Kirk Evans Blog

.NET From a Markup Perspective

Join a Virtual Machine to Existing Domain with Key Vault and ARM templates

One of my customers is building a set of ARM templates for their internal users.  They wanted to remove the burden for users to specify the local administrator’s credentials, but wanted to store the credentials securely. To skip the explanation and just go to the code, see The problem is that you cannot reference… Read more

Join a SUSE Linux Enterprise Server to an Azure AD Domain Services Managed Domain

This post will show how to use Azure AD Domain Services (AAD-DS) with SUSE Linux Enterprise Server (SLES). Background A customer asked how they might use AAD-DS with SLES 11 SP4 to test their product.  I am very familiar with Windows but still very much a Linux novice, and there seems to be no easy… Read more

Creating a Node.js Application Secured by Azure AD

This post shows how to create a Node.js application using Node.js, Bash for Windows, Visual Studio Code, and Azure Active Directory.  The final solution is available at  Background I’ve been a C# .NET developer for the past 17 years  Sure, I’ve coded with other languages (C++, Java, JavaScript, Pascal, F#, Visual Basic, Ruby), but… Read more

Using Azure KeyVault to Store Secrets

I have deleted the contents of this post as it demonstrated how to use clientID and clientSecret to obtain an AzureAD access token to Key Vault. This is not the correct guidance, your solution should leverage the Managed Service Identity feature of Azure AD or use certificates to authenticate to Azure AD in order to… Read more

Using PowerShell With Certificates

This post will demonstrate using PowerShell cmdlets to create, read, and delete certificates.  Spoiler alert: it’s dead simple. Background I was working through the example Authenticating to Azure AD in daemon apps with certificates and I saw this: makecert -r -pe -n “CN=TodoListDaemonWithCert” -ss My -len 2048 TodoListDaemonWithCert.cer -sv TodoListDaemonPrivateKey.pvk Easy to read, right?  I… Read more

Securely Upload to Azure Storage with Angular

This post will show you how to securely upload blob content to Azure Storage from an Angular app.  The source code for this solution is available at  Background Our team has been busy the past few months traveling the globe and hosting readiness workshops for our top global system integrator partners.  One of the… Read more

Azure AD Application Proxy and SharePoint 2013

This post will show how to configure Azure Active Directory Application Proxy for an on-premises SharePoint 2013 installation using Kerberos constrained delegation. Background I see this question in emails and online forums alike almost weekly: “We need users to access our on-premises SharePoint farm from their mobile phones.” This usually involves an in-depth conversation about… Read more

Adding Active Directory Certificate Services to a Lab Environment

  This post will show how to add Active Directory Certificate Services to a lab environment. Background I often create a set of virtual machines that include a database, an IIS server, and an Active Directory domain controller.  Frequently I will need to add a certificate for a web site on the IIS server.  While… Read more

Updated Fiddler OAuth Inspector

This post will detail some of the updates made to the Fiddler OAuth inspector and gives examples of how to use it. Background I previously wrote about Creating a Fiddler Extension for SharePoint 2013 App Tokens.  As my friend Andrew Connell let me know, the tool is valuable beyond the context of SharePoint, it is… Read more

The API Economy: Consuming Our Web API from a Single Page App

This post shows how to consume a Web API secured with Azure Active Directory using ADAL.js. Background This post is part of a series on building a SharePoint app that communicate with services protected by Azure AD. Part 1 – An Architecture for SharePoint Apps That Call Other Services Part 2 – Using OpenID Connect… Read more