Kirk Evans Blog

.NET From a Markup Perspective

Join a Virtual Machine to Existing Domain with Key Vault and ARM templates

One of my customers is building a set of ARM templates for their internal users.  They wanted to remove the burden for users to specify the local administrator’s credentials, but wanted to store the credentials securely. To skip the explanation and just go to the code, see https://github.com/kaevans/vm-domain-join-key-vault. The problem is that you cannot reference… Read more

Join a SUSE Linux Enterprise Server to an Azure AD Domain Services Managed Domain

This post will show how to use Azure AD Domain Services (AAD-DS) with SUSE Linux Enterprise Server (SLES). Background A customer asked how they might use AAD-DS with SLES 11 SP4 to test their product.  I am very familiar with Windows but still very much a Linux novice, and there seems to be no easy… Read more

Creating a Node.js Application Secured by Azure AD

This post shows how to create a Node.js application using Node.js, Bash for Windows, Visual Studio Code, and Azure Active Directory.  The final solution is available at https://github.com/kaevans/node-aad.  Background I’ve been a C# .NET developer for the past 17 years  Sure, I’ve coded with other languages (C++, Java, JavaScript, Pascal, F#, Visual Basic, Ruby), but… Read more

Using Azure KeyVault to Store Secrets

I have deleted the contents of this post as it demonstrated how to use clientID and clientSecret to obtain an AzureAD access token to Key Vault. This is not the correct guidance, your solution should leverage the Managed Service Identity feature of Azure AD or use certificates to authenticate to Azure AD in order to… Read more

Using PowerShell With Certificates

This post will demonstrate using PowerShell cmdlets to create, read, and delete certificates.  Spoiler alert: it’s dead simple. Background I was working through the example Authenticating to Azure AD in daemon apps with certificates and I saw this: makecert -r -pe -n “CN=TodoListDaemonWithCert” -ss My -len 2048 TodoListDaemonWithCert.cer -sv TodoListDaemonPrivateKey.pvk Easy to read, right?  I… Read more

Connecting Virtual Networks in ARM Templates

This post will demonstrate creating two virtual networks, gateways for each, and connecting them together using an ARM template. Background I am working on a project that requires two Azure virtual networks to connect together.  I have done this so many times, typically through CLI scripts or PowerShell, but didn’t find the time to create… Read more

Azure Web App Client Certificate Authentication with ASP.NET Core

This post will walk through securing an ASP.NET Core application deployed to an Azure Web App that is secured using client certificates. The code is available for download at ClientCertDemo.  Background Many customers have implemented client certificates for older web applications and are looking at Azure Web Apps to move their code.  A common question… Read more

Deploy bacpac With Active Geo Replication

This post will show you how to use an ARM template to deploy a data application as a .bacpac file and to enable active geo replication to a second region.  This is a follow-on from the previous post, Deploy bacpac to Azure SQL Database Using ARM.  Background As our team has traveled around the world… Read more

Securely Upload to Azure Storage with Angular

This post will show you how to securely upload blob content to Azure Storage from an Angular app.  The source code for this solution is available at https://github.com/kaevans/globalscaledemo.  Background Our team has been busy the past few months traveling the globe and hosting readiness workshops for our top global system integrator partners.  One of the… Read more

Creating ARM Templates with Azure Resource Explorer

This post will show how to use Azure Resource Explorer to assist in creating Azure Resource Manager templates. Background My team at Microsoft is busy on the road delivering a series of workshops to our top partners around the world.  One of the sessions that I put together for the workshop is called “Architecting Global… Read more