Using Key Vault references with Azure App Configuration

When working in Azure, storing secrets in Key Vault is a good idea. And to make it better, there’s the Key Vault Reference notation. This feature makes sure no one can read the secret(s) unless someone grants permission. For storing configuration, values a different service is available, called Azure App Configuration. Both services are excellent for storing & sharing the values of your cloud services. Wouldn’t it be great to be able to combine the two? Read more →

Securing Your App Service with a Vnet

My last post was on integrating your Azure App Service with a virtual network (VNet). This post is the other way around. It’s on how to put your App Service in a VNet, or rather, behind a VNet. If you want to put your Azure App Service inside a VNet, you’ll have to look for the App Service Environment (ASE). This is an offering of dedicated machines that are placed inside a VNet and you’re paying a rather hefty fee for this. Read more →

Vnet Integration for Your App Service

It’s always a good idea to secure the resources in your Azure subscriptions. One way to do this is by using virtual networks. In a lot of cases, you will put SQL Azure servers, storage accounts and, other services in a virtual network. This will make sure the services can’t be accessed from the public internet unless you explicitly say so. There are many more advantages to putting services in a virtual network, which I won’t be covering in this post. Read more →

App Service Resource Provider Access to Keyvault

Recently, I was trying to deploy an Azure App Service which was in need for a couple of certificates, which are stored in Azure Key Vault. Our ARM template looked very similar to the one below in order to install & configure the certificates in our App Service. "resources": [ { "type": "Microsoft.Web/certificates", "name": "[parameters('certificateName')]", "apiVersion": "2019-08-01", "location": "[parameters('existingAppLocation')]", "properties": { "keyVaultId": "[parameters('existingKeyVaultId')]", "keyVaultSecretName": "[parameters('existingKeyVaultSecretName')]", "serverFarmId": "[parameters('existingServerFarmId')]" } }, { "type": "Microsoft. Read more →

Using an Azure Managed Identity to authenticate on a different App Service

A couple of weeks ago, I was tasked to implement authentication between the services we have in our Azure landscape. I knew this can be done by using the Managed Identity, as we were doing this on a project I was involved with in the past. However, I had never actually done this myself. Most of the time the System Administrators were configuring everything and I just had to copy-paste some Guids in a configuration file. Read more →

Getting the group claims when authenticating with Azure Active Directory

I started working on some internal web applications for a customer. For these types of applications, it makes a lot of sense to use Azure Active Directory to authenticate users and use their AAD groups/roles to authorize them on specific pages. I wanted to authorize users by the AAD groups they are placed in. Some users can access Production data, while others are only allowed to access data from the Test environment, all based on the groups they are in. Read more →

Installing ASP.NET Core preview and beta to your App Service

A couple of weeks ago I was busy creating some proof of concept applications using Blazor, which was still labeled preview at the time. To get all of this deployed and working in an Azure App Service, I needed the preview .NET Core runtime installed. An App Service is a PaaS offering, which means you don’t have any influence on what version of the software gets installed on the underlying system. Read more →

Authentication of Microsoft Teams MessageCards actions in your API

Being able to create Message Cards or Actionable Messages in Microsoft Teams via a Logic App or an Azure Function is great. Especially if you can use this to invoke logic on your API and update the message in the Teams channel. However, you don’t want everyone to invoke a management API endpoint you’ve exposed to ‘do stuff’ in your cloud environment. Normally, you’d want to authenticate if the user pressing the button (read: invoking the endpoint). Read more →

Doing your DevOps stuff with Azure Functions instead of Logic Apps

So, a couple of weeks back I wrote about leveraging the power of Logic Apps to retrieve Alerts from within your Azure ecosystem and send them to Microsoft Teams. This works great and a fellow Azure MVP, Tom Kerkhove, has enhanced the Logic Apps Template when handling Azure Monitor events.I’m starting to become a pretty big van of Logic Apps, but there are some (obvious) downsides to it. First, they live inside your Azure Portal. Read more →

Create your own custom bindings with Azure Functions

The default Azure Functions runtime comes with quite a lot of bindings and triggers which enable you to create a highly scalable solution within the Azure environment. You can connect to service buses, storage accounts, Event Grid, Cosmos DB, HTTP calls, etc. However, sometimes this isn’t enough. That’s why the Azure Functions team has released functionality which enables you to create your own custom bindings. This should make it easy for you to read and write data to any service or location you need to, even if it’s not supported out of the box. Read more →