This step 2 of 10 in the post-serie “How-To: How installing a secure Service Azure Fabric Cluster (ASF) with Azure Resource Management (ARM) Template”. In this step we will register the Service Fabric Application in Azure Active Directory (AAD) and create the AppKey. It regards here SF application(s) which you have build yourself. In mine screenshots you will see the name “DeviceRegistration” as mine custom build application.

This step is necessary so we can orchestrate which SF application is allowed to call which SF application which is running on the Service Fabric Cluster.

Overview of the steps
01. Create and import the certificates
02. [Current] Register SF Application in AAD and create AppKey
03. Generate encrypted AppKey
04. Lookup the service principles
05. Create the Key Vaults with ARM
06. Adjust the SF Application settings
07. Upload certificates to Key Vault
08. Register the Service Fabric System Applications
09. Install SF Cluster with ARM
10. Coming soon!
Step 02: Register Service Fabric Application in AAD and create AppKey

In the Azure portal, it is necessary to register the Service Fabric applications (e.g. Web API’s). When an application is registered, it has an ApplicationId and a ServicePrinciple ObjectID, you need these IDs later in one of the following steps.

Azure Portal

Add Application

  • Click on “New application registration”
  • Fill in the fields
  • Sign-On URL don’t have to be an existing URL. A valid Uri will do.
    Click CREATE.
  • After creation, you can see the ApplicationId in the overview/properties blade.

Create AppKey

  • It is also necessary to create an AppKey for the application, this can be done by clicking on KEYS in the settings blade of the application.
  • Fill in a keyname and choose NEVER EXPIRES. And hit the SAVE button.
  • After the key is saved the key is temporally visible. So write it down and remember.

Lookup Service Principle of the created application
We also have to look up the Service Principle of the application created, there are 2 ways to do that:

  • Method 1: Go to Powershell and execute the command ‘Get-AzureRMADServicePrincipal’ and find for every Application that you registered the objectId of the ServicePrinciple and remember this ID together with the applicationId. When you have multiple Azure subscriptions, you have to execute several commands,. In mine case:
    Select Azure Subscription

    • Start Powershell and execute:Login-AzureRmAccount
    • Login with the same credentials, you use for http://portal.azure.com. (In mine case the popup keeps popup, I clicked it away). Result will look like this.
    • When you are not in the correct subscription, then you have to select the correct subscription. Run command: Get-AzureRmSubscription
      You will see an overview of all the subscriptions which are connected to your login.
    • Select the correct subscription with the command: Select-AzureRmSubscription -SubscriptionName ‘<name of subscription>’. Now you are switched to the correct Azure subscription. If you want to verify if you are in the correct subscription you can run command Get-AzureRmContext.
    • Run command: Get-AzureRMADServicePrincipal -SearchString '<your app>'
  • Method 2: The Service Principle ObjectId can also be found with portal. In de overview blade, click on the link below ‘Managed application in local directory’.

    ATTENTION:
    In the overview/property blade there is also an ObjectID mentioned this is NOT the ID we are looking for!

In the blade that opens (Enterprise Application) click on PROPERTIES and the you both see ApplicationId and ObjectId of the Service Principle.

  • Remember/Write down the found service principle objectId in Parameters to remember.

Repeat this for all applications

  • Repeat the actions “Add Application”, “Create AppKey” & Lookup Service Principle of the create application for all Service Fabric Applications you made.

Next step: Step 03 – Generate Encrypted AppKey