that's US, 00:42:43.045 --> 00:42:48.790 I'm going to add my one in Japan, add. 00:42:48.790 --> 00:42:52.915 I'm going to add another App Service, 00:42:52.915 --> 00:43:00.805 and now I want to get the one in West US to function, add that. 00:43:00.805 --> 00:43:03.370 Function, function, function update. 00:43:03.370 --> 00:43:04.885 The same thing over for permissions. 00:43:04.885 --> 00:43:07.615 Everything for permissions api/permissions 00:43:07.615 --> 00:43:11.050 goes to the my permissions back-end pool. 00:43:11.050 --> 00:43:14.200 Per my permissions back-end pool then I already have the one 00:43:14.200 --> 00:43:19.810 for scus new back-end Service, App Service. 00:43:19.810 --> 00:43:27.580 It's going to Japan East, permission add. 00:43:27.580 --> 00:43:32.810 Then new back-end Service, App Service. 00:43:36.270 --> 00:43:38.785 Permissions West US. 00:43:38.785 --> 00:43:40.075 So what this is doing here, 00:43:40.075 --> 00:43:41.110 I can also do other things, 00:43:41.110 --> 00:43:43.555 I can give it a priority and await to tell me, 00:43:43.555 --> 00:43:46.330 I want this West US one always favored, 00:43:46.330 --> 00:43:49.960 something like that, add that as well. 00:43:49.960 --> 00:43:54.250 Then it's always going to be shooting off health probes as well. 00:43:54.250 --> 00:43:55.735 So if one goes down, 00:43:55.735 --> 00:44:00.505 it's going to automatically exclude one of these back-ends for me. 00:44:00.505 --> 00:44:04.300 Update it, save it. 00:44:04.300 --> 00:44:07.030 Then now, this is going to push everything out to 00:44:07.030 --> 00:44:09.700 the Azure Edge for me as well. 00:44:09.700 --> 00:44:11.920 So as that is going through, 00:44:11.920 --> 00:44:18.070 I'm going to go over to my constants. 00:44:18.070 --> 00:44:21.370 Comment all, there was out. 00:44:21.370 --> 00:44:23.710 Now, these are my functions that I'm using 00:44:23.710 --> 00:44:29.330 and they're now xam-dev-summit-Azure.fd.net. 00:44:29.940 --> 00:44:33.025 So updated the Front Door. 00:44:33.025 --> 00:44:38.635 I'm going to assume my CDN is there, great. 00:44:38.635 --> 00:44:40.000 So before I run this, 00:44:40.000 --> 00:44:46.510 I will note that CDNs are notoriously slow to update to the CDN. 00:44:46.510 --> 00:44:49.165 So we probably won't see any images, 00:44:49.165 --> 00:44:53.210 but we should be running against the Azure Front Door. 00:44:53.640 --> 00:44:57.220 So by not seeing any images, 00:44:57.220 --> 00:45:01.370 we should know that the images are on the CDN. 00:45:02.820 --> 00:45:05.320 So I just set it up for failure, 00:45:05.320 --> 00:45:08.030 but it's not working, it's going to work. 00:45:09.180 --> 00:45:17.725 Here we go, we get our database, 00:45:17.725 --> 00:45:20.770 remove that break point and 00:45:20.770 --> 00:45:25.310 then certain thing came down from the Front Door. 00:45:27.300 --> 00:45:31.000 Actually, I'm going to try something for the first time, 00:45:31.000 --> 00:45:36.020 I'm going to change my VPN over to Tokyo. 00:45:36.900 --> 00:45:40.990 So I want to actually see if it comes through Japan because 00:45:40.990 --> 00:45:42.550 it should come through in Japanese 00:45:42.550 --> 00:45:44.245 then it's going to make me log in. 00:45:44.245 --> 00:45:45.520 So believe it or not, 00:45:45.520 --> 00:45:49.195 my Microsoft password is not A, B, C, D,1,2,3,4. 00:45:49.195 --> 00:45:55.670 So all right, I will try this afterwards, let us see what happens. 00:45:58.620 --> 00:46:00.999 So with that said, 00:46:00.999 --> 00:46:03.820 there's a couple of this key components are that we went through 00:46:03.820 --> 00:46:06.820 one of the security with Key Vault. 00:46:06.820 --> 00:46:08.080 You don't want to have, 00:46:08.080 --> 00:46:10.405 your users have the credentials. 00:46:10.405 --> 00:46:13.750 What you can do is put things up in Key Vault and then 00:46:13.750 --> 00:46:17.275 they have a URL that they can hit at their. 00:46:17.275 --> 00:46:19.870 Ideally, your API keys or even sit into 00:46:19.870 --> 00:46:24.085 an Azure function itself and then the users just call that. 00:46:24.085 --> 00:46:27.640 Couple that with a little authentication so they know who they 00:46:27.640 --> 00:46:29.440 are and then the functions 00:46:29.440 --> 00:46:31.975 know who the users are and it's even better. 00:46:31.975 --> 00:46:37.960 Cosmos. Who you are, what you can do. 00:46:37.960 --> 00:46:41.890 Always connect to a database at the token if you can. 00:46:41.890 --> 00:46:43.600 Cosmos gives you a great way with 00:46:43.600 --> 00:46:46.165 partitioning as well to make that. 00:46:46.165 --> 00:46:47.350 So you can only say, 00:46:47.350 --> 00:46:49.045 who who can get what. 00:46:49.045 --> 00:46:51.760 Then for performance move your data as 00:46:51.760 --> 00:46:54.550 close to the user as you possibly can with 00:46:54.550 --> 00:46:58.000 CDNs and with Azure Front Door 00:46:58.000 --> 00:47:01.060 as a way to partition your functions out, 00:47:01.060 --> 00:47:03.985 and as a way to say, 00:47:03.985 --> 00:47:05.230 wherever you are in the world, 00:47:05.230 --> 00:47:06.670 brought it to the closest one based 00:47:06.670 --> 00:47:11.080 on IP addresses that come through''. 00:47:11.080 --> 00:47:14.230 So with that, all the code and slides will be 00:47:14.230 --> 00:47:19.450 at that aka.ms/xds- partly-cloudy. 00:47:19.450 --> 00:47:21.985 I'll also put in some further. 00:47:21.985 --> 00:47:23.800 Essentially, we're going to be deeper dive 00:47:23.800 --> 00:47:25.630 blogs onto the read-me's 00:47:25.630 --> 00:47:27.190 as well that go into this a little bit 00:47:27.190 --> 00:47:30.235 deeper that we couldn't get into. 00:47:30.235 --> 00:47:33.220 So with that, I heart Developers, 00:47:33.220 --> 00:47:35.530 please reach out for anything that you have, 00:47:35.530 --> 00:47:36.835 any questions at all. 00:47:36.835 --> 00:47:38.230 Whether that's about this, 00:47:38.230 --> 00:47:41.290 about something else, about Kubernetes or Docker, 00:47:41.290 --> 00:47:43.735 or anything else, I know people who know about it, 00:47:43.735 --> 00:47:45.730 who can help you out with anything at all. 00:47:45.730 --> 00:47:47.500 So let me help you get your voice heard with 00:47:47.500 --> 00:47:50.750 the Microsoft. Thank you very much.