A method to 100% shutdown the public endpoint of an App Service running in the public tenant is not provided. However, you can create an ILB ASE (which is not a public tenant) or you can restrict the access using an IP Restriction. Here is some information on the detailed feature for setting this up […]
Read More →Tags: Security
Using Managed Service Identity (MSI) with an Azure App Service or an Azure Function
Instead of storing user id / passwords or database connection strings in source or configuration files, you should consider storing them in an Azure Key vault. Azure Function 400 Bad Request How to connect to a database from an Azure Function Create an Azure Key Vault secret How to connect to a database from an […]
Read More →How to connect to a database from an Azure Function using Azure Key Vault
In my original article here where I stored the database connection string in an Environment Variable which is no longer an optimal approach (it was only for example). I will now update the Azure Function to access an Azure Key Vault secret which has the database connection string and use it to make the database […]
Read More →Create an Azure Key Vault and Secret
Storing, for example, a database connection string which include server name, user id and password in source code or in a configuration file is what is called ‘password leaking’. That means that anyone who has access to application source code can search through and get access to the database, because the information required to connect […]
Read More →TLS on Azure App Services
I wrote this article some time ago “How to disable TLS 1.0 on an Azure App Service Web App” that explains some of the reasons TLS was not configurable on the Azure App Service platform. There were many customers who wanted to disable TLS 1.0 so they could remain or become PCI compliant and at […]
Read More →What Root Certificates exist on an Azure App Service, CA Root
As you may already know SSL/TLS is offloaded on the Front Ends (*) and this is where certificate root chains are validated (AFAIK). There is no way for you to access those machines to dump out what CAs are there. The next, or closest thing I can think of is to dump them out via […]
Read More →Always get "Authorization has been denied for this request." ASP.NET Web API
I was creating an ASP.NET Web API today and when I called one of the Web APIs (/api/values) I got the following response: {“Message”:”Authorization has been denied for this request.”} It turns out by default ‘Individual User Accounts” authentication is enabled by default. See Figure 1. Figure 1, {“Message”:”Authorization has been denied for this request.”} […]
Read More →Azure App Service IP Based SSL and SNI Based SSL configuration
25-OCT-2017: If you delete an existing binding during the certificate renewal process, then you likley will get a new inbound IP address allocated. This would cause a problem with an A record DNS configuration. Therefore, to renew a certificate, upload the new certificate, noting the new thumbprint and bind that one to the App Service […]
Read More →Resetting FTP password, using Publish Profile credentials, Azure App Service
If you have ever tried to reset your deployment credentials for your Azure App Service then you would likely experience this: “User name is not available”, as seen in Figure 1. #GermanCloud Figure 1, user name is not available when changing FTP password azure app service To workaround that, use a different username, I.e. temporarily […]
Read More →Azure Management Certificates (German Cloud, Azure Deutschland)
This article has to do mostly with the German Cloud, #GermanCloud #AzureGermany because it is most probable that there will not be anything similar to manage.windowsazure.com deployed to this solution. Why is that important? It is important because this is historically how many people configured thier PowerShell or other clients to make deployments/configurations onto Azure. […]
Read More →