The IF-Blueprint IoT Plant Application – Part 1

Or „how to avoid the office plant apocalypse”


Plants have a hard life in our office. They are in a constant state of dying. To avoid the slow death, we decided to use the power of the cloud and IoT. We started to develop an IoT environment that measures the humidity of each plant and push the collected data into an Azure Database. From this cloud based data pool we have endless possibilities to process and analyze this data, e.g. send notifications via twitter when a plant is thirsty. In the upcoming series of blog posts I will describe the hardware- and software setup of our IoT environment (you can follow the plants on twitter @IFBplant). The whole setup is kind of a prototype and a playground to explore interesting technologies like Microsoft Azure Services, Netduino / Arduino, REST Services, Office Add-ins and Power BI.

IoT Environment Overview

To collect the humidity values, we placed on each plant an Arduino board. This board is equipped with a humidity sensor and an 868Mhz radio sender. This sensor is powered by a battery.
IoT Arduino Sensor
Another Arduion board acts as receiver. Via the serial bus we transfer the data to a Netduino board, this device is connected to our WLAN and pushes the sensor values with an REST service into an Azure hosted MSSQL Database.
IoT Arduino Netduino Sensors
The REST service and the public facing website was implemented as an ASP.NET MVC / WebAPI site which is also hosted in Azure. On the website, everyone can observer the sensor values without a login.
Azure Website
As a logged in user you can configure parameters like threshold values for a specific plant, setup some timer jobs for alarm notifications and define twitter messages. To manager the users access we used the Azure AD.
To export the sensor data from the Azure hosted database into Excel we used the new awesome Office Add-in technology.
Excel Office Add-in
For the number guys in our company we provide the senor values also in Power BI.
Power BI
The following picture gives you an overview of the IoT environment. As written before this is just a prototype with lots of potential improvements. In the upcoming blog posts I will explain the different aspects of the development process in detail.
IoT Environment Overview

Authenticate against an Azure Mobile Service app with ADAL.js

In one of my current projects I was trying to access a Azure Mobile Service from within a HTML Angular app. “Great!” I thought, let’s use ADAL.js and let the magic happen! So I installed ADAL.js, configured it and…..nothing, ADAL.js injects the Bearer token but I got a “401 unauthorize” from the Azure Mobile Service. After some research on the web I was able to get Azure Mobile Service authentication to work with an ADAL.js acquired authorization token.

The Setup

As mentioned above there are 2 “apps”, an HTML Angular app and an Azure Mobile Service app with a .NET backend. Both apps uses Azure Active Directory as the authentication backend, the following image shows this setup.


Azure Mobile Service app

We will start with the Azure Mobile Service app. Microsoft provides a detailed explanation on how to configure the windows azure active directory authentication for azure mobile service in this article.

After configuring the Azure Active Directory application for the Azure Mobile Service you only need to add the following configuration to the web.config of your Azure Mobile Service:

    <add key="MS_CrossDomainOrigins" value="https://localhost:44304" />

This options allows us to call the azure mobile service from the specified host (e.g. localhost). This option is only necessary if you like to call an Azure deployed Mobile Service app.

HTML app

After Creating the Azure Mobile Service AAD application we create a new AAD app for the HTML app with the following settings:


Note: The APP-ID Url must not be a real URL, it’s more a unique identifier for your app. More Information about this here

After creating the Azure Active Directory app we can configure out HTML Angular app to use this AAD app with ADAL.js:

				redirectUri: "https://localhost:44304/",

You can get the ClientID from the Azure Active Directory app:


The redirectUri should also match the reply url you’ve configured in your Active Directory app:


For more information about how to use ADAL.js with Angular take a look at Vittorio Bertoccis blog post.

Another important step is to configure “oauth2AllowImplicitFlow” option in the AAD app Manifest. You can download this manifest from the “Configure” page of the AAD application:


After downloading the manifest open it and set “oauth2AllowImplicitFlow” to “true”. This enables the OAuth client flow which is needed for client side (=javascript) authentication.

The last configuration we need to apply allows our HTML app to request access tokens for the Azure Mobile Service app. To do this we need to add the Azure Mobile Service app under “permissions to other applications” and delegate the “Access” permission:


Note: After clicking “Add application” you have to select “all Apps” to list all available apps.

Authenticate against Azure Mobile Service

Now that we have configured Azure AD for our HTML and Azure Mobile Service app we can extend the HTML app to authenticate against the Azure Mobile Service. To do this, we need to tell ADAL.js that we want to authenticate against this endpoint, so we need to add an endpoint configuration to out ADAL.js config:

    redirectUri: "https://localhost:44304/",
    endpoints: {
        '': ''

The first part of the endpoint is the url of the endpoint, the second part is the APP-ID URI of the Azure Mobile Service AAD application. ADAL.js now injects into every call to the specified endpoint url a bearer token. Sadly Azure Mobile Service doesn’t use this token for authentication. Instead it uses its own token provided in a “X-ZUMO-AUTH” header. To get the token we can use the client-directed login operation . This allows us to get an Azure Mobile Service auth token for an already obtained AAD token. So we need to obtain an OAuth token for our Azure Mobile Service AAD app and present this token to Azure Mobile Service to get a valid Azure Mobile Service token. A little bit complicated but OK, let’s try this:

var zumoAppID = '';
var zumoLoginUri = '';
var zumoTodoController = '';

// 1. acquire an oath token for our zumo app from azure ad via adal.js
adalAuthenticationService.acquireToken(zumoAppID).then(function (data) {
     //2. we have the azure ad token, let's get a azure mobile service token
                    "access_token": data
                success(function (data, status, headers, config) {
                    //3. with the azure mobile service token we can authenticate our re                    //   quest
			                                  headers:  {
				                                      'X-ZUMO-AUTH': data.authenticationToken
			                              success(function (data, status, headers, config) {
			                                  alert(data); //yay!
                error(function (data, status, headers, config) {


After this long post here are the key points:

  • Create a Azure Active Directory application for the Azure Mobile Service app and the HTML app
  • The HTML AAD app must have the set the “oauth2AllowImplicitFlow” option to “true” in the manifest
  • The HTML AAD app must have access to the Azure Mobile Service app (under “permissions to other applications)
  • The HTML App must have ADAL.js be configured with a endpoint for the Azure Mobile Service app
  • You have to use the client-directed login operation in your HTML app

If you find a more elegant solution for this problem or need further help, please let me know.


Get low-battery push notification from your notebook

Imagine the situation while presenting your newest PowerPoint slide show in front of your customer, when your notebook’s screen suddenly goes black.
Reason: You missed the “Your battery is running critically low on power” message.

But you’re lucky: If you are an owner of a Microsoft Band (or any other push-compatible smart wear), here is a tiny proof-of-concept solution, preventing such a blame: Continue reading