Export an Azure App Service Certificate PFX PowerShell

Azure PowerShell
Azure PowerShell

I found this article “Creating a local PFX copy of App Service Certificate” here and wanted to do a reproduction of it. I wrote an article here where I discussed “How (I) configured an App Service Certificate for my Azure App Service” which might help to get a broader perspective of what and how to…

0

How (I) configured an App Service Certificate for my Azure App Service

Azure App Service
Azure App Service

Here is some good information about the App Service Certificates.  Like custom domain names, you can also purchase SSL certificates from within the Azure portal here.  I was working with a customer who was having some problems with the configuration and decided to walk through the configuration myself, and like always, will document and share…

0

Azure Functions Access-Control-Allow-Credentials with CORS

Azure Functions
Azure Functions

There is a known issue documented on GitHub here with a title of Cross origin http request CORS fails with response header missing ‘Access-Control-Allow-Credentials: true’.  Although the issue described and a solution provided, I thought I would write up what I did as I use C# and didn’t see any examples of that, so here…

0

How to disable TLS 1.0 on an Azure App Service Web App

Microsoft Azure
Microsoft Azure

Short answer is that you can’t. (see alternative solution below) The reason is that when you deploy an Azure App Service it goes into a multi-tenant scale unit.  A scale unit looks something like Figure 1, which I stole from here.  Also, have a look at this forums discussion here. Figure 1, Azure App Service…

0

Azure Management Certificates (German Cloud, Azure Deutschland)

German Cloud Black Forest
German Cloud Black Forest

This article has to do mostly with the German Cloud, #GermanCloud #AzureGermany because it is most probable that there will not be anything similar to manage.windowsazure.com deployed to this solution.  Why is that important?  It is important because this is historically how many people configured thier PowerShell or other clients to make deployments/configurations onto Azure. …

0

How (I) configured Azure Active Directory into my ASP.NET MVC OWIN web application

ASP.NET
ASP.NET

Before I get started, keep in mind, that I am not a security expert, if you want to enable security for your Azure App Service Web App I recommend using EasyAuth as described here, so much easier, IMO.  You likely get some benefits from the ‘Change Authentication’ features of: No Authentication Individual User Accounts Work…

0

How to setup IP Security Restrictions for an Azure App Service

IP Security and Domain Restrictions
IP Security and Domain Restrictions

I wrote an article here that describes how to connect to a Web App from IIS manager. If you cannot do that, read down at the bottom of the article where I show the configuration you can add to the web.config manually. Here is a document that discusses this feature in more detail. Once you…

4

Make a self-signed SHA256 SSL certificate

SSL TLS Certificate
SSL TLS Certificate

I wrote an article about making an SSL certificate using MAKECERT here, but that example used the default SHA1 signature hash algorithm which is deprecating.  Therefore, instead of the command shown in Figure 6 on the referenced article, I recommend using this command, that includes the SHA256 attribute, similar to that shown in Figure 1: makecert…

10

How to add a Server Core IIS server to a domain

IIS Internet Information Services
IIS Internet Information Services

I have been messing around with Server Core, this is a much friendlier version when I need to closely manage physical hardware resources like CPU and memory.  Plus, there are fewer updates that I need to install with the much more limited OS foot print. As I buld my IIS servers to test a reproduction of…

0

Configure Application Request Routing with Windows Authentication, Kerberos

Application Request Routing (ARR)
Application Request Routing (ARR)

If you have not already read this article, please do which is a prequel to this one that explains the basic installation and configuration of ARR using anonymous authentication. The steps for configuring Application Request Routing (ARR) to use Windows Authentication -> Kerberos, are: Set authentication protocol on IIS (Server Farm) servers to Windows Authentication…

1

Why am I getting this challenge response popup?

IIS Internet Information Services
IIS Internet Information Services

Real quick, the reason for the credential pop-up is because the URL you are accessing is not in the Local Intranet trusted sites lists, as shown in Figure 6a and 6b! I setup a domain and did some learning on Kerberos. The first lessons I learned working towards a better understanding of Kerberos was some…

0

Using TLS 1.2 with WCF

SSL TLS Certificate
SSL TLS Certificate

NOTE: Security is a very serious topic and you should always engage an IT security expert before deploying an application that needs to be secure.  This article is intended to share my experience versus being an article to use as a guideline. With all the news about the different vulnerabilities like heartbleed and poodle, developers and…

6

Make your own SSL Certificate for testing and learning

SSL TLS Certificate
SSL TLS Certificate

Like many technologies, they seem very complicated when you begin to work with it, but once you get into it you start to hit the boundaries of its capabilities and features.  Once you use a tool for some time you learn what it can and cannot do, and therefore when there is a problem you…

9

Secure channel compatibility support with SSL and TLS

IIS Internet Information Services
IIS Internet Information Services

I wrote 2 previous blogs about NTLM and Negotiate/Kerberos which discussed briefly about how those authentication packages work within the context of Integrated Windows Authentication. Another authentication package supported in Windows is called Secure Channel, also known as Schannel.  This blog will not discuss the details of Schannel because the detail can be found here. …

3