Is blockchain suitable for web applications

Azure Blockchain Workbench architecture

  • 6 minutes to read

Azure Blockchain Workbench (Preview) simplifies blockchain application development by delivering a solution that leverages multiple Azure components. Azure Blockchain Workbench is deployed using a solution template in the Azure Marketplace. The template allows you to select the modules and components to be deployed, such as blockchain stacks, type of client application, and support for IoT integration. Once deployed, Blockchain Workbench provides access to a web application, an iOS application, and an Android application.

Identity and Authentication

With Blockchain Workbench, a consortium can merge its corporate identities with Azure Active Directory (Azure AD). Workbench generates new user accounts for on-chain identities with the company identities stored in Azure AD. Identity mapping makes it easy to authenticate logging into client APIs and applications, and uses corporate authentication policies. Workbench also offers the possibility of assigning corporate identities to specific roles within a defined intelligent contract. In addition, Workbench provides a mechanism to identify the actions that these roles can perform and when they are performed.

After the Blockchain Workbench is deployed, users interact with this solution either through the client applications, the REST-based client API, or the messaging API. In all cases, interactions must be authenticated - either through Azure Active Directory (Azure AD) - or device-specific credentials.

Users share their identities with a consortium Azure AD by sending an invitation to the email address of participants. When logging in, these users are authenticated with their name, password and policies. An example of this would be the two-step authentication of your organization.

Azure AD is used to manage all users who have access to Blockchain Workbench. Every device that is connected to a smart contract is also linked to Azure AD.

Azure AD is also used to assign users to a special administrator group. Users assigned to the administrator group have access to rights and actions in Blockchain Workbench - this includes, for example, the provision of contracts and the assignment of access rights for a contract to a user. Users outside of this group do not have access to administrator actions.

Client applications

Workbench provides automatically generated client applications for the web and mobile devices (iOS, Android) that can be used to review, test and view blockchain applications. The application interface is generated dynamically on the basis of intelligent contract metadata and can take any use case into account. The client applications provide a user-oriented front-end for the complete blockchain applications generated by the Blockchain Workbench. Client applications authenticate users through Azure Active Directory (Azure AD) and then present a user interface tailored to the business context of the smart contract. The user interface enables the creation of new intelligent contract instances by authorized persons. Then certain types of transactions can be carried out at appropriate times in the smart contract business process.

Authorized users can access the administrator console in the web application. The console is available to users in the Administrators group in Azure AD and provides access to the following features:

  • Provision of smart contracts offered by Microsoft for common scenarios. For example, a resource transfer scenario.
  • Upload and provision of your own smart contracts.
  • Assigning user access to the smart contract within the framework of a specific role.

For more information, see the Azure Blockchain Workbench sample client application article on GitHub.

Gateway Service API

Blockchain Workbench includes a REST-based gateway service API. During the writing process to a blockchain, the API generates messages and sends them to an event broker. When the API requests data, queries are sent to the off-chain database. The database contains a replica of the on-chain data and metadata that provides context and configuration information for supported smart contracts. Queries return the required data from the off-chain replica in a format informed by the metadata of the contract.

Developers can access the Gateway Service API to build or integrate blockchain solutions without relying on the Blockchain Workbench client applications.


To enable authenticated access to the API, two client applications are registered in the Azure Active Directory. Azure Active Directory requires different application registrations for each type of application (native and web).

Incoming message broker

Developers who want to send messages directly to Blockchain Workbench can send them directly to Service Bus. For example, the Message API can be used for integration in systems or for IoT devices.

Message broker for downstream consumers

Events occur during the life cycle of the application. Events can be triggered through the gateway API or on the ledger. Event notifications can initiate downstream code based on events.

Blockchain Workbench automatically provides two types of event consumers. One consumer is triggered by blockchain events that are supposed to fill up the off-chain SQL memory. The other consumer is required to collect metadata for events that are generated by the API in connection with the uploading and saving of documents.

News consumer

Message consumers receive messages from Service Bus. The underlying event model for message consumers enables expansion with additional services and systems. You can use this, for example, to fill CosmosDB or evaluate messages with Azure Streaming Analytics. The following sections describe the message consumers included in the Blockchain Workbench.

Distributed ledger consumer

Distributed Ledger Technology (DLT) messages contain the metadata for transactions that are to be written to the blockchain. The consumer gets the messages and pushes the data to a transaction generator, signature generator and router.

Database consumer

The database consumer receives messages from Service Bus and pushes the data to an attached database, e.g. B. a database in Azure SQL Database.

Storage consumer

The memory consumer receives messages from the Service Bus and pushes data to a connected memory. An example of this would be storing hash documents in Azure Storage.

Transaction generator and signer

When a message on the inbound broker needs to be written to the blockchain, it is processed by the DLT consumer. The DLT consumer is a service that retrieves the message with the metadata for executing a desired transaction and then sends it to the Transaction generator and signer sends. The Transaction generator and signer Assembles a blockchain transaction based on the data and the desired blockchain target. The transaction is then signed. Private keys are stored in Azure Key Vault.

Blockchain Workbench fetches the corresponding private key from the Key Vault and signs the transaction outside of the Key Vault. Once signed, the transaction is sent to the transaction router and ledger.

Transaction router and ledger

Transaction routers and ledgers record signed transactions and forward them to the corresponding blockchain. Blockchain Workbench currently supports Ethereum as a target blockchain.

DLT watcher

A DLT watcher (Distributed Ledger Technology) monitors events in blockchains that are connected to the Blockchain Workbench. Events reflect personal and system-relevant information. Examples of this are the creation of new contract instances, the execution of transactions or the changing of states. The events are captured and sent to the outgoing message broker so that they can be used by downstream consumers.

For example, the SQL consumer monitors events and uses them to fill the database with the values ​​it contains. The copy can be used to restore a replica of on-chain data to off-chain storage.

Azure SQL database

The database connected to the Blockchain Workbench stores contract definitions, configuration metadata and an SQL-accessible replica of the data stored in the blockchain. This data can easily be queried, visualized or analyzed by directly accessing the database. Developers and other users can use the database for reports, analysis, or other data-centric integrations. For example, users can visualize transaction data with Power BI.

This off-chain storage enables companies to query data in SQL instead of a blockchain ledger. By unifying to a standard schema that is independent of stacks of blockchain technology, off-chain storage enables reports and other artifacts to be reused in projects, scenarios and organizations.

Azure storage

Azure Storage is used to store contracts and contract-related metadata.

From orders and bills of lading, to images used in the news and medical, to videos taken from a continuum such as police body cameras and large-scale films, documents play a role in many blockchain-oriented scenarios. Documents are not suitable to be placed directly in the blockchain.

Blockchain Workbench offers the ability to add documents or other media content with blockchain business logic. A hash of the document or media content is stored in the blockchain and the actual document or media content is stored in Azure Storage. The associated transaction information is sent to the incoming message broker, packaged, signed and forwarded to the blockchain. This process triggers events that are released through the broker for outgoing messages. The SQL database uses this information and sends it to the database for later query. Downstream systems could also use these events to act if necessary.


Workbench enables application logging with Application Insights and Azure Monitor. Application Insights is used to store all logged information from Blockchain Workbench, including errors, warnings, and successful operations. Application Insights can be used by developers to troubleshoot Blockchain Workbench issues.

Azure Monitor provides information about the health of the blockchain network.

Next Steps