daniel-krzyczkowski / cars-island-on-azure Goto Github PK

Please update this to .NET 8. Use Blazor Web App in the frontend and Minimal APIs in the backend. Thank you!

hello Daniel,

Tks for providing this example -- it has been very educational so far!

I have managed to replicate the api and had been trying to use it. so far, using the swagger interface, I'm able to execute cars get all without using any authorization (since it allowed anonymous).

To execute the post car reservation, I first generated a token using this link: https://<tenantname>.b2clogin.com/<tenantname>.onmicrosoft.com/oauth2/v2.0/authorize?p=<userflowname>&client_id=<clientid>&nonce=defaultNonce&redirect_uri=https%3A%2F%2Fjwt.ms&scope=https://<tenantname>.onmicrosoft.com/<clientid>/<scopename>&response_type=code&prompt=login. From there, I get a JWT, which I then fed into a post command: https://<tenantname>.b2clogin.com/<tenantname>.onmicrosoft.com/{{policy-name}}/oauth2/v2.0/token, with a body that contained:
grant_type=authorization_code &client_id=<application-ID> &scope=https://<tenant-name>.onmicrosoft.com/api/read &code=<jwt from previous call>.. &redirect_uri=https://jwt.ms &client_secret=<generatedsecretforapi>

This then returned an access token, which when I fed it into jwt.ms I do see the "access_as_user" scope.

I then proceeded to enter "Bearer " with the access token using the Authorize button on top.

However, when I try to post the car reservation, I get the 500 error :

{
  "Id": "5b5aeb9f-eaec-4f5b-b056-4dd8d34e9be2",
  "Status": 500,
  "Code": null,
  "Links": null,
  "Title": "Some kind of error occurred in the API.  Please use the id and contact our support team if the problem persists.",
  "Detail": null
}

the command shown was:

curl -X POST "https://localhost:44375/api/CarReservation" -H  "accept: */*" -H  "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJpc3MiOiJodHRwczovL291dHNpZGU3MjU2MjIxLmIyY2xvZ2luLmNvbS8zYTFlNzYyOS05OGUzLTRmMjEtODc4OC04NzI1MGNlNzQ3OTEvdjIuMC8iLCJleHAiOjE2MTQ5NzI3MDgsIm5iZik2OTEwOCwiYXVkIjoiZjVlYTdiYjUtODE4OS00MTgyLWJmZTQtNmZjZGZhMzNiNTRiIiwiaWRwX2FjY2Vzc190b2tlbiI6InlhMjkuYTBBZkg2U01CaEh1UjRoVDFUbzdnTWZLb3FxWTVnRUtVMlNsV1lxcTM0SHdqcVNYLVEzOTlMUGpUVmhjWEYtYUl2aGVZVGxRbW8wTkhjcUs2a0tiR0lwMFFTWkJia1lqd1BYb1FaVmNjQ3I1cDhNbUdjbXVkX0xLeGdmOWtDT3RmMG82OUQxY2E1YVdoWEtLS0RyTUlZeVl2SFFuU3JrZyIsImdpdmVuX25hbWUiOiJMYXdyZW5jZSAobGF3cmVuY2VvbmcuZGV2KSIsImZhbWlseV9uYW1lIjoiT25nIiwibmFtZSI6Ikxhd3JlbmNlIE9uZyIsImlkcCI6Imdvb2dsZS5jb20iLCJvaWQiOiJkZWJjwN2VhNTA3MTA4MDUiLCJjaXR5Ijoib3R0YXdhIiwic3RhdGUiOiJPTiIsImVtYWlscyI6WyJsYX9uZy5kZXZAZ21haWwuY29tIl0sInRmcCI6IkIyQ18xX3NpZ251cF9zaWduaW4iLCJub25jZSI6ImRlZmF1bHROb25jZSIsInNjcCI6ImFjY2Vzc19hc191c2VyIiwiYXpwIjoiZjVlYTdiYjUtODE4OS00MTgyLWJmZTQtNmZjZGZhMzNiNTRiIiwidmVyIjoiMS4wIiwiaWF0IjoxNjE0OTY5MTA4I6MTYxNDfQ.U9ux_gPjjf5gv6KLyKDQ9VwONLcwL0WLB3mssg5kQfpyEjjqjQ3qwMtJwBwuaOyhnFqwvoynJxWOK6rRBFOEnk2qn6hzmYmvz4c1DA_sj1JqHQoL9WriuhVKvwijsjvZTU2YS03YzJjLTRjZjgtYWU2Ny0wN2VhNTA3MTA4MDUiLCJzdWdyZW5jZWIiOiJkZWJjZTU2YS03YzJjLTRjZjgtYWU2Ny070NTlucEk87SGbDXYl2bVFF8pbk6C8qWxF_p1AlAyZbfqqZI_ryw4oEn3Bh8TYWEHuaTEcvHvgXp_yVzz9KpK5IYkdwHEtUDlGT2orLsOcIfutqz1-0cvp5Se2NfOF7ASvJ0ZSTCr_3Xo_prwDfUtXYk7uLDJnxyTKHkCVkEjhKTPTzDKVL66ic6CErraaQTHqe9ugKx2YJAcbt-iqkit-w" -H  "Content-Type: application/json" -d "{\"carId\":\"5b5aeb9f-eaec-4f5b-b056-4dd8d34e9be2\",\"rentFrom\":\"2021-03-05T19:29:00.915Z\",\"rentTo\":\"2021-03-06T19:29:00.915Z\"}"

interestingly, the cars get all will also fail now when I include the token -- the swagger interface will include the header as well even though it doesn't seem like it's needed.

would you have any suggestions on what I can do to alleviate this issue?

thanks again
Lawrence

Description:

I would like to kindly bring attention to a potential issue in the Mail Sender function, which is invoked when a ServiceBus message arrives at the "reservation" queue. This function calls the SendGrid API to send a car reservation confirmation to a customer's email. However, the email sending is not idempotent; Suppose the ServiceBus-triggered function crashes after successfully sending an email (but before acknowledging the ServiceBus that the function has finished), when the function is retried, another email will be sent by SendGrid. In other words, ServiceBus-triggered function has at-least-once execution guarantee, so in this function, email sending could happen multiple times.

Suggested Fix:

Although there's no serious harm in sending two almost identical emails, this duplicate sending due to untimely retries can be prevented. Specifically, SendGrid provides the Email Activity Feed API that one can use to query whether the email has been sent (in a previous execution) before actually sending the email. Suppose the query finds no email has been sent, then go ahead and send the email. If querying the SendGrid service finds the email has been sent, end the execution without sending the email again.

Thank you for considering this issue. I hope this suggestion could help improve the idempotency and user experience of the Mail Sender function. Please feel free to reach out if you have any questions or concerns.

Hi Daniel,

Just to tell you that I found a little typo in your article: https://daniel-krzyczkowski.github.io/Cars-Island-ASP-NET-Core-API-Integration-With-Azure-Cosmos-DB/
Just on top of the CarRepository the link is not displayed correctly.

Have a nice day!

Damien

Hi Daniel,

Awesome collection of articles and a ton of useful information. I'm struggling with the article steps https://daniel-krzyczkowski.github.io/Cars-Island-ASP-NET-Core-API-Secured-By-Azure-AD-B2C/ , in particular the request for the token.

The part that is somewhat vague is where does the policy name come from and in particular where is this configured in the Azure AD B2C? I see that in the config you have policy name set to B2C_1A_SignUpOrSignin, and the token request would be constructed as follows (I used the docs to check the format https://docs.microsoft.com/en-gb/azure/active-directory-b2c/access-tokens)
https://.b2clogin.com/.onmicrosoft.com//oauth2/v2.0/authorize?client_id=xxxx etc

I get an http 404 as I have not configured a policy and nor do I see where to do this. I looked at the docs https://docs.microsoft.com/en-gb/azure/active-directory-b2c/user-flow-overview and the refer to User flows and Custom policy but I do not see the User flows menu anywhere on the Azure AD B2C configuration.

Thank you.

Hi Daniel,

I'm back for another question, in the article https://daniel-krzyczkowski.github.io/Cars-Island-ASP-NET-Core-API-Integration-With-Azure-Cosmos-DB/ you use TryAddSingleton to inject the dataservices.

In the next article : https://daniel-krzyczkowski.github.io/Cars-Island-ASP-NET-Core-API-Integration-With-Azure-Storage-Accont/ you are in the same case and you mention the AddSingleton
I have used services.AddSingleton with implementationFactory instead of just using services.AddSingleton.

Why not using the TryAddSingleton in both? is it a typo or a specific needs for storage service?

Thanks!

Hi!

I've read your article about the deployment of Cars Island on Azure but I don't see how you have configured, step by step, the services that you use. I'm totally new to Azure and we are beginning to evaluate the possibilitiy to migrate our web sites there are you article is very important to me but it presume that people already know Azure.

Would it be possible to put a little article to explain the steps to achive that?

thank you very much!