It has been quite a while since I’ve sat behind my computer.
The reason for it? Well, I’ve had a bad case of a bacteria infection. This infection started sometime early in January.
A couple of days later, I was in the hospital, where the doctors diagnosed me with the infection. It was so severe; they had to perform surgery on my left arm immediately to cleanse it. Of course, I also needed lots and lots of antibiotics to get rid of the bacteria.
Read more →It’s the time of the year when you see lots of bloggers & content creators making a post, video, or something else to reflect on the past year and make predictions for the next.
Well, this year, I’m one of them!
We all know a lot of stuff has happened in the past year. I’m trying to keep a positive mind and not focus too much on life’s negative things. Focussing on the good things in life makes me much happier and energetic.
Read more →I’m busy locking down my web applications in Azure and using my learnings on the day job. One way to do this is by making sure all requests are authenticated, and roles are granted accordingly.
Using the correct issuer While checking out the token, I found the issuer (iss) contains the following value https://sts.windows.net/[tenantid]/.
{ "aud": "f4c42c68-c881-4320-815c-1ca4f32cb6c5", "iss": "https://sts.windows.net/[tenantid]/", "iat": 1605812881, // all other properties of your token } The issuer is valid, but not the one I was expecting.
Read more →You might know it’s possible to add Azure Active Directory users and groups to Azure SQL Databases by running a command like this one:
CREATE USER [My-DB-Administrators] FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA = dbo; GO alter role db_owner ADD member [My-DB-Administrators] GO If you ever wanted to automate this via a script in a deployment pipeline or some Azure worker process, you probably noticed this didn’t work as expected.
Well, this has changed!
Read more →Some time ago, someone assigned me a task to retrieve data from several data sources residing in multiple Azure subscriptions, using a Logic App.
Creating these shouldn’t be very difficult when using API Connections and using the data repositories’ connection strings. However, I don’t like specifying these connection strings anywhere in my ARM template nor Key Vault.
What I DO want to use is the listKeys function in my deployment template.
Read more →I recently had to create a Logic App, which is responsible for copying data from one Cosmos DB database to another.
To do this, you can use the standard building blocks available in a Logic App workflow.
While doing so, I did stumble across one issue. When you supply a Partition Key for a specific collection, and some entries have null as a value for this Partition Key, you’ll get into a bit of trouble.
Read more →In one of my most recent live coding sessions, I had an issue with my PowerShell configuration. When running any of the Azure PowerShell cmdlets I got the message
The ‘[command]’ command was found in the module ‘Az.[someModule]’, but the module could not be loaded. For more information, run the ‘Import-Module Az.someModule’
Running the Import-Module command didn’t help much, because the module was already loaded. I even tried Import-Module Az and verified everything was installed correctly with the Get-InstalledModule -Name Az* command.
Read more →Another small post, but a solution to a problem which has annoyed me a lot.
Changing the power profile or power scheme in Windows is quite a hassle if you ask me. I have created a ‘High Performance’ profile on my laptop for when I’m doing development work on the machine and also have the ‘Balanced’ profile, which is the default in Windows. However, switching between these profiles is a lot of work (in my opinion).
Read more →This won’t be a long post, but useful nonetheless. It’s more like a script-dump as a post.
A while ago, someone assigned a task to me where I had to retrieve all the existing secrets in a specific Key Vault and list them. These secrets were to be placed in another Key Vault on a shared location. The exact reasons for this migration don’t matter for this post, but it has something to do with having a single Key Vault instance compared to having a Key Vault ‘per domain’, which I like a bit better.
Read more →A couple of days ago a friend asked me the question ‘How should I authenticate services with each other using roles’. I wanted to point him to a post I wrote last year, ‘Using an Azure Managed Identity to authenticate on a different App Service’, but I noticed this post wasn’t as complete as I remembered it to be.
While it does explain how to enable authentication in your service and using a Managed Identity for this, it doesn’t cover how to add roles in your application and assign them to a user or service principal (like a Managed Identity).
Read more →