Figure 6 REST API Call to Validate a Policy
Xamarin app is used to sign the user in, scan and view the QR code data and make a request to this API to perform online validation. All operations on Azure Key Vault can be audited and the logs archivedforcompliancewithstatutoryregulations.Youcanenable auditing from the Settings blade in the Azure Portal for the Azure Key Vault service instance. To view the logs, navigate to the Azure storage resource configured for the logs. You could use role-based access control (RBAC) in the Azure Portal to ensure only desig-
nated users can access this information.
Additional security could be
implemented by having the customer portal sign the JSON data using a private key in Azure Key Vault and generating a QR code on the signed data.
All operations on the data in Azure SQL Database can also be enabled for audit, from the Settings blade of the database instance in the Azure Portal. Transparent data encryption of the data at rest in Azure SQL Database is by enabled by default.
Deploying the Solution
Ifyou’dliketotryoutthissolutiononyourown,youcandownload the source files and scripts from the GitHub repository at bit.ly/2DRvwdh. You’ll need the following software to implement this solution:
• Visual Studio 2017 Preview, Community or Enterprise Edition with update 3
• An Azure subscription
• A Windows PowerShell script editor • Postman
• A QR code generator for JavaScript
To deploy the solution in your own subscription, you’ll need to update the config entries in the appsettings.json file after the PowerShell Scripts are executed and the other resources are pro- visioned in the Azure subscription. The steps to do this have been provided in the GitHub repository along with the source code and solution files described in this article. Many thanks to Bindu Chinnasamy of the Microsoft CSE team for help with building the solution accompanying the article.
Wrapping Up
Azure Key Vault provides a helpful, efficient platform for business- es to securely manage their sensitive information, using industry standard algorithms and techniques to perform cryptographic operations. It lets developers use the SDKs for the platforms and languages to which they’re accustomed. This, coupled with the rich set of additional services in Azure, such as Azure App Service, Azure AD and Azure B2C, and the elaborate tooling support these services provide, lets developers focus on building core busi- ness features, thereby significantly reducing the time required to develop and deploy an end-to-end solution.
In the sequel to this article, I will be demonstrating how the same application could, without significant changes, be deployed to Azure Container Service using Docker Containers and Kubernetes. n
Srikantan Sankaran is a principal technical evangelist from the One Commercial Partner team in India, based out of Bangalore. He works with numerous ISVs in India and helps them architect and deploy their solutions on Microsoft Azure. Reach him at sansri@microsoft.com.
thankS to the following Microsoft technical expert for reviewing this article: Frank Hokhold
msdnmagazine.com
March 2018 51