How to create a read only user for a SQL Azure database

SQL Azure
SQL Azure

I am updating, or should I say, re-coding a website I have from ASP.NET Web Forms (aspx) to ASP.NET Core Razor Pages (chtml).  The database it connects to only has a global admin, full access user identity.  So I thought that I would fix that and create a need account for read only access.  This…

0

IP Restrictions on Azure App Service as expected behavior

Azure App Service Benjamin Perkins
Azure App Service Benjamin Perkins

A method to 100% shutdown the public endpoint of an App Service running in the public tenant is not provided.  However, you can create an ILB ASE (which is not a public tenant) or you can restrict the access using an IP Restriction.  Here is some information on the detailed feature for setting this up…

0

Using Managed Service Identity (MSI) with an Azure App Service or an Azure Function

Managed Service Identity MSI Benjamin Perkins
Managed Service Identity MSI Benjamin Perkins

Instead of storing user id / passwords or database connection strings in source or configuration files, you should consider storing them in an Azure Key vault. Azure Function 400 Bad Request How to connect to a database from an Azure Function Create an Azure Key Vault secret How to connect to a database from an…

0

How to connect to a database from an Azure Function using Azure Key Vault

Azure Functions Benjamin Perkins
Azure Functions Benjamin Perkins

In my original article here where I stored the database connection string in an Environment Variable which is no longer an optimal approach (it was only for example).  I will now update the Azure Function to access an Azure Key Vault secret which has the database connection string and use it to make the database…

0

Time sync, synchronization on an Azure App Service

Azure App Service Benjamin Perkins
Azure App Service Benjamin Perkins

An Azure App Service is PaaS and synchronizes the clocks based on the hosting platform.  As per this request, the drift may be up to 2 seconds and are synced once per week.  That request was made some years ago when an App Service was running on Windows Server 2012 and IIS 8.  With the…

0

How to create a new Azure Active Directory

Azure Active Directory (AAD) Benjamin Perkins
Azure Active Directory (AAD) Benjamin Perkins

Historically, or for some time the way to create an Azure Active Directory was either to create a new Subscription or use the old AUX portal.  In the new portal, I was able to create an Azure Active Directory, I.e. ######.onmicrosoft.com by logging in to the portal clicking NEW –> Security + Identity –> Azure…

0

Kali Linux for Windows

Linux Benjamin Perkins
Linux Benjamin Perkins

This is pretty cool as I am very interested in this specific flavor of Linux.  I have installed it and it’s very cool.  You can down load this from the Microsoft Store. Then search for “Kali” and install it. Here is the description: “The Kali for Windows application allows one to install and run the…

1

Adding groups to an Azure Active Directory domain

Azure Active Directory (AAD) Benjamin Perkins
Azure Active Directory (AAD) Benjamin Perkins

I wrote about creating a user in an Azure Active Directory domain or adding users to the Azure Active Directory domain here, but now I want to add some groups.  Both of these articles are in preparation for an ASP.NET application I will write as an example for how to implement role based security into…

0

Adding users to an Azure Active Directory domain

Azure Active Directory (AAD) Benjamin Perkins
Azure Active Directory (AAD) Benjamin Perkins

I am going to do a self study to learn how to implement authentications and authorization into my ASP.NET application using Azure Active Directory.  Pretty much this, but with out using the AUX (OLD) portal (if now possible).  Although it has already been done, I like to do it myself and I like to document…

0

How to analyze a trace taken using NETSH TRACE

Networking Benjamin Perkins
Networking Benjamin Perkins

I wrote article “Capture a NETSH network trace” here, where I discussed how to capture a NETSH trace, I will discuss how I analyzed it now. I wrote another here that explains how to convert the ETL into a CAP file so it can be analyzed in Wireshark or Network Monitor.  “Analyze NETSH traces with…

0

Analyze NETSH traces with Wireshark or Network Monitor, convert ETL to CAB

Networking Benjamin Perkins
Networking Benjamin Perkins

I wrote a post about how I captured a NETSH trace here “Capture a NETSH network trace”.  I like to use Wireshark to analyze my network traces, this post describes how I analyzed a NETSH .ETL trace file in Wireshark. NOTE:  Wireshark is not a Microsoft product it is a 3rd party tool. Basically, I…

0

Capture a NETSH network trace

Networking Benjamin Perkins
Networking Benjamin Perkins

Here are the official details on this one.  I was needing to do this and realized that I had never written a post on this one.  Although we are moving into the cloud and this isn’t needed so much anymore, all the IT pros who will continue to work with Windows Server within their own…

0

TLS on Azure App Services

SSL TLS Certificate Benjamin Perkins
SSL TLS Certificate Benjamin Perkins

I wrote this article some time ago “How to disable TLS 1.0 on an Azure App Service Web App” that explains some of the reasons TLS was not configurable on the Azure App Service platform.  There were many customers who wanted to disable TLS 1.0 so they could remain or become PCI compliant and at…

2

What Root Certificates exist on an Azure App Service, CA Root

SSL TLS Certificate Benjamin Perkins
SSL TLS Certificate Benjamin Perkins

As you may already know SSL/TLS is offloaded on the Front Ends (*) and this is where certificate root chains are validated (AFAIK).  There is no way for you to access those machines to dump out what CAs are there.  The next, or closest thing I can think of is to dump them out via…

0

How to create a self-signed SAN certificate, wildcard certificate vs SAN

SSL TLS Certificate Benjamin Perkins
SSL TLS Certificate Benjamin Perkins

I have some domain names that I use for testing out Azure features, write some blogs and other fun stuff.  I find myself needing, wanting to use HTTPS and using the instructions I wrote some time ago, see below, to create the certificate is long and tedious.  I had an epiphany which lead me to…

0