Update 10-publish-and-deploy

Author: danroth27

docs/10-publish-and-deploy.md

@@ -16,43 +16,109 @@ Right-click on the Server project in the solution and select Publish. The ASP.NE
 
 ![Publish from VS](https://user-images.githubusercontent.com/1874516/51885818-2501ac80-2385-11e9-8025-4d1477083a8d.png)
 
-In the "Pick a publish target" dialog:
-- Select "App Service"
-- Select the "Create New" option
-- Select "Create Profile" in the button drop down before clicking it
+In the Publish wizard, select "Azure" and then select Next:
 
-![Pick a publish target](https://user-images.githubusercontent.com/1874516/51885912-7f027200-2385-11e9-8707-0e2f82b543fd.png)
+![Pick a publish target](https://user-images.githubusercontent.com/1874516/78459197-31118a00-766c-11ea-9d41-470ea772e34f.png)
+
+Select "Azure App Service (Windows)" for the specific target, and then select Next:
+
+![Publish to App Service](https://user-images.githubusercontent.com/1874516/78459246-8baae600-766c-11ea-9600-b01e168bf71a.png)
+
+Wait for your subscriptions to load, and then select the subscription to use for the Azure App Service. After selecting your subscription, select "Create a new Azure App Service..." at the bottom of the dialog.
+
+![Select existing or create new](https://user-images.githubusercontent.com/1874516/78459794-7041da00-7670-11ea-96ab-d103b8f21739.png)
+
+In the "App Service: Create New" dialog:
 
-In the "Create App Service" dialog:
 - Make sure that the correct account that you want to use for your new Azure App Service is selected in the account drop down in the upper right
 - Pick a unique name for your app (which becomes part of the app's default URL)
 - Select the Azure subscription you want to use along with the Resource Group and Hosting Plan
     - Resource groups are a convenient way to group related resources on Azure, so consider creating one specific to the pizza store app. 
-    - For the hosting plan, using a free plan is fine.
+    - For the hosting plan, you'll need to select a Basic tier hosting plan or higher.
 
-![Create App Service](https://user-images.githubusercontent.com/1874516/51886115-4e6f0800-2386-11e9-9da1-82cc910aad3b.png)
+![Create new App Service](https://user-images.githubusercontent.com/1874516/78463095-e0ab2400-768d-11ea-8ec3-f8885368118d.png)
 
-At this point you could also create a production database for your app. Since the app uses SQLite and deploys its own database, creating a database isn't necessary, but for a real app it would be.
+Click Create to create the app service. This may take a couple of minutes. 
 
-Click Create to create the App Service. This may take a couple of minutes. Once the App Service is created you should see your publish profile in the Publish page:
+Once the app service has been created, make sure it is selected and then click Finish in the Publish dialog
 
-![Publish profile](https://user-images.githubusercontent.com/1874516/51886256-ee2c9600-2386-11e9-9da7-d80d2500b0ea.png)
+![Finish Publish](https://user-images.githubusercontent.com/1874516/78459868-0d047780-7671-11ea-87d5-0a72ca9e5d36.png)
 
-Before we publish, we first we need to do some configuration for our app to run. The pizza store app requires a Twitter app consumer key and secret to handle authentication. During development, these values are stored in `appsettings.Development.json`. We need to configure these values in the App Service environment, or the app will fail to run.
+Once the App Service is created you should see your publish profile in the Publish page:
 
-To register your app service as a Twitter app, you'll need to use the [Twitter Developer Console](https://developer.twitter.com/apps) and signup up for a Twitter developer account. Or you can use dummy values for now, which will break authentication, but at least allow the app to run.
+![Publish profile](https://user-images.githubusercontent.com/1874516/78460244-0e836f00-7674-11ea-975a-f582d6af9942.png)
 
-Click on the "Edit App Service Settings" link. Add two settings: `Authentication:Twitter:ConsumerKey`, and `Authentication:Twitter:ConsumerSecret`. Specify the correct values for your Twitter app, or just put in some dummy strings if you don't care about getting  authentication working. Click OK to save the app settings.
+At this point you could create a production database for your app. Since the app uses SQLite and deploys its own database, creating a database isn't necessary, but for a real app it would be.
 
-![Add app settings](https://user-images.githubusercontent.com/1874516/51886491-fc2ee680-2387-11e9-9c16-5f1fc47365fa.png)
+If we publish the app at this point, it will return a server error and fail to start. This is because we first need to configure a signing key for IdentityServer. During development, we used a development key (see *BlazingPizza.Server/appsettings.Development.json*), but in production we need to configure an actual certificate for issuing tokens. We'll do that using Azure Key Vault.
 
-You're ready to publish! Click Publish.
+## Setup a signing certificate with Azure Key Vault
+
+You can create a signing certificate using an existing key vault, or create a new one.
+
+To create a new key vault:
+
+- Sign in to the Azure portal at https://portal.azure.com.
+- From the Azure portal menu, or from the Home page, select **Create a resource**.
+- In the Search box, enter **Key Vault**.
+- From the results list, choose **Key Vault**.
+- On the Key Vault section, choose **Create**.
+- On the **Create key vault** section, provide the following information:
+    - **Name**: A unique name is required.
+    - **Subscription**: Choose your subscription.
+    - **Resource Group**: Choose the resource group for your key vault.
+    - In the **Location** pull-down menu, choose a location.
+    - Leave the other options to their defaults.
+- After providing the information above, select **Create**.
+
+Browse to your key vault in the Azure portal and select **Certificates**. Select **Generate/Import** to create a new certificate.
+
+![Generate key vault certificate](https://user-images.githubusercontent.com/1874516/78463378-ba3ab800-7690-11ea-9744-6850c2d1a7e6.png)
+
+Generate a self-signed certificate with a name of your choice and a matching subject name (prefixed with "CN=") and the select **Create**.
 
-![image](https://user-images.githubusercontent.com/1874516/51886932-a52a1100-2389-11e9-8b58-6ea3ae5a4291.png)
+![Create certificate](https://user-images.githubusercontent.com/1874516/78463413-17cf0480-7691-11ea-91dc-343cdea5aa79.png)
 
+Browse to your app service in the portal, select **TLS/SSL Settings**. Select the **Private Key Certificates (.pfx)** tab and then select **Import Key Vault Certificate**.
+
+![Import key vault certificate](https://user-images.githubusercontent.com/1874516/78463445-890eb780-7691-11ea-949a-d7dd38b43550.png)
+
+Select the certificate you previously created to import it into the app service.
+
+![Select certificate](https://user-images.githubusercontent.com/1874516/78463454-ae9bc100-7691-11ea-9ca4-64d27582f699.png)
+
+Select the imported certificate and copy its thumbprint.
+
+![Copy certificate thumbprint](https://user-images.githubusercontent.com/1874516/78463487-1520df00-7692-11ea-93ae-697406bfdd86.png)
+
+Select **Configuration** in the left nav for the app service. Add the `WEBSITE_LOAD_CERTIFICATES` application setting with its value set to the certificate thumbprint you copied previously. This setting will make the certificate available to your app using the Windows certificate store.
+
+![Load certificates setting](https://user-images.githubusercontent.com/1874516/78463547-e8b99280-7692-11ea-9d02-394b20c653cd.png)
+
+Now update **appsettings.json* in the server project configure the app to use the certificate in production.
+
+```json
+"IdentityServer": {
+  "Key": {
+    "Type": "Store",
+    "StoreName": "My",
+    "StoreLocation": "CurrentUser",
+    "Name": "CN=BlazingPizzaCertificate"
+  },
+  "Clients": {
+    "BlazingPizza.Client": {
+      "Profile": "IdentityServerSPA"
+    }
+  }
+}
+```
+
+You're ready to publish! Click Publish.
 
 Publishing the app may take a few minutes. Once the app has finished deploying it should automatically load in the browser.
 
-![Published app](https://user-images.githubusercontent.com/1874516/51886593-5a5bc980-2388-11e9-9329-7e015901e45d.png)
+![Published app](https://user-images.githubusercontent.com/1874516/78463636-09ceb300-7694-11ea-9d3c-57b52b982186.png)
 
 Congrats!
+
+Once your done showing off your completed Blazor app to your friend, be sure to clean up any Azure resources that you no longer wish to maintain.

src/BlazingPizza.Client/App.razor

@@ -3,11 +3,7 @@
         <Found>
             <AuthorizeRouteView RouteData="routeData" DefaultLayout="typeof(MainLayout)">
                 <NotAuthorized>
-                    <div class="main">
-                        <h2>You're signed out</h2>
-                        <p>To continue, please sign in.</p>
-                        <a class="btn btn-danger" href="user/signin">Sign in</a>
-                    </div>
+                    <RedirectToLogin />
                 </NotAuthorized>
                 <Authorizing>
                     <div class="main">Please wait...</div>
@@ -16,7 +12,7 @@
         </Found>
         <NotFound>
             <LayoutView Layout="typeof(MainLayout)">
-                <div class="main">Page not found</div>
+                <div class="main">Sorry, there's nothing at this address.</div>
             </LayoutView>
         </NotFound>
     </Router>

src/BlazingPizza.Client/BlazingPizza.Client.csproj

@@ -9,8 +9,8 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="$(BlazorVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Build" Version="$(BlazorVersion)" PrivateAssets="all" />
-    <PackageReference Include="Microsoft.AspNetCore.Blazor.HttpClient" Version="$(BlazorVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Components.Authorization" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="System.Net.Http.Json" Version="$(SystemNetHttpJsonVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="$(BlazorVersion)" />
   </ItemGroup>
 
   <ItemGroup>

src/BlazingPizza.Client/Pages/Authentication.razor

@@ -0,0 +1,32 @@
+@page "/authentication/{action}"
+@inject OrderState OrderState
+@inject NavigationManager NavigationManager
+
+<RemoteAuthenticatorViewCore
+    TAuthenticationState="PizzaAuthenticationState"
+    AuthenticationState="RemoteAuthenticationState"
+    OnLogInSucceeded="RestorePizza"
+    Action="@Action" />
+
+@code{
+    [Parameter] public string Action { get; set; }
+
+    public PizzaAuthenticationState RemoteAuthenticationState { get; set; } = new PizzaAuthenticationState();
+
+    protected override void OnInitialized()
+    {
+        if (RemoteAuthenticationActions.IsAction(RemoteAuthenticationActions.LogIn, Action))
+        {
+            // Preserve the current order so that we don't loose it
+            RemoteAuthenticationState.Order = OrderState.Order;
+        }
+    }
+
+    private void RestorePizza(PizzaAuthenticationState pizzaState)
+    {
+        if (pizzaState.Order != null)
+        {
+            OrderState.ReplaceOrder(pizzaState.Order);
+        }
+    }
+}

src/BlazingPizza.Client/Pages/Checkout.razor

@@ -1,85 +1,80 @@
 @page "/checkout"
+@attribute [Authorize]
 @inject OrderState OrderState
 @inject HttpClient HttpClient
 @inject NavigationManager NavigationManager
+@inject IAccessTokenProvider TokenProvider
 @inject IJSRuntime JSRuntime
 
 <div class="main">
-    <AuthorizeView Context="authContext">
-        <NotAuthorized>
-            <h2>Redirecting you...</h2>
-        </NotAuthorized>
-        <Authorized>
-            <EditForm Model="OrderState.Order.DeliveryAddress" OnValidSubmit="PlaceOrder">
-                <div class="checkout-cols">
-                    <div class="checkout-order-details">
-                        <h4>Review order</h4>
-                        <OrderReview Order="OrderState.Order" />
-                    </div>
+    <EditForm Model="OrderState.Order.DeliveryAddress" OnValidSubmit="PlaceOrder">
+        <div class="checkout-cols">
+            <div class="checkout-order-details">
+                <h4>Review order</h4>
+                <OrderReview Order="OrderState.Order" />
+            </div>
 
-                    <div class="checkout-delivery-address">
-                        <h4>Deliver to...</h4>
-                        <AddressEditor Address="OrderState.Order.DeliveryAddress" />
-                    </div>
-                </div>
+            <div class="checkout-delivery-address">
+                <h4>Deliver to...</h4>
+                <AddressEditor Address="OrderState.Order.DeliveryAddress" />
+            </div>
+        </div>
 
-                <button type="submit" class="checkout-button btn btn-warning">
-                    Place order
-                </button>
+        <button type="submit" class="checkout-button btn btn-warning" disabled="@isSubmitting">
+            Place order
+        </button>
 
-                <DataAnnotationsValidator />
-            </EditForm>
-        </Authorized>
-    </AuthorizeView>
+        <DataAnnotationsValidator />
+    </EditForm>
 </div>
 
 @code {
-    [CascadingParameter] public Task<AuthenticationState> AuthenticationStateTask { get; set; }
+    bool isSubmitting;
 
-    protected override async Task OnInitializedAsync()
+    protected override void OnInitialized()
     {
-        var authState = await AuthenticationStateTask;
-        if (!authState.User.Identity.IsAuthenticated)
-        {
-            // The server won't accept orders from unauthenticated users, so avoid
-            // an error by making them log in at this point
-            await LocalStorage.SetAsync(JSRuntime, "currentorder", OrderState.Order);
-            NavigationManager.NavigateTo("user/signin?redirectUri=/checkout", true);
-        }
+        // In the background, ask if they want to be notified about order updates
+        _ = RequestNotificationSubscriptionAsync();
+    }
 
-        // Try to recover any temporary saved order
-        if (!OrderState.Order.Pizzas.Any())
+    async Task RequestNotificationSubscriptionAsync()
+    {
+        var tokenResult = await TokenProvider.RequestAccessToken();
+        if (tokenResult.TryGetToken(out var accessToken))
         {
-            var savedOrder = await LocalStorage.GetAsync<Order>(JSRuntime, "currentorder");
-            if (savedOrder != null)
+            var subscription = await JSRuntime.InvokeAsync<NotificationSubscription>("blazorPushNotifications.requestSubscription");
+            if (subscription != null)
             {
-                OrderState.ReplaceOrder(savedOrder);
-                await LocalStorage.DeleteAsync(JSRuntime, "currentorder");
-            }
-            else
-            {
-                // There's nothing check out - go to home
-                NavigationManager.NavigateTo("");
+                var request = new HttpRequestMessage(HttpMethod.Put, "notifications/subscribe");
+                request.Content = JsonContent.Create(subscription);
+                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken.Value);
+                await HttpClient.SendAsync(request);
             }
         }
-
-        // In the background, ask if they want to be notified about order updates
-        _ = RequestNotificationSubscriptionAsync();
+        else
+        {
+            NavigationManager.NavigateTo(tokenResult.RedirectUrl);
+        }
     }
 
     async Task PlaceOrder()
     {
-        var newOrderId = await HttpClient.PostJsonAsync<int>("orders", OrderState.Order);
-        OrderState.ResetOrder();
-        NavigationManager.NavigateTo($"myorders/{newOrderId}");
-    }
+        isSubmitting = true;
 
-    async Task RequestNotificationSubscriptionAsync()
-    {
-        var subscription = await JSRuntime.InvokeAsync<NotificationSubscription>("blazorPushNotifications.requestSubscription");
-        if (subscription != null)
+        var tokenResult = await TokenProvider.RequestAccessToken();
+        if (tokenResult.TryGetToken(out var accessToken))
+        {
+            var request = new HttpRequestMessage(HttpMethod.Post, "orders");
+            request.Content = JsonContent.Create(OrderState.Order);
+            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken.Value);
+            var response = await HttpClient.SendAsync(request);
+            var newOrderId = await response.Content.ReadFromJsonAsync<int>();
+            OrderState.ResetOrder();
+            NavigationManager.NavigateTo($"myorders/{newOrderId}");
+        }
+        else
         {
-            await HttpClient.PutJsonAsync<object>("notifications/subscribe", subscription);
+            NavigationManager.NavigateTo(tokenResult.RedirectUrl);
         }
     }
 }

src/BlazingPizza.Client/Pages/Index.razor

@@ -61,7 +61,7 @@
 
     protected override async Task OnInitializedAsync()
     {
-        specials = await HttpClient.GetJsonAsync<List<PizzaSpecial>>("specials");
+        specials = await HttpClient.GetFromJsonAsync<List<PizzaSpecial>>("specials");
     }
 
     async Task RemovePizza(Pizza configuredPizza)

src/BlazingPizza.Client/Pages/MyOrders.razor

@@ -1,6 +1,8 @@
 @page "/myorders"
 @attribute [Authorize]
 @inject HttpClient HttpClient
+@inject NavigationManager NavigationManager
+@inject IAccessTokenProvider TokenProvider
 
 <div class="main">
     <TemplatedList Loader="@LoadOrders" ListGroupClass="orders-list">
@@ -32,6 +34,19 @@
 @code {
     async Task<List<OrderWithStatus>> LoadOrders()
     {
-        return await HttpClient.GetJsonAsync<List<OrderWithStatus>>("orders");
+        var ordersWithStatus = new List<OrderWithStatus>();
+        var tokenResult = await TokenProvider.RequestAccessToken();
+        if (tokenResult.TryGetToken(out var accessToken))
+        {
+            var request = new HttpRequestMessage(HttpMethod.Get, "orders");
+            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken.Value);
+            var response = await HttpClient.SendAsync(request);
+            ordersWithStatus = await response.Content.ReadFromJsonAsync<List<OrderWithStatus>>();
+        }
+        else
+        {
+            NavigationManager.NavigateTo(tokenResult.RedirectUrl);
+        }
+        return ordersWithStatus;
     }
 }