Skip to content
/ AzureIoT Public

PoC: How to build your own serverless PKI with AzureFunctions and connect simple device simulator on C# to IoTHub using DeviceProvisioningService.

4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Marusyk/AzureIoT

BranchesTags

Repository files navigation

Description

This repository contains all required scripts and source code to deploy iot hub sample infrastructure

Steps

Before moving to infrustructure deployment and run of sample application please make sure that following conditions were met:

  1. Installed Azure CLI: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest
  2. Installed all necessary extensions for Azure CLI. To do this just run script below:
az extension add --name azure-cli-iot-extps1
npm install -g azure-functions-core-tools
  1. Login into Azure Account:
az login
  1. Create resources
.\deploy_resources.ps1
  1. Create a new Application in Azure Active Directory with name RootCertificate.Setup
  2. Open RootCertificate.Setup app -> Authentication -> add Web platform and set with https://localhost as a Redirect URI. Default client type set to Yes
  3. Add thie app to Access Policy of KeyVault service
  4. Generate Root certificate on your machine and store it to KeyVault
cd RootCertificate.Setup
dotnet run
  1. Deoloy Azure Function.
  2. Got to Platform features of function -> Identity -> set Status to On
  3. Open Authentication / Authorization of function and set App Service Authentication to On. Choose Log in with Azure Active Directory and configure Active Directory Authentication. Create a new app with name EdgeDevice.RequestCertificate and Save
  4. Configure Function settings: connection string to blob and container name
  5. Add EdgeDevice.RequestCertificate app to Access Policy of KeyVault service with Key Permissions = Sign, Secret Permissions = None, Certificate Permissions = Get
  6. Go to DPS service
  7. Add Certificate RootCert.cer from your machine or from Vault, name it CA. Copy code from portal.
  8. Go to appsetting.json of EdgeDevice.RequestCertificate project. Set ClientId to Id of EdgeDevice.RequestCertificate app from Azure. Set TenantId of app and BaseUrl to URL of Azure function (https://certauthorityfunction.azurewebsites.net). Run
cd EdgeDevice.RequestCertificate
dotnet run
  1. Set verification code as a device name.
  2. Upload generated IssuedCertificate.cer to portal and press Verify
  3. Create enrollment group and specify CA certificate
  4. Now you can create certificate for any devices. Specify DeviceName and run:
cd EdgeDevice.RequestCertificate
dotnet run
  1. Go to appsettings.json of EdgeDevice.Simulator project. Set DeviceName - from previous step. Set DpsIdScope from DPS service. Run simulator:
cd EdgeDevice.Simulator
dotnet run
  1. Run WebApi service to send command to device
cd Evelator.Api
dotnet run
  1. Send request
 curl -X POST -k https://localhost:5001/Elevator -H "Content-Type: application/json" -d "{ \"deviceName\": \"elevator1\", \"floor\": 17 }"

Add EventHub/Servie Bus consumers

Create custom consumers to store events from IoT hub to database

  1. Create custom routes https://docs.microsoft.com/en-us/azure/iot-hub/tutorial-routing
  2. Subscribe for IoT Events in portal.

About

PoC: How to build your own serverless PKI with AzureFunctions and connect simple device simulator on C# to IoTHub using DeviceProvisioningService.

Topics

azure pki azure-functions iot-hub keyvault-service dps-service

Resources

Readme
Activity

Stars

4 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages