Category: Security

Create an Azure Key Vault and Secret

Azure Benjamin Perkins

Storing, for example, a database connection string which include server name, user id and password in source code or in a configuration file is what is called ‘password leaking’.  That means that anyone who has access to application source code can search through and get access to the database, because the information required to connect […]

Read More →

TLS on Azure App Services

Azure App Service Benjamin Perkins

I wrote this article some time ago “How to disable TLS 1.0 on an Azure App Service Web App” that explains some of the reasons TLS was not configurable on the Azure App Service platform.  There were many customers who wanted to disable TLS 1.0 so they could remain or become PCI compliant and at […]

Read More →

Always get "Authorization has been denied for this request." ASP.NET Web API

ASP.NET Benjamin Perkins

I was creating an ASP.NET Web API today and when I called one of the Web APIs (/api/values) I got the following response: {“Message”:”Authorization has been denied for this request.”} It turns out by default ‘Individual User Accounts” authentication is enabled by default.  See Figure 1. Figure 1, {“Message”:”Authorization has been denied for this request.”} […]

Read More →

Resetting FTP password, using Publish Profile credentials, Azure App Service

Azure App Service Benjamin Perkins

If you have ever tried to reset your deployment credentials for your Azure App Service then you would likely experience this:  “User name is not available”, as seen in Figure 1. #GermanCloud Figure 1, user name is not available when changing FTP password azure app service To workaround that, use a different username, I.e. temporarily […]

Read More →

Failed to save Auth settings Easy Auth Azure Authentication

Security Cyber Benjamin Perkins

When I tried to configure a a URL into the ALLOWED EXTERNAL REDIRECT URLS text box, as shown in Figure 1, I received the following error. Failed to save Auth Settings for authenticated App: {"Code":"Conflict","Message":"Cannot update the site ‘******’ because Authentication / Authorization was configured with an invalid external redirect URL ‘***.***.***.***’. All configured URLs […]

Read More →