You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: wiki-content/Deployment.md
+73-3Lines changed: 73 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -165,11 +165,81 @@ You can scale agents horizontally by deploying multiple replicas or multiple Con
165
165
-**Default pool**: 2 replicas monitoring the `default` queue
166
166
-**Large job pool**: 1 replica monitoring `jobs-large-container` with more CPU/memory allocated
167
167
168
-
### Upgrade
168
+
### Updating a Deployed Instance
169
169
170
-
After initial deployment, you can upgrade easily using *Visual Studio* by right-clicking on the `AppHost` project and selecting publish and following the wizard.
170
+
After the initial deployment with `azd up`, use `azd deploy` for all subsequent updates. This rebuilds and redeploys all services without re-provisioning infrastructure.
171
171
172
-

172
+
From the AppHost directory, run:
173
+
174
+
```bash
175
+
azd deploy
176
+
```
177
+
178
+
This command:
179
+
1. Builds all projects (Web, Scheduler, Agent)
180
+
2. Containerizes the services
181
+
3. Pushes updated images to Azure Container Registry
182
+
4. Deploys updated containers to Azure Container Apps
|`azd deploy`| Updating an existing deployment with code or configuration changes |
190
+
|`azd provision`| Updating only infrastructure (e.g., adding new Azure resources) |
191
+
192
+
> **Note:** If you have changed the Aspire AppHost topology (added or removed services/resources in `Program.cs`), run `azd up` instead to ensure infrastructure is updated.
193
+
194
+
**Deploying a single service:**
195
+
196
+
To deploy only one service (e.g., after a change to only the web app):
197
+
198
+
```bash
199
+
azd deploy webapp
200
+
```
201
+
202
+
Service names match those defined in the AppHost: `webapp`, `scheduler`, `agent`.
D --> E["Infrastructure provisioned and app deployed"]
210
+
B -- No --> F{"Infrastructure changes?"}
211
+
F -- Yes --> G["azd up"]
212
+
G --> E
213
+
F -- No --> H["azd deploy"]
214
+
H --> I["Updated containers deployed to existing infrastructure"]
215
+
216
+
style D fill:#0078d4,stroke:#005a9e,color:#fff
217
+
style G fill:#0078d4,stroke:#005a9e,color:#fff
218
+
style H fill:#107c10,stroke:#0b5e0b,color:#fff
219
+
```
220
+
221
+
> **Alternative: Visual Studio Publish**
222
+
>
223
+
> You can also publish from Visual Studio by right-clicking the AppHost project and selecting **Publish**. However, `azd deploy` is the recommended approach as it is scriptable, repeatable, and consistent with the initial deployment workflow.
224
+
>
225
+
> 
226
+
227
+
### External Authentication Redirect URIs
228
+
229
+
When deploying to Azure Container Apps, external authentication redirect URIs must use the Container App's fully qualified domain name (FQDN):
230
+
231
+
| Provider | Redirect URI Pattern |
232
+
|----------|---------------------|
233
+
| Microsoft |`https://<container-app-fqdn>/signin-microsoft`|
234
+
| Google |`https://<container-app-fqdn>/signin-google`|
235
+
236
+
The FQDN is assigned by Azure Container Apps after deployment. Retrieve it from the Azure Portal or via:
237
+
238
+
```bash
239
+
az containerapp show --name <webapp-name> --resource-group <rg-name> --query properties.configuration.ingress.fqdn -o tsv
240
+
```
241
+
242
+
If using a custom domain, use that domain in the redirect URIs instead. Update the redirect URIs in your Azure Entra ID app registration and/or Google Cloud Console credentials to match.
Copy file name to clipboardExpand all lines: wiki-content/Features.md
+22-1Lines changed: 22 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -108,6 +108,19 @@ You can enable webhook triggers on a per-job basis. Each webhook-enabled job rec
108
108
109
109
---
110
110
111
+
## External Authentication (Microsoft & Google)
112
+
113
+
Blazor Data Orchestrator supports optional external authentication via **Microsoft** (Azure Entra ID) and **Google** (OAuth 2.0) identity providers. External logins are configured entirely through the Admin UI — no changes to `appsettings.json` are needed.
114
+
115
+
-**Microsoft authentication** — Register an application in Azure Entra ID, then enter the Client ID and Client Secret in the Administration > Authentication tab.
116
+
-**Google authentication** — Create OAuth 2.0 credentials in the Google Cloud Console, then enter the Client ID and Client Secret in the Administration > Authentication tab.
117
+
-**Account linking only** — External logins link to existing user accounts. They do not auto-create new accounts.
118
+
-**Settings stored in Azure Table Storage** — Authentication configuration is persisted alongside other application settings, not in configuration files.
119
+
120
+
> **Important:** After enabling or disabling an authentication provider, you must **restart the application** for the change to take effect. See the [Installation](https://github.com/Blazor-Data-Orchestrator/BlazorDataOrchestrator/wiki/Installation) guide for details.
121
+
122
+
---
123
+
111
124
## Environment-Specific Configuration
112
125
113
126
Jobs support per-environment configuration files that are loaded at execution time based on the job's `JobEnvironment` setting.
@@ -169,7 +182,15 @@ The repository includes full Azure Developer CLI (`azd`) integration. A single c
169
182
azd up
170
183
```
171
184
172
-
This takes you from `git clone` to a fully deployed Azure Container Apps environment with no manual infrastructure setup. See the [Deployment](https://github.com/Blazor-Data-Orchestrator/BlazorDataOrchestrator/wiki/Deployment) guide for details.
185
+
This takes you from `git clone` to a fully deployed Azure Container Apps environment with no manual infrastructure setup.
186
+
187
+
For subsequent updates after the initial deployment, use `azd deploy` to rebuild and redeploy all services without re-provisioning infrastructure:
188
+
189
+
```bash
190
+
azd deploy
191
+
```
192
+
193
+
See the [Deployment](https://github.com/Blazor-Data-Orchestrator/BlazorDataOrchestrator/wiki/Deployment) guide for details.
Run `azd up` from the repository root. This single command provisions all required Azure resources (Azure SQL, Storage Account, Container Registry, Container Apps Environment), builds and containerizes all services, and deploys them to Azure Container Apps. See the [Deployment](https://github.com/Blazor-Data-Orchestrator/BlazorDataOrchestrator/wiki/Deployment) guide for details.
36
36
37
+
### How do I update my deployed instance after making code changes?
38
+
39
+
Run `azd deploy` from the AppHost directory. This rebuilds all services, pushes updated container images, and deploys them to Azure Container Apps without re-provisioning infrastructure. Use `azd up` only for the initial deployment or when the AppHost topology has changed (e.g., added or removed services/resources in `Program.cs`).
40
+
41
+
### Can I deploy just one service instead of all three?
42
+
43
+
Yes. Run `azd deploy <service-name>` where the service name is `webapp`, `scheduler`, or `agent`. This deploys only the specified service.
44
+
37
45
---
38
46
39
47
## Installation
@@ -124,6 +132,30 @@ Deploy multiple Agent instances or replicas. Each agent monitors a specific queu
124
132
125
133
---
126
134
135
+
## Authentication
136
+
137
+
### How do I set up Microsoft authentication?
138
+
139
+
Register an application in Azure Entra ID (formerly Azure AD) with a redirect URI of `https://<your-app-url>/signin-microsoft`, create a client secret, then enter the Client ID and Client Secret in **Administration** > **Authentication** in the web UI. Restart the application after saving. See the [Installation](https://github.com/Blazor-Data-Orchestrator/BlazorDataOrchestrator/wiki/Installation) guide for a full walkthrough.
140
+
141
+
### How do I set up Google authentication?
142
+
143
+
Create OAuth 2.0 credentials in the Google Cloud Console with a redirect URI of `https://<your-app-url>/signin-google`, then enter the Client ID and Client Secret in **Administration** > **Authentication** in the web UI. Restart the application after saving. See the [Installation](https://github.com/Blazor-Data-Orchestrator/BlazorDataOrchestrator/wiki/Installation) guide for a full walkthrough.
144
+
145
+
### I configured Microsoft/Google authentication but the login buttons do not appear
146
+
147
+
After changing any authentication settings in the Admin UI, you must **restart the application**. Authentication middleware is initialized at startup, and changes are not picked up at runtime. For local development, stop and re-run `aspire run`. For Azure, restart the Container App or redeploy with `azd deploy`.
148
+
149
+
### Do external logins create new user accounts automatically?
150
+
151
+
No. External logins only link to **existing** user accounts. A user must already be created in the system (via the Install Wizard or by an administrator) before they can sign in with Microsoft or Google.
152
+
153
+
### Where are the authentication settings stored?
154
+
155
+
Authentication settings (Client ID, Client Secret, Enabled flags) are stored in **Azure Table Storage**, not in `appsettings.json`. They are managed exclusively through the Administration > Authentication tab in the web UI.
3.**Run locally** — `aspire run` — Aspire starts SQL Server, Azurite, and all application services automatically. Complete the Install Wizard on first launch.
38
38
4.**Deploy to Azure** — `azd up` — Provisions Azure SQL, Storage, Container Registry, and Container Apps, then builds and deploys all services in a single command.
39
+
5.**Update a deployed instance** — `azd deploy` — Rebuilds and redeploys all services without re-provisioning infrastructure.
39
40
40
41
See the [Installation](https://github.com/Blazor-Data-Orchestrator/BlazorDataOrchestrator/wiki/Installation) guide for detailed local setup and the [Deployment](https://github.com/Blazor-Data-Orchestrator/BlazorDataOrchestrator/wiki/Deployment) guide for Azure deployment.
Blazor Data Orchestrator supports optional sign-in via **Microsoft** (Azure Entra ID) and **Google** (OAuth 2.0). These providers are configured entirely through the Admin UI — no changes to configuration files are needed.
93
+
94
+
### Microsoft Authentication
95
+
96
+
1. Navigate to the [Azure Portal](https://portal.azure.com) and go to **Microsoft Entra ID** > **App registrations** > **New registration**.
97
+
2. Set the application name (e.g., `BlazorDataOrchestrator`).
98
+
3. Set **Supported account types** to the appropriate scope:
99
+
-*Single tenant* — only users in your Azure AD directory
100
+
-*Multitenant* — users from any Azure AD directory
101
+
-*Multitenant + personal Microsoft accounts* — broadest scope
102
+
4. Set the **Redirect URI**:
103
+
- Type: **Web**
104
+
- URI: `https://<your-app-url>/signin-microsoft`
105
+
- For local development: `https://localhost:<port>/signin-microsoft`
106
+
5. Go to **Certificates & secrets** > **Client secrets** > **New client secret**. Copy the **Value** immediately (it is only shown once).
107
+
6. Go to the app registration **Overview** page and copy the **Application (client) ID**.
108
+
7. In Blazor Data Orchestrator, navigate to **Administration** > **Authentication**.
109
+
8. Enable **Microsoft Authentication**, paste the **Client ID** and **Client Secret**, and click **Save**.
110
+
9.**Restart the application** (see warning below).
111
+
112
+
### Google Authentication
113
+
114
+
1. Navigate to [Google Cloud Console](https://console.cloud.google.com/) and create or select a project.
115
+
2. Go to **APIs & Services** > **Credentials** > **Create Credentials** > **OAuth client ID**.
116
+
3. If prompted, configure the **OAuth consent screen** — set the app name, support email, and add scopes: `openid`, `email`, `profile`.
117
+
4. Set **Application type** to **Web application**.
118
+
5. Add **Authorized redirect URIs**:
119
+
-`https://<your-app-url>/signin-google`
120
+
- For local development: `https://localhost:<port>/signin-google`
121
+
6. Copy the **Client ID** and **Client Secret** from the credentials page.
122
+
7. In Blazor Data Orchestrator, navigate to **Administration** > **Authentication**.
123
+
8. Enable **Google Authentication**, paste the **Client ID** and **Client Secret**, and click **Save**.
124
+
9.**Restart the application** (see warning below).
125
+
126
+
> **⚠️ Warning: Application Restart Required**
127
+
>
128
+
> After enabling, disabling, or changing the Client ID / Client Secret for any external authentication provider (Microsoft or Google), you **must restart the application** for the changes to take effect.
129
+
>
130
+
> -**Local development:** Stop and re-run `aspire run`
131
+
> -**Azure Container Apps:** Restart the Container App via the Azure Portal, Azure CLI, or redeploy using `azd deploy`
132
+
>
133
+
> The Login page will not show or hide provider buttons until the restart is complete.
134
+
135
+
> **Note:** External logins only **link to existing user accounts**. They do not auto-create new accounts. The user must already exist in the system before they can sign in with an external provider.
136
+
137
+
---
138
+
90
139
## Configuration Files
91
140
92
141
Blazor Data Orchestrator uses standard .NET configuration files. In development, Aspire injects connection strings automatically, so you typically do not need to edit these files.
Copy file name to clipboardExpand all lines: wiki-content/Operation.md
+32Lines changed: 32 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -179,6 +179,38 @@ Navigate to the **Administration** page via the navigation link on the home page
179
179
|**API Key**| Enter the API key supplied by the AI provider |
180
180
|**Model**| Choose the model to use |
181
181
182
+
### External Authentication Providers
183
+
184
+
Blazor Data Orchestrator supports optional external authentication via **Microsoft** (Azure Entra ID) and **Google** (OAuth 2.0). These providers are managed from the **Administration** > **Authentication** tab.
185
+
186
+
#### Authentication Settings Reference
187
+
188
+
| Setting | Storage Key | Description |
189
+
|---------|-------------|-------------|
190
+
| Microsoft Enabled |`Authentication:Microsoft:Enabled`| Toggles the Microsoft login button on the Login page |
191
+
| Microsoft Client ID |`Authentication:Microsoft:ClientId`| Application (client) ID from Azure Entra ID |
192
+
| Microsoft Client Secret |`Authentication:Microsoft:ClientSecret`| Client secret value from Azure Entra ID |
193
+
| Google Enabled |`Authentication:Google:Enabled`| Toggles the Google login button on the Login page |
194
+
| Google Client ID |`Authentication:Google:ClientId`| OAuth 2.0 Client ID from Google Cloud Console |
195
+
| Google Client Secret |`Authentication:Google:ClientSecret`| OAuth 2.0 Client Secret from Google Cloud Console |
196
+
197
+
> **Important:** These settings are stored in Azure Table Storage, not in `appsettings.json`. They are managed exclusively through the Admin UI.
198
+
199
+
#### Account Linking
200
+
201
+
External logins only **link to existing user accounts**. They do not auto-create new accounts. A user must already exist in the system (created via the Install Wizard or by an administrator) before they can sign in with Microsoft or Google.
202
+
203
+
> **⚠️ Warning: Application Restart Required**
204
+
>
205
+
> After enabling, disabling, or changing the Client ID / Client Secret for any external authentication provider, you **must restart the application** for the changes to take effect.
206
+
>
207
+
> -**Local development:** Stop and re-run `aspire run`
208
+
> -**Azure Container Apps:** Restart the Container App via the Azure Portal, Azure CLI, or redeploy using `azd deploy`
209
+
>
210
+
> Authentication middleware is initialized at application startup. The `ExternalAuthOptionsStore` injects credentials via `IPostConfigureOptions`, but enabling or disabling a provider requires the authentication pipeline to be fully re-initialized — which only happens on restart. The Login page will not show or hide provider buttons until the restart is complete.
211
+
212
+
For setup instructions including Azure Portal and Google Cloud Console walkthroughs, see the [Installation](https://github.com/Blazor-Data-Orchestrator/BlazorDataOrchestrator/wiki/Installation) guide.
0 commit comments