Azure, Identity Provider

Running KeyCloak on Azure App Service and Azure SQL using managed identities

I’ve recently been seeing a lot of developers diving into the world of authentication and asking for recommendations on what to use as an Identity Provider (IdP). There’s plenty of IdP out there. If you’ve been following me, I’ve done some posts on Identity Server (before it was Duende). I’m a big fan of Microsoft Entra (for the workforce) and Entra External ID (successor of Azure AD B2C), for external identities not related to your organization, for it’s simplicity and for it’s SaaS abilities, as IdPs are, in my eyes, mission critical parts of your ecosystem: if it goes down, your whole system is down. Any SaaS IdP allows me to focus on my application and not managing an IdP…

Read more
Azure, Debugging, Web, WebApi

Debugging a managed identity connection to Azure SQL in Azure App Service using containers

So you’ve been eager to deploy your containerized web application that you’ve been working on for a while, to Azure App Service. You follow the best security practices which means you’ve setup your connection to your Azure SQL database using a managed identity. Upon loading your application, you get a dreadful exception that you can’t connect to the database. You then wonder, is this a database permission problem or some another problem, such as the application cannot connect to the database using its managed identity. This problem is even tougher to diagnose in applications such as Custom Off the Shelf (COTS) that you don’t have the source code. Rest assured, this happen to the best of us (yes, even me!)….

Read more
Development, Tools, Visual Studio

Self-signed certificate chain problems with GitHub Copilot and Visual Studio and Visual Studio Code

My customers have been excited to start using and experimenting with GitHub Copilot. Their proof of value has really proven to be beneficial in a lot of their development aspects. Some of them have tougher security controls in their corporate environments. One of them is SSL inspection through their firewall/NVA. This had lead to the dreadful error: [CopilotClientManager Information] statusNotification: Warning: The pending stream has been canceled (caused by: self-signed certificate in certificate chain)[CopilotClientManager Error] [ghostText] Error on ghost text request: FetchError: The pending stream has been canceled (caused by: self-signed certificate in certificate chain) The GitHub engineering team is aware of the problem. While the tools continue to improve and a more native fix / solution can hopefully be baked in, as I tell my customers, always open a support ticket to help the engineering team navigate these issues. If your organization is doing SSL inspection and you have access to the Root certificate (and it…

Read more
Azure, Development, Web, WebApi

Load testing your applications using Azure Load Testing, JMeter and GitHub Actions

I’ve been working with more customers that are starting to take testing (unit, integration, end to end and load testing) more seriously. You may ask, “Dom, really? I thought testing was trivial”. Unfortunately not. As we’re entering an era where businesses are producing software like never before, relatively speaking, these businesses are not software companies. They are seeking to prioritize the speedy creation of business value while disregarding the importance of testing. Development teams, most often than not, are under pressure when the applications they develop do not perform the way they intended it to work, after being released. Testing is not engrained within their DNA. If it would have been, the extra stress and anxiety associated with debugging the…

Read more
Azure, AzureFunctions, C#

Deploying EOL .NET Core to Azure App Services

As you all know, .NET Core 3.1 is now out of support since December 13 2022. If you follow me on my social media, I reminded my followers about this a little over a month ago. Unfortunately, some of the customers my colleagues and I deal with, have yet to migrate, and were caught by surprise at the last minute. I am and have been advising my customers to plan some time to migrate to .NET 6 (which is LTS), however, the time and priorities issue always come back. Fortunately, there are 2 solutions that you can put in place today to be able to continue deploying EOL .NET core versions. Solution 1: Deploying the application using the self-contained method…

Read more
Tools

Compiling sqlcipher (sqlite encrypted) for Windows using Visual Studio 2022

I was searching for what was available in terms of encryption for SQLite and stumbled upon the Microsoft SQLite documentation for encryption. It states SQLite doesn’t support encrypting database files by default. Instead, you need to use a modified version of SQLite like SEE, SQLCipher, SQLiteCrypt, or wxSQLite3. I looked at all the proposed products and saw that SQLCipher was giving a community (open source) version of their product. However, they do not give the compiled binaries that comes with that. So I said to myself, let me try to compile it. This one was a tough one! I could not get it to work as easily as I thought I would. After a few hours playing, I got it to work and wanted…

Read more
Development, Tools

Signing your GitHub commits with GPG and YubiKey

I got a YubiKey recently and saw a YouTube video where the presenter quickly showed how to sign GitHub commits. I found this a useful thing, as on GitHub, you can just set your name and email in your git config and GitHub will link that it’s from you but when in fact it may not. I saw this with Linus Torvalds, where someone saw he had “made” commits on a repo, but it did not seem to be something he would contribute on. Was it really him? Who knows, but I realized it was time for me to go a little bit beyond the normal security aspect and use my YubiKey for more than just for FIDO2 authentication. For…

Read more
C#, Visual Studio

Executing ad hoc C# code snippets

It may happen that you want to test some C# code without having to start the full car, i.e. open up Visual Studio or Visual Studio code. You may even want to test some of the libraries you’re developing to see how a scenario or behavior you are thinking about would react. Say no more. In this post, I will show you 2 ways to do so. It won’t require you to create a console app or even run your actual application with your code snippet. This will allow you to quickly test your code and scenarios. Note that the techniques below are to produce outputs, not to actually debug your code. For debugging, you will need an IDE that…

Read more
Development

Azure DevOps GIT with SSH: fetch-pack: unexpected disconnect while reading sideband packet

In the organization I currently am, on a specific projet, the GIT repository is pretty beefy and large. I had not updated the development branch in a while, due to my assignation on some other projects. Once I had some time to come back to work on this project and see where the team was in terms of code, I wanted to make sure my local development branch was up to date with the remote by pulling the code using the the git pull command. After issuing the command, I got the following error:

This seems to be related to the decompression of the code once it’s received from the remote. One solution to counter this problem, is to…

Read more
Azure

Removing user consent from an Azure AD application

I’ve been working with my team on refactoring the authentication process that has been put in place in the application I am working on. One of the requirements was that we wanted to test out what happens when the user sees the user consentement (that is that the user consents the application to access data on its behalf), but also, when we do not see the user consentement. To my demise, finding out what has been granted and what has not, is not user friendly in the Azure portal. For my own sake, and perhaps yours, I will try to demystify the where and the how. Finding out the grants To find out what API permissions have been accepted or…

Read more
Continuous Integration, DevOps, Docker

CosmosDB linux container for your CI builds

If you have been following Microsoft Build 2021, you may have seen the news that the CosmosDB linux container is now out. This is great news for the ones who finally want to test on a *nix environment. As of this post, the CosmosDB linux container is in preview. As stated in the documentation, there are some limitations: Today, I will show you how you can automate the CosmosDB container for your CI builds, in particular Azure DevOps, running on Linux and Windows machines. If you plan to use the container on a machine running Windows, but using Docker Linux container mode, you will run into some Windows limitations while automating the process. Read more about that below. Using the…

Read more
ASP.NET Core

ASP.NET Core – KestrelServer using wrong development SSL certificate

I recently was playing around with the localhost SSL certificate that is used with Kestrel when developing locally. After cleaning my certificate using dotnet dev-certs https –clean and then retrusting it through dotnet dev-certs https –trust, my browser kept telling me my certificate was expired. Adding more log to my application, it was telling me it was using a certificate with thumbnail X that I couldn’t find in my User Certificate Store. Low and behold, this happens, when you have a certificate (with the same name as your projet) lingering in the folder %APPDATA%\ASP.NET\Https. The certificates here is used in a container scenario. Thanks to this GitHub issue that pointed me in the right direction. Hope this little post can…

Read more
DevOps, VMware

Creating an Azure DevOps hosted agent image for VMware

I’ve recently came across a news from Microsoft stating that they will remove the free grant for hosted agents: I love hosted agents as they include all the tools, I can possibly use, for me to build any possible software. For new comers, who want to have an Azure DevOps organization that can leverage hosted agents, which include concurrent pipelines, having this limitation is a bummer. Going through the channels to get that feature unblocked, can be overwhelming and a lot of people move on. This leaves you 1 solution if you don’t want to go through all of that: hosting the agents (at least 2, because concurrency means 2 agents/workers!) yourself. Thankfully, the hosted agent process for building the…

Read more
Development, Tools

Easily nuke secrets from your Git history

I came across an excellent article from Don Goodman-Wilson on GitGuardian on Rewriting your git history, removing files permanently – cheatsheet & guide. I had a scenario where I wanted to remove a secret deep in my history. In his article, he speaks about the git extension tool git-filter-repo. Eager as I am, I’m like yes lets use it! However, I realize that for starters, the install steps, if you’re working on a Windows machine, may not be as straight forward as download/install. For the ones like me that want a quick cheatsheet on how to make it work on Windows, here’s a quick summary. Thanks to the GitHub issues in the repo that helped me put this together. Setup…

Read more
AzureFunctions

Azure Functions in C# quick FAQs and tips

I get pinged once a while about something that doesn’t behave properly in Azure Functions, or about a general question about Azure Functions. I usually direct the developers to the right places. But I figured it would be a great idea to put all the answers I give in a post for future reference. Questions I use ILogger<T>, but it is not logging to the console when I deployed to Azure Bret Samblanet answers this well in a GitHub thread: This is another subtlety about how that console/debug log works in the portal. It only displays log messages if it knows they come from this function — which means they match the category Function.{FunctionName}.Class. The vanilla ILogger we pass in…

Read more