Have you had any success in publishing this to azure?

[paulallington]

I've been trying out this project and learning blazor as I go, but I've been unable to publish the project to azure, getting just the error message "HTTP Error 500.0 - ANCM In-Process Handler Load Failure" (which I understand is because .net core 3 is not yet supported on azure, but there are extensions and it should work "self-contained"). Have you had any success and do you have any tips to get it working?

[enkodellc]

@paulallington I have only used the Azure DevOps for CI/CD only. That is in the repos azure-pipelines.yml file. I have my own server at a colo so that is where I host on Windows Server 2016. I know there has been a few guys on the gitter channel that seem to use Azure so maybe they can answer your question. Or I would try another Blazor repository and ask them. Sorry I cannot be of more help but I need to spend my time building the app further instead of learning new hosting solutions. I do want to have a better documentation on hosting.

Maybe these will help: https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/blazor/client-side?view=aspnetcore-3.0
https://github.com/aspnet/websdk/issues/604
dotnet/aspnetcore#10509
https://www.freecodecamp.org/news/how-to-deploy-a-blazor-application-on-azure-cf6f3b1f03a0/

I would start out with trying to host the most basic example of a core-hosted like a template from Visual studio first. Once you can get that running then try publishing BlazorBoilerplate. Then you can at least determine if there is an issue directly related to BlazorBoilerplate.

It would be great if you documented your steps and gave me those and I can build a Wiki on it for others to use.

[InSumoStudios]

I have it working on AZURE. I commit and push changes in VS to DevOps. DevOps then builds and releases a working version. Initially, I was able to publish directly to AZURE without using DevOps. It was tricky at first, but I was able to resolve the 500 errors by viewing the published files via FTP. I had to make sure the structure and paths were published correctly. There are two or three tricky pre-release configs when using DevOps as well.

[enkodellc]

@InSumoStudios I would really appreciate any documentation or PR's you could provide on AZURE hosting and the process. I am sure there are plenty of others that it would help. I have no issues adding SendGrid, I most likely would have classes or examples for both.

[paulallington]

I have it working on AZURE. I commit and push changes in VS to DevOps. DevOps then builds and releases a working version. Initially, I was able to publish directly to AZURE without using DevOps. It was tricky at first, but I was able to resolve the 500 errors by viewing the published files via FTP. I had to make sure the structure and paths were published correctly. There are two or three tricky pre-release configs when using DevOps as well.

I'd be really interested to know what wasn't right when you viewed the published files via FTP, and what needed to be changed? Are you able to give any tips?

[InSumoStudios]

Hi Paul, I'll put some notes together and post them here.

[paulallington]

Thank you, really appreciate it! Keen to get it online to show to the team

[llaughlin]

@paulallington FWIW, I was able to run server-side blazor in Azure through App Services by using the ASP.NET Core 3.0 (x86) Runtime extension, located in the Extensions blade:

Here's the first blog post I found that shows the full process.

Note:

I had to use the x86 version for my configuration. The x64 version resulted in TypeLoadExceptions, which makes sense in hindsight :P

[paulallington]

I couldn't get the runtime extension working, but eventually I did get the self-contained version running. I had to remove this:

<TargetFramework>netcoreapp3.0</TargetFramework>

from the publish profile, and it was fine. Ugh, so much time. I read on the .net core git repo that this problem has actually been resolved for preview9

[enkodellc]

@paulallington , preview9 was released yesterday. I will be updating BlazorBoilerplate today for it. Also this blog might be helpful: https://chrissainty.com/containerising-blazor-applications-with-docker-publishing-to-azure-container-registry-using-azure-pipelines/?utm_source=newsletter&utm_medium=email&utm_campaign=posts_from_chris_sainty_building_with_blazor_2019_09_05&utm_term=2019-09-05

[msajidirfan]

@enkodellc, I was able to build and publish this application to Azure Web App by dockerizing the application to support Linux-Container using Azure CI/CD pipelines. So, if you want I can provide the detailed steps which I followed.

However, on a high level,

• Create a single docker file for BlazorBoilerplate.Server (link in the previous comment has steps).

1. I used Visual Studio to create a docker file
2. Moved the docker file one directory up (Not sure if this is needed)
3. Added NuGet restore task for other projects as well to this docker file

• Create a pipeline (I used classic tasks, YAML was failing due to some reason) to build and push the docker image to the Azure container

• Create a release pipeline to deploy the image to the Web App.

[enkodellc]

We will be moving to Identity Server 4 in the next release this will help those who are hosting on Azure: damienbod/IdentityServer4AspNetCoreIdentityTemplate#30 (comment)

[NPadrutt]

For me the deployment worked as long as I deployed via Visual Studio and Web Deploy. As soon as I publish via my Azure DevOps Pipeline I get an HTTP Error 500.30 - ANCM In-Process Start Failure.. The same pipeline does however work with my asp.net Razor Pages project.

I noticed so far that Web Deply places the files in the wwwroot on Azure App Service. The Deployment via the Azure Resource Manager not as it seems (for neither, the Blazor nor the Razor Pages Proejct).

Had anyone this issue?

[NPadrutt]

I found my issue. I didn't want to use the Azure Key Vault but just a self signed certificate (at least for now). So for the current moment I used the AuthSample.pfx and tried to open it as in the Boilerplate done:

            var cert = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "AuthSample.pfx"), "Admin123");

That works when I use it on my computer or when deployed via Web Deploy out of Visual Studio, but (for some reason) not when deploy via Azure DevOps. It would lead to a 500.30 error due to that it could not find the file on startup.
I found out, that you have to passt the proper Key Storage Flags to make it work. My call looks now like this:

        var cert = new X509Certificate2("AuthSample.pfx", "Admin123",
                                        X509KeyStorageFlags.MachineKeySet |
                                        X509KeyStorageFlags.PersistKeySet |
                                        X509KeyStorageFlags.Exportable);

(The path.combine was not necessary for me).
In my tests this worked properly on my dev machine as on Azure. Might be a good idea to adjust this code here as well?

[enkodellc]

Thanks @NPadrutt I will test and make the update... If you want to do any other updates or PR's they will be welcomed!

[NPadrutt]

yeah it came to mind after my comment here that I could have done a PR instead.. Let me know if I shall still make one. Otherwise I'll create one the next time :)

[enkodellc]

Well, if you want to do it go ahead and create a PR and get your name one the board as a contributor!. I just tested and it seemed to work fine locally.

[NPadrutt]

Ah no, all good. Just thought if it saves you time :)

[solidcloudio]

I updated this a bit to work better in Azure with Azure Key vault.

I created a new certificate in keyvault, extracted the csr, had it issued by a CA and updated in KV. I created an Azure AD application and added it to the access policy of the keyvault.

I added a references to:

 <PackageReference Include="Azure.Identity" Version="1.1.0" />
 <PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.0.1" />

I added a KeyVaultCertificateService in the code:

using Azure.Security.KeyVault.Secrets;
using System.Security.Cryptography.X509Certificates;
using Azure.Identity;
using System;

namespace JD.Blazor.Server.Services
{
    public class KeyVaultCertificateService
    {
        private readonly string _vaultAddress;
        private readonly string _vaultTenantId;
        private readonly string _vaultClientId;
        private readonly string _vaultClientSecret;

        public KeyVaultCertificateService(string vaultAddress, string vaultTenantId, string vaultClientId, string vaultClientSecret)
        {
            _vaultAddress = vaultAddress;
            _vaultClientId = vaultClientId;
            _vaultTenantId = vaultTenantId;
            _vaultClientSecret = vaultClientSecret;
        }

        public X509Certificate2 GetCertificateFromKeyVault(string vaultCertificateName)
        {            
            var secClient = new SecretClient(vaultUri: new Uri(_vaultAddress),
                credential: new ClientSecretCredential(_vaultTenantId, _vaultClientId, _vaultClientSecret));

            var secret = secClient.GetSecret(vaultCertificateName);
 
            byte[] privateKeyBytes = Convert.FromBase64String(secret.Value.Value);
            return new X509Certificate2(privateKeyBytes, (string)null, X509KeyStorageFlags.MachineKeySet);
        }
    }
}

Then the call to it in Startup.cs

var keyVaultService = new KeyVaultCertificateService(Configuration["JD.Blazor:Vault:Url"], Configuration["JD.Blazor:Vault:TenantId"],Configuration["JD.Blazor:Vault:ClientId"], Configuration["JD.Blazor:Vault:ClientSecret"]);

cert = keyVaultService.GetCertificateFromKeyVault(Configuration["JD.Blazor:Vault:CertificateName"]);

I added some data in the config file: (values removed)

"JD.Blazor": {
    "ApplicationUrl": "",
    "RequireConfirmedEmail": false,
    "APILogging": {
      "Enabled": true,
      "IgnorePaths": [ "/api/userprofile" ]
    },
    "UseSqlServer": true,
    "UseSqlLite": false,
    "UsePostgresServer": false,
    "IS4ApplicationUrl": "",
    "UseLocalCertStore": "false",
    "CertificateThumbprint": "", 
    "Vault": {
      "Url": "",
      "TenantId": "",
      "ClientId": "",
      "ClientSecret": "",
      "CertificateName": ""
    }
  }

This takes care of the certificate, I used the included Dockerfile and built a docker image. I can host this in an WebApp for Containers in Azure.

[enkodellc]

Here is the wiki.
https://github.com/enkodellc/blazorboilerplate/wiki/Hosting-Blazor-boilerplate-on-Microsoft-Azure

Please review / test and let us know if there is something missing.