Episode 721
Brian Gorman on Messaging, Queueing, and Eventing in Azure
Brian Gorman describes the value of using queueing to build asynchronous applications and the native Messaging, Queueing, and Eventing services in Azure. He discusses the value of each service and when it is appropriate to use each one.
https://github.com/blgorman/ServerlessMessagingDemystified
GCast 131:
Managing Secrets in an Azure Key Vault
Learn how to store and manage secrets in an Azure Key Vault using the Azure Portal.
Episode 718
Michael Richardson on Yarn Berry
Michael Richardson describes how to use the Yarn Berry package manager to add functionality to your JavaScript applications.
GCast 130:
Azure Key Vault allows you to securely store certificates, encryptions keys, and other secrets. In this video, you will learn how to create an Azure Key Vault.
Episode 717
Michael Scherotter on Galleryst
Using tools from Adobe and Microsoft, as well as open source libraries, Michael Scherotter has created a portal to display photography and artwork within a virtual gallery. He describes how he created galeryst.com and how to use it.
"Cruel Intentions: The 90s Musical" is a play based on a movie I never saw, which is based on a book I never read. I did not know what to expect.
In preparation to see the live show at the Chopin Theatre Saturday evening, I watched the 1999 movie on Friday. I was underwhelmed by the campy dialogue and mediocre acting, despite the presence of stars Reese Witherspoon and Sarah Michelle Gellar and semi-star Ryan Phillipe.
But the things that brought down the movie worked in the live production. The musical version took itself far less seriously than the film, making the campy dialogue seem more appropriate, often gaining an audience laugh where the same line inspired an eye roll while watching the movie.
"Cruel Intentions" is the story of Sebastian Valmont and Kathryn Merteuil – entitled step-siblings enrolled at an exclusive prep school in Manhattan. They are so privileged and amoral that they place a bet on whether Sebastian can deflower the virginal daughter of the school's new headmaster.
Manipulation, false promises, and general sociopathy ensue; but all this is interrupted periodically by cast members bursting into hit songs from the 1990s. In the stage version, the plot takes a back seat to the music. Feeling confused or angsty? Sing REM's "Losing My Religion"; Feeling sexy? Belt out Marcy Playground's "Sex and Candy"; a little self-hate can be expressed with a raucous rendition of Garbage's "I'm Only Happy When It Rains"; Use the Back Street Boys' "I Want it That Way" to flirt. The lyrics do not always fit the situation exactly, but the mood does. And somehow it works.
It works because the cast has fun with it. And so did I.
Java is a popular language for developing applications on a variety of platforms. In order to create applications, you must first install Java on your machine or virtual machine. This article will walk you through the steps to install Java on Windows 10 or 11.
You can test whether Java is currently by opening a command prompt, typing "java -version", and pressing ENTER.
If Java is installed, information about the current Java version will display. If Java is not installed, you will see a message similar to the following:
'java' is not recognized as an internal or external command, operable program or batch file.
You can choose from a number of available versions of Java. Generally, I recommend installing the latest Long Term Support ("LTS") version of Java. You may want to install a more recent non-LTS version of Java if you require a feature that is only available in that version. Also, the application on which you are working may require a specific version of Java.
As of this writing, Java 18 is the most recent version of Java, but it is not LTS. The available LTS versions are Java 8, 11, and 17.
This article describes the current LTS versions of Java.
To download the installation files, navigate to https://www.oracle.com/java/technologies/downloads/. This page is shown in Fig. 1.
Fig. 1
In the center of the page are tabs for "Java 18" and "Java 17", as shown in Fig. 2.
Fig. 2
Currently, Java 18 is selected, so I will select "Java 17" because I want the LTS version. The "Java 17" tab is shown in Fig. 3.
Fig. 3
Lower on the page are tabs for different operating systems (Linux, macOS, and Windows), as shown in Fig. 4.
Fig. 4
Currently, Linux is selected; but I want to install this on Windows, so I will click the Windows tab. The Windows tab is shown in Fig. 5.
Fig. 5
NOTE: As of this writing, you navigate directly to the Java 17 Windows tab with the following URL: https://www.oracle.com/java/technologies/downloads/#jdk17-windows
The tab lists the available downloads relevant to Windows developers for Java 17.
Click jdk-17_windows-x64_bin.exe to begin downloading it.
When the exe file finishes downloading, click the file to launch the install wizard.
The Installation Wizard displays, as shown in Fig. 6.
Fig. 6
Click the [Next>] button to advance to the next page of the Wizard, as shown in Fig. 7.
Fig. 7
If desired, click the [Change…] button to change the folder in which Java is installed. Usually, there is no reason for doing this.
Click the [Next] button to begin installing Java.
When installation completes, a confirmation dialog displays, as shown in Fig. 8.
Fig. 8
Click the [Close] button to close the Installation Wizard.
After installing Java, it is a good idea to verify that it was installed correctly. The simplest way to do this is to open a command prompt, type "java -version", and press ENTER.
If Java is installed, information about the current Java version will display. If Java is not installed, you will see a message similar to the following:
'java' is not recognized as an internal or external command, operable program or batch file.
Note that you must open this command prompt after installing Java. If you opened the prompt before installation, it will not know that Java is installed.
In this article, I showed you how to install the latest LTS version of Java on your Windows machine.
By default, Azure App Services will not enforce any authorization for your Web Apps. You can implement authorization within your code, or you can configure an Identity Provider to perform authentication and authorization for you. In this article, I will walk you through the process of configuring Azure Active Directory as an identity provider. This will force anyone to log in with an Account in or registered in Azure Active Directory before accessing your website.
The first step after you create your web app is to register an Identity provider.
Navigate to the App Service, as shown in Fig. 1.
Fig. 1
Select "Authentication" from the left menu to open the Authentication blade, as shown in Fig. 2.
Fig. 2
A new app will contain no Identity Providers. Click the [Add identity provider] button (Fig. 3) to open the "Add an identity provider" dialog, as shown in Fig. 4.
Fig. 3
Fig. 4
Completing this dialog will create a new App Registration in Azure Active Directory. From the "Identity provider" dropdown, select "Microsoft". The rest of the dialog will display prompts related to this provider, as shown in Fig. 5.
Fig. 5
At the "App registration type" prompt, select the "Create new app registration" radio button.
At the "Name" prompt, enter a unique name for the app registration. This will default to the name of your web app.
At the "Supported account types" prompt, you can choose to restrict access to only accounts in the current Active Directory tenant, to accounts in this and other tenants, and/or to personal accounts registered with Active Directory.
At the "Restrict access" prompt, select the "Require authentication" radio button.
The "Unauthenticated requests" prompt allows you to select the HTTP response returned when a user fails to authenticate. Most of these are appropriate for APIs. For a website, select the "HTTP 302" radio button.
Click the [Add] button to create a new App Registration in Azure Active Directory and return to the "Authentication" blade, as shown in Fig. 6.
Fig. 6
You should now see your newly created Identity Provider listed.
After registering your application, the next step is to grant access to specific users or roles within your app. By default, each App Service contains a couple of dozen roles. Adding an account to a role permits them to perform certain activities, such as viewing or updating your site.
To assign an account to a role, click the [Access control (IAM)] button (Fig. 7) in the left menu to open the "Access control (IAM)" blade, as shown in Fig. 8.
Fig. 7
Fig. 8
On the "Access control (IAM)" blade, click the [Add role assignment] button (Fig. 9) to open the "Add role assignment" page, as shown in Fig. 10.
Fig. 9
Fig. 10
On the "Role" tab, select the "Reader" role; then, click the [Next] button to advance to the "Members" tab, as shown in Fig. 11.
Fig. 11
Click the "Select members" link (Fig. 12) to open the "Select members" dialog, as shown in Fig. 13.
Fig. 12
Fig. 13
Search for an Active Directory account, as shown in Fig. 14 and 15.
Fig. 14
Fig. 15
Click the [Select] button to add this account to the "Reader" role. You will return to the "Add role assignment" page, as shown in Fig. 16. The account will now be listed under "Members".
Fig. 16
Click the [Review + assign] button to advance to the "Review + assign" tab, as shown in Fig. 17.
Fig. 17
Click the [Review + assign] button to save your changes.
In this article, you learned to configure Azure Active Directory as an Identity Provider for an Azure Web App. The steps above will create a new App Registration, which you can view from the "App Registration" blade of Azure Active Directory, as shown in Fig. 18.
Fig. 18
You have the option to create and configure the App Registration yourself; but the steps describe here take care of much of the configuration for you.
You can use Visual Studio Code to create applications in a number of languages. Many of those applications can run in Microsoft Azure App Services. This article will show you how to deploy a web application from Visual Code to an Azure App Service.
## Install VS Code Azure App Service Extension
Before you begin deployment, you must install the Azure App Service Extension. Click the Extensions icon (Fig. 1) in the left sidebar and search for the Azure App Service extension from Microsoft, as shown in Fig. 2.
Fig. 1
Fig. 2
If this extension is not yet installed, a [Publish] button will display. Click this button to install it.
You can create a web app using ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP, or Python. Visual Studio Code has extensions to support each of these. The language and framework are not relevant to this article, as the steps are the same.
Before you deploy your code, you will need to Create a New Azure App Service to Host your Web App.
With your web application code open, click the Azure icon (Fig. 3) in the left sidebar and expand the Azure subscription to which you want to deploy and the "App Services" group within that subscription, as shown in Fig. 4.
Fig. 3
Fig. 4
You will need an Azure Web App to host your code. If you have not yet created a Web App, you can create one now by right-clicking the "App Services" node and selecting "Create New Web App.." from the context menu, as shown in Fig. 5.
Fig. 5
Enter a globally unique name for this Web App, as shown in Fig. 6, and press ENTER.
Fig. 6
Select the runtime stack from the list of supported stacks and press ENTER. In Fig. 7, I selected Node 16 LTS because I wrote my application in Node. The language in which you wrote your app will determine your selection.
Fig. 7
At the "Select a pricing tier" prompt, select the tier to which you want to deploy your Web App, as shown in Fig. 8. More powerful tiers will be more robust and reliable, but more expensive.
Fig. 8
After a few minutes, an Empty Web App is created. You can now deploy your application to this Web App by clicking the [Deploy] button on the confirmation dialog, as shown in Fig. 9.
You can now deploy your application to this Web App by clicking the [Deploy] button on the confirmation dialog, as shown in Fig. 9.
Fig. 9
The prompt in Fig. 10 displays.
Fig. 10
Select the folder containing your application's code from the list or click browse to find it on your computer.
After you select the code location, the warning in Fig. 11 displays.
Fig. 11
Click the [Deploy] button to begin deploying your code to the Azure App Service.
You will receive the confirmation message shown in Fig. 12 when the deployment succeeds.
Fig. 12
You can now browse your web site or manage the App Service in the Azure Portal.
In this article, I showed how to deploy a web application quickly and easily from Visual Studio Code.
Episode 716
Darryl Hogan on Accelerating Technologies for Nonprofits
Darryl Hogan discusses how technologists can help nonprofit organizations with their technical issues, such as building applications, databases, web sites, or infrastructure.
With "The Final Cut", Michael Dobbs concludes his "House of Cards" trilogy, and he does so in dramatic fashion.
This story begins with a flashback to a young Francis stationed in Cyprus in the British Army, assigned to fight the Cypriots in their battle for independence. Urquhart committed and covered up a war crime that no one has since discovered. Decades later, Urquhart faces a new challenge in Cyprus, which gives him the opportunity to rise above the public's criticism and save the day. He is decisive and forceful and determined to achieve victory at all costs; and he knows that he will be hailed a hero if he succeeds.
The series tells of the rise to power of British Prime Minister Francis Urquhart. TFC reveals what happens when Urquhart reaches the top and the world tires of him. Urquhart has been PM for 10 years and he is poised to eclipse Margaret Thatcher's tenure, but his popularity is declining. The public is clamoring for new blood and fresh ideas, while Francis is losing the support of many in his cabinet. Dobbs paints a picture of a ruthless man, terrified of losing his power. FU knows only politics and has no interests outside politics. He knows he will be lost if he loses the power he has built. "The Final Cut" is the story of a master Machiavellian, who rose to power by exploiting and destroying others and must use those same vile skills to stay on top. The PM always seems to come out on top at the expense of his rivals. Dobbs keeps us wondering if that will be the case this time.
This is a strong finish to an excellent trilogy.
The Microsoft Edge web browser allows you to create and manage multiple profiles on the same machine.
Using multiple profiles, you can open browser sessions on the same machine that are associated with different users or different accounts. This can be useful to keep separate your work and personal browser settings and your company settings separate from each customer's environment.
Each profile is associated with an email address. You can create a new email address at https://outlook.com
To create a new profile, open Microsoft Edge and click the profile icon (Fig. 1) in the top right corner of the browser to launch the menu shown in Fig. 2. My profile icon has a photo of me, but yours may have your initials. You configured a default profile the first time you launched Microsoft Edge after installing it on this machine.
Fig. 1
Fig. 2
Click the [Add profile] menu option to open the "Add a profile" blade, as shown in Fig. 3.
Fig. 3
The "Welcome to Microsoft Edge" screen displays, as shown in Fig. 4.
Fig. 4
Click the [Sign in to sync data] button to display, the "Let's get you signed in" dialog, as shown in Fig. 5.
Fig. 5
Enter your email address and click the [Sign In] button to display the "Enter password" dialog, as shown in Fig. 6.
Fig. 6
Enter the password associated with this email and click the [Sign In] button to display the "Help us protect your account" dialog, as shown in Fig. 7.
Fig. 7
Re-enter your email address and click the [Next] button to display the "Enter your security code" dialog, as shown in Fig. 8; then check your email for a message with a 6-digit code.
Fig. 8
Enter the 6-digit code from the email and click the [Next] button to display the confirmation dialog, as shown in Fig. 9.
Fig. 9
Click the [OK] button to close this dialog and display the "Windows Security" dialog, as shown in Fig. 10.
Fig. 10
Enter the PIN you use to unlock this Windows workstation. click the [OK] button to display the "Add details" dialog, as shown in Fig. 11.
Fig. 11
Enter your name, birth date, and country in the appropriate fields and click the [Next] button to display the "Please confirm your age" dialog, as shown in Fig. 12.
Fig. 12
Click the [Next] button if your birth date is displayed correctly and click the [Next] button to display a confirmation dialog, as shown in Fig. 13. If your birth date is not displayed correctly, click the [Back] button and correct it.
Fig. 13
Click the [Confirm and start browsing] button to begin using this new profile.
Now that you have create the profile, you can switch between profiles by clicking the profile icon at the top right of the Edge browser, as shown in Fig. 14.
Fig. 14
You can make changes to your profiles from the Edge Settings page. Open the Edge Settings page by clicking the Ellipsis in the top right corner of the browser and selecting "Settings" from the dropdown menu, as shown in Fig. 15.
Fig. 15
The "Settings" page displays, as shown in Fig. 16.
Fig. 16
If the "Profiles" tab is not selected, select it from the left sidebar. The current profile is highlighted, but you can view your other profiles in the "More profiles" section below. Click the [Switch] button next to one of these profiles to view the settings associated with it.
To modify profile settings, click the Ellipsis next to the profile and select "Edit" from the dropdown menu, as shown in Fig. 17.
Fig. 17
The "Edit profile" dialog displays, as shown in Fig. 18.
Fig. 18
Give this profile a more descriptive name, making it easy to identify from a list of your profiles.
By default, this profile displays only your initials. To upload your own picture, click the "Change picture" link, which displays the dialog shown in Fig. 19.
Fig. 19
Click the "Add a photo" link and select a photo from your local drive. The photo will display in the Drop Zone, as shown in Fig. 20.
Fig. 20
Use the controls to zoom in and out and position the photo as desired. Click the [Save] button to commit this photo.
The confirmation dialog shown in Fig. 21 displays.
Fig. 21
Click the [Close] button when finished.
If you decide you no longer need a profile, you can delete it from the Microsoft Edge Settings page. Sometimes, I create a profile for the purpose of using Single Sign On in with a customer's credentials and I no longer need this profile when my work with that customer concludes.
Open the Edge Settings page by clicking the Ellipsis in the top right corner of the browser and selecting "Settings" from the dropdown menu, as shown in Fig. 22.
Fig. 22
The "Settings" page displays, as shown in Fig. 23.
Fig. 23
If the "Profiles" tab is not selected, select it from the left sidebar. The current profile is highlighted, but you can view your other profiles in the "More profiles" section below. Click the [Switch] button next to one of these profiles to view the settings associated with it.
To delete a profile, click the Ellipsis next to the profile and select "Delete" from the dropdown menu, as shown in Fig. 24.
Fig. 24
In this article, you learned how to create a new profile in Microsoft Edge, manage that profile, and delete that profile.
GCast 129:
Using the Microsoft Docker Extension for Visual Studio Code
Learn how to use the Microsoft Docker extension for Visual Studio Code to make your Docker development more efficient.
Episode 715
Jeff Fritz is preparing for .NET Conf - a 3-day online conference scheduled in November, considiing with the release of .NET 7. He talks about the content of the conference, what goes into putting it on, and how you can get involved.
Howie Day has a beautiful voice, is an accomplished guitar player, and has written dozens of great songs. For many, that would be enough. But Day takes it a step further in his concerts.
Thursday night at City Winery, Day appeared on stage with only a guitar and a few switches at his feet. Frequently, he would record his voice or his guitar playing or the sound of him tapping on the exterior of his instrument; then, play back these recordings on a loop to create rich layers of music. At times, he would enhance the playback with a bit of reverb. We heard musical arrangements and harmony vocals as if he were not alone on stage.
Between songs, Howie chatted casually with the audience about his life and his music. He introduced the song "Disco" by telling us he recorded it in his parents' basement "which sounds sad, but I was seventeen at the time". He sang an alternate country music version of his song "Be There", entitled "Beer There", complete with a southern twang.
Highlights included "Be There", "Tree Tops", "Longest Night", and his biggest hit "Collide". Nearly every song was an original, but he mixed in U2's "One" and opened his encore set with Crowded House's "Don't Dream It's Over".
It was a show filled with more energy than one would expect from a singer/songwriter who specializes in ballads and love songs.
I have never seen anything quite like a Howie Day performance. I have seen many musicians backed by drum machines or pre-recorded instruments and I have even seen a few record a brief snippet before playing on loop as their own accompaniment; but I have never seen a musician layer so many levels of music simultaneously and create such a rich sound as I witnessed Thursday evening.
Episode 714
Michael Mishal on Reinforcement Learning
Michael Mishal describes how reinforcement learning can use rewards to solve complex artificial intelligence problems.
7/4
Today I am grateful for all the good things about the United States and for the freedom to express my opinions on the bad things about it
7/5
Today I am grateful to watch fireworks displays around the city from my balcony.
7/6
Today I am grateful for groceries delivered to my door.
7/8
Today I am grateful to sleep much of yesterday while recovering and still be able to sleep last night
7/9
Today I am grateful to the friend who gave me a bunch of really nice furniture yesterday.
7/10
Today I am grateful to those who care about my health
7/11
Today I am grateful for a call from my brother and sister-in-law in Australia yesterday.
7/12
Today I am grateful to finally test negative for COVID
7/13
Today I am grateful for:
- a kickoff to the Fiscal Year with others in my organization
- having Zoe stay with me for a couple weeks
7/14
Today I am grateful for:
-my first visit to Nebraska
-hanging out last night with the Nebraska.Code speakers
7/15
Today I am grateful to deliver a keynote presentation at the Nebraska.Code conference yesterday
7/16
Today I am grateful to Ken and the organizers and volunteers that made Nebrasa.Code a great success!
7/17
Today I am grateful to see the Nitty Gritty Dirt Band in concert last night
7/18
Today I am grateful to go bike riding this weekend for the first time since getting sick weeks ago.
7/19
Today I am grateful:
- for dinner last night with Chris and his family
- to see an entertaining David Gray concert last night
7/20
Today I am grateful:
- to attend the Microsoft Inspire event with partners at the Aon Center yesterday
- for drinks and jazz with Thad last night
7/21
Today I am grateful for an unexpected visit from my son this week
7/22
Today I am grateful for 75 years of marriage for my Uncle Bill and Aunt Jean.
7/23
Today I am grateful for my first visit to the South Loop Farmers Market at Grant Park
7/24
Today I am grateful to see the Psychedelic Furs in concert last night.
7/25
Today I am grateful to catch up on sleep yesterday and last night.
7/26
Today I am grateful to work with my trainer this morning for the first time since I became sick last month.
7/27
Today I am grateful for online training resources.
7/28
Today I am grateful for an ice cream social at the Aon Center yesterday.
7/29
7/30
Today I am grateful to experience Teatro Zinzanni last night in Chicago
7/31
Today I am grateful for my first visit to Second City in years.
8/1
Today I am grateful that my lingering COVID symptoms are nearly gone
8/2
Today I am grateful for a new (to me) kitchen table - the first one I have owned in over 8 years!
8/3
Today I am grateful to see the Jim Irsay collection and band at Navy Pier last night
8/4
Today I am grateful for dinner with a bunch of Microsoft folks in downtown Chicago last night.
8/5
Today I am grateful:
-to co-lead a Diversity & Inclusion workshop yesterday morning
-to attend the Windy City Smokeout with Josh yesterday afternoon
-to see Howie Day in concert last night
8/6
Today I am grateful for a return to Grand Rapids, MI for the first time in years.
8/7
Today I am grateful to speak at an excellent Beer City Code conference yesterday.
I have been to circuses and concerts and restaurants and theater, and dinner theater and improv shows and drag shows.
Thursday night at the Cambria Hotel in Chicago's Theater District, I experienced Teatro ZinZanni, which combined all of these into a single evening performance.
I had heard good things about this show but an announcement that it would close in two days was the motivation I needed to buy Friday evening tickets.
At center stage was a cross-dressed oversexed giantess, who shamelessly teased and flirted with the audience, driving the show forward. He/she was funny and crass and over the top.
But in between, we heard excellent singers backed by a top-rate band and jugglers and acrobats and trapeze artists. The trapeze artists were the most impressive to me.
In between these, cast members ran among the tables in elaborate costumes interacting with the audience.
In between these, we enjoyed a very good dinner.
I did not know what to expect, but the show entertained us greatly.
Teatro ZinZanni has left Chicago to begin a run on the west coast. But the theater will reopen with Cafe Zazou in September. I think I know what to expect from this show.
But who knows?
GCast 128:
Maintaining State with Docker Volumes
Docker containers are stateless by default, which means that, when one is destroyed, all data created after the container is lost. However, you can get around this limitation by attaching a volume to your container. This video shows you how to create and manage Docker volumes.
To access an Azure Key Vault secret from your code, you must register your key vault as an application.
The steps are:
First, you need to create a Key Vault in which to store your secrets. For instructions on how to create a Key Vault, see this article.
After creating a Key Vault, register the Key Vault with Azure Active Directory.
This article shows how to do this.
For our purposes, the most important pieces of information from the Application Registration are the Application ID, which is sometimes called the Client ID.
You can find this on the Azure Active Directory "App registrations" blade. Search for your App Registration by name, as shown in Fig. 1.
Fig. 1
Record the Display name, the Application (client) ID) and the Directory (tenant) ID. You will need these later.
Next, you will need to create a Client Secret within your Application Registration.
Within the App Registration, click the [Certificates & secrets] button (Fig. 2) to open the "Certificates & secrets" blade, as shown in Fig. 3
Fig. 2
Fig. 3
To create a Client Secret, select the "Client secrets" tab and click the [New client secret] button (Fig. 4) to open the "Add a client secret" dialogue, as shown in Fig. 5.
Fig. 4
Fig. 5
At the "Description" field, enter a description of the secret (e.g., for which application are we generating a secret).
At the "Expires" dropdown, select how soon this secret will expire, requiring you to generate a new one.
When you finish completing the dialogue, click the [Add] button (Fig. 6) to return to the Application Registration" page, as shown in Fig. 7.
Fig. 6
Fig. 7
Your newly created secret will display in the list on the "Client secrets" tab. Copy and save the "Value" column. After you navigate away from this page, you will no longer be able to view the Value.
An Access Policy tells Azure which users, applications, and services have access to Azure Key Vault and what actions they can take on the information stored in Key Vault. After you have registered the application, you will need to create an Access Policy in Azure Key Vault, providing the Application Registration access to the key vault.
To add an Azure Key Vault Access Policy, navigate to the Azure Portal, log in, and open the Azure Key Vault, as shown in Fig. 2.
Fig. 8
Click the [Access policies] button (Fig. 3) in the left menu to display the "Access Policies" blade, as shown in Fig. 4.
Fig. 9
Fig. 10
Click the [Add Access Policy] button (Fig. 5) to display the "Add access policy" dialogue, as shown in Fig. 6.
Fig. 11
Fig. 12
This dialogue provides a number of templates which preselect permissions to access and manage keys, secrets, and certificates in this Azure Key Vault. If you like, you can select one of these, as shown in Fig. 7.
Fig. 13
Alternatively, you can specify each permission explicitly for keys, secrets, and certificates in this key vault. Fig. 8 shows how to select all permissions for managing secrets, which I will do for this demo.
When you have selected all the desired permissions, click the [Add] button (Fig. 8) to return to the "Add access policy" dialogue.
Fig. 14
The next step is to give these permissions to the Application Registration. Click the link next to "Select principal" to open the "Principal" dialogue, as shown in Fig. 9.
Fig. 15
Search for the Application Registration by display name, select the Registration from the list, as shown in Fig. 10 and click the [Select] button to close the "Principal" dialogue and return to the "Add Access Policy" dialogue, as shown in Fig. 11.
Fig. 16
Fig. 17
Finally, click the [Save] button (Fig. 12) to close the "Principal" dialogue and return to the "Access Policies" blade, as shown in Fig. 13. You will lose your changes if you fail to click the [Save] button before navigating
Fig. 18
Fig. 19
The sample application below uses the DefaultAzureCredential class to authenticate the user. This class pulls information from the following environment variables:
The values for each of these fields were acquired in the steps above.
In a .NET Core application, the following NuGet packages assist you when working with Azure Key Vault.
Create a new Console Application in Visual Studio and install the Azure.Security.KeyVault.Secrets and Azure.Identity NuGet packages.
As stated above, we can use the DefaultAzureCredential class to represent the principal used to make calls to our Azure Key Vault and the information (AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID) are stored in environment variables.
We create a DefaultAzureCredential object with the following code:
var credentials = new DefaultAzureCredential();
Then, we use this object to create a SecretClient object, as in the code below.
secretClient = new SecretClient(new Uri(keyVaultUri), credentials);
The SecretClient object provides methods to access and manage our Key Vault secrets.
For instance, we can get information about all the secrets in our Key
The following code retrieves information on all secrets in the Key Vault and lists the name, value, and content type of each
Console.WriteLine("All Secrets:"); var allSecrets = secretClient.GetPropertiesOfSecrets(); foreach (var secret in allSecrets) { var secretValue = secretClient.GetSecret(secret.Name); Console.WriteLine($"{secret.Name} | {secretValue.Value.Value} | {secretValue.Value.Properties.ContentType}"); } Console.WriteLine();
Other SecretClient methods allow us to get, set, or delete a Secret, as shown in the following code snippets:
await secretClient.SetSecretAsync(setSecretName, setSecretValue); var secret = secretClient.GetSecret(setSecretName); var operation = secretClient.StartDeleteSecret(deleteSecretName);
By default, Azure Key Vault supports soft delete, meaning that a deleted object can be retrieved for a given period after deletion (90 days, by default).
To permanently delete a secret prior to this, we can issue a purge command after the soft delete has completed. We can determine when the soft delete has completed by querying the Boolean DeleteSecretOperation.HasCompleted property.
if (operation.HasCompleted)
{
secretClient.PurgeDeletedSecret(purgeSecretName);
}
Below is the full code of a .NET Core Console application
using Azure.Identity; using Azure.Security.KeyVault.Secrets; using System; using System.Threading; using System.Threading.Tasks; namespace testKeyVaultConsoleApp { internal class Program { const string KEYVALUTNAME = "dgtestkeyvault"; // Set this to the name of your key vault static string keyVaultUri = $"https://{KEYVALUTNAME}.vault.azure.net"; static SecretClient secretClient = null; static async Task Main(string[] args) { var credentials = new DefaultAzureCredential(); secretClient = new SecretClient(new Uri(KEYVAULTURI), credentials); ListAllSecrets(); Console.Write("Input the Secret name to set (ENTER to skip):"); var setSecretName = Console.ReadLine(); if (setSecretName != "") { Console.Write("Input the Secret value to set:"); var setSecretValue = Console.ReadLine(); Console.WriteLine("Setting secret..."); await secretClient.SetSecretAsync(setSecretName, setSecretValue); Console.WriteLine($"Secret {setSecretName} set to {setSecretValue}!"); // Set content type var secret = secretClient.GetSecret(setSecretName); secret.Value.Properties.ContentType = "Demo Type"; secretClient.UpdateSecretProperties(secret.Value.Properties); } Console.Write("Input a Secret Name to soft delete (ENTER to skip):"); var deleteSecretName = Console.ReadLine(); if (deleteSecretName != "") { var operation = secretClient.StartDeleteSecret(deleteSecretName); Console.Write($"Deleting secret {deleteSecretName}..."); while (!operation.HasCompleted) { Thread.Sleep(1000); Console.Write($"."); operation.UpdateStatus(); } Console.WriteLine(); Console.WriteLine($"Secret {deleteSecretName} deleted!"); } Console.Write("Input a Secret Name to permanently delete (ENTER to skip):"); var purgeSecretName = Console.ReadLine(); if (purgeSecretName != "") { var operation = secretClient.StartDeleteSecret(purgeSecretName); Console.Write($"Soft deleting secret {purgeSecretName}..."); while (!operation.HasCompleted) { Thread.Sleep(1000); Console.Write($"."); operation.UpdateStatus(); } Console.WriteLine(); Console.WriteLine($"Secret {purgeSecretName} deleted!"); secretClient.PurgeDeletedSecret(purgeSecretName); Console.WriteLine($"Secret {purgeSecretName} purged!"); } ListAllSecrets(); Console.WriteLine(); Console.WriteLine("Done!"); } private static void ListAllSecrets() { Console.WriteLine("All Secrets:"); var allSecrets = secretClient.GetPropertiesOfSecrets(); foreach (var secret in allSecrets) { var secretValue = secretClient.GetSecret(secret.Name); Console.WriteLine($"{secret.Name} | {secretValue.Value.Value} | {secretValue.Value.Properties.ContentType}"); } Console.WriteLine(); } } }
You can find the code here.
NOTE: Visual Studio reads Environment Variables on launch, so it may be necessary to restart Visual Studio after you set the environment variables.
In this article, you learned how to create a Key Vault and manage its secrets from a .NET Console application.
Episode 713
James McKee on Application Security vs Developer Security
Security Advocate James McKee describes how we can increase cybersecurity by building security into the application development process.
Some things stay the same and sometimes that is a very good thing. Brothers Richard and Tim Butler formed The Psychedelic Furs in the late 1970s and they form the core of the band today. Saxophonist Mars Williams joined in 1983 and remains with the band.
Saturday night, they were joined by Amanda Kramer (keyboards), Rich Good (guitar), and Zack Alford (drums) to the delight of thousands of fans at the Aragon Ballroom in Chicago's Uptown neighborhood.
The evening began with a set by LA-based band X, a group I remember from my college days in the early 1980s. Back then, they were primarily a punk band, but they showed greater range on this night than I remember from their LPs in my dorm room. In addition to their earlier hardcore music, we heard a mix of rockabilly and alternative rock. X maintained even more consistency over the decades than the Furs. Their founding members - D. J. Bonebrake, Exene Cervenka, John Doe, and Billy Zoom still perform together and still know how to rock hard.
Listening to X primed the audience for The Psychedelic Furs, who opened by launching into the frantic "Mr. Jones", which got the crowd bouncing. Of course, the biggest cheers came when they played their biggest hits, such as "Pretty in Pink", "Love My Way", "Heaven", and "Heartbreak Beat". These songs were recorded and released in the 1980s, but they sound fresh today. Vocalist Richard Butler's voice remains unchanged over the decades and the rest of the band retains a high energy when playing these songs for the thousandth time. Thanks in large part to Richard’s vocals, the live performance retains the technical quality of their recording sessions.
The Psychedelic Furs were part of a strong group of British synthpop bands that emerged after the punk movement of the 1970s. They have had more staying power than most of their peers, thanks to strong melodies and arrangements and a commitment to touring for the past decades.
We nearly saw a second show when an unstable patron tripped and fell, knocking heads with a woman in the front row of the balcony, nearly sending both of them over the railing. Thankfully, no one was seriously injured.
And no one went home disappointed from this excellent, high-energy show.
Registering an application in Azure Active Directory (AAD) allows the Microsoft Identity Platform to manage access to that application. Registration establishes trust between the application and the client.
To register an application, navigate to the Azure Portal, log in, and select the [Azure Active Directory] button (Fig. 1) in the left menu (or search for Azure Active Directory in the search box at the top of the portal.
Fig. 1
The Azure Active Directory "Overview" blade displays, as shown in Fig. 2.
Fig. 2
Click the [App registrations] button (Fig. 3) in the left menu to display the "App registrations" blade, as shown in Fig. 4.
Fig. 3
Fig. 4
Click the [New registration] button (Fig. 5) to display the "Register an application" dialogue, as shown in Fig. 6.
Fig. 5
Fig. 6
At the "Name" field, enter a name for this registration. If I am registering one application, I like to include the name of that application, followed by "AppReg". Whatever you choose, it should be easily identifiable, so you can pick it out of a list of app registrations.
At the "Supported account types" prompt, select the appropriate radio button depending on where the login accounts of the client reside. You can accept logins from only the current Azure Active Directory, from this and other Active Directories, from Active Directories plus non-AAD Microsoft accounts, and only from non-AAD Microsoft accounts.
The "Redirect URI" section is optional. It is most useful in web applications to indicate to which page the system redirects a user after a successful authentication. If you are unsure, you can leave this empty and configure it later.
The "Service Tree ID" field is only relevant if you are using the Microsoft Service Tree service, which allows you to relate multiple apps and services, making them more easily searchable by your users.
If you have a Service Tree account, enter the ID in this field.
After completing the dialogue, click the [Register] button to register the application. It typically takes less than a minute to register an application.
After the registration is complete, the app registration page displays, as shown in Fig. 7.
Fig. 7
The next steps depend on the type of application you are registering. I will cover some scenarios in future articles; but you can get a head start by clicking the appropriate link under "Build your application with the Microsoft identity platform".
Azure Key Vault is an ideal place to securely store, manage, and retrieve secrets used by your application or service.
A secret is a name/value pair in which the value is any string or serialized object of length up to 25k bytes. We retrieve a secret's value by its name. Secret values are encrypted by default.
In this article, I will show how to add a secret to a Key Vault.
Navigate to the Azure Portal, sign in, and open the Azure Key Vault. If you do not have a Key Vault, see this article, for instructions on how to create one.
https://portal.azure.com
/creating-an-azure-key-vault
The Key Vault "Overview" blade displays, as shown in Fig. 1
Fig. 1
Click the [Secrets] button (Fig. 2) in the left menu to display the "Secrets" blade, as shown in Fig. 3
Fig. 2
Fig. 3
On the "Secrets" blade, click the [Generate/Import] button (Fig. 4) to display the "Create a secret" dialog, as shown in Fig. 5.
Fig. 4
Fig. 5
At the "Uploads" dropdown, select "Manual".
At the "Name" field, enter a name for your secret.
At the "Value" field, enter the value of your secret. This can be any string. It will not display as you type.
Optionally, you can select a range in which the secret is valid. To do so, select either or both of the checkboxes ("Set activation date" and "End activation date"). Fields will display, allowing you to enter the date, time, and time zone for the earliest and/or latest time that the secret can be accessed.
If you do not want to make the secret available yet, but have not yet decided on which date it will be available, you can toggle the "Enabled" switch to "No" and change it to "Yes" when you decide the secret should be available.
If you wish, you can add one or more tags to the secret. Tags are name/value pairs that provide metadata for an Azure resource. They don’t affect the resource, but they can be useful when grouping them together on reports – for determining which resources belong to which departments, for example.
After completing this dialog, click the [Create] button (Fig. 6) to add the Secret to the Key Vault. The "Secrets" blade will display again with the newly-added secret listed, as shown in Fig. 7.
Fig. 6
Fig. 7
You can now use this secret in code or in a variety of Azure services.
Azure Key Vault is a service that provides a secure way to store and manage secrets, encryption keys, and certificates.
You can access it through the portal, via PowerShell or Azure CLI, and using a variety of SDKs.
Before using this service, you must first create an Azure Key Vault in your subscription. This article describes how to do this.
Navigate to the Azure Portal and sign in.
Click the [Create a resource] button (Fig. 1); then, search for and select "Key Vault", as shown in Fig. 2.
Fig. 1
Fig. 2
A description of the Azure Key Vault displays, as shown in Fig. 3.
Fig. 3
Click the [Create] button to begin the creation process. The "Create a Key Vault" blade displays with the "Basics" tab selected, as shown in Fig. 4
Fig. 4
At the "Subscription" dropdown, select the subscription in which you want to store this Key Vault. Most users will have only one subscription.
At the "Resource group" field either select an existing resource group or create a new one for this Key Vault.
At the "Key vault name" field, enter a unique name for this Key Vault.
At the Region, select an Azure region into which to deploy this Key Vault. It should be physically close to the services and applications that will access it.
At the "Pricing Tier" prompt, select either "Standard" or "Premium". The main difference is that the Premium tier supports keys protected by a Hardware Security Model (HSM).
When a Key Vault is deleted, Azure retains it for a period before permanently "purging" it in case you wish to restore the Key Vault. This is known as a "soft delete". In the "Recover options" section, you can set the number of days between the deletion and the permanent purge. You can also use the radio buttons to allow or disallow authorized users to manually purge a key vault before the retention period ends.
To create a Key Vault, it is only necessary to complete the information on the "Basics" tab. So, you can click the [Review + Create] button to advance to the "Review + Create" tab. However, you may wish to further customize the key vault, so I will review the other tabs. You can switch between tabs by either clicking the [Next] and [Previous] buttons at the bottom or by selecting the name of the tab at the top.
Fig. 5 shows the "Access Policy" tab.
Fig. 5
Here you can give ARM templates and VM deployments, as well Disk Encryption access to the information in this Key Vault. You can also give specific permissions to specific users.
Fig. 6 shows the "Networking" tab.
Fig. 6
On this tab, you can restrict access to a given set of private networks.
Fig. 7 shows the "Tags" tab.
Fig. 7
Tags are name/value pairs that provide metadata for an Azure resource. They don’t affect the resource, but they can be useful when grouping them together on reports – for determining which resources belong to which departments, for example.
Fig. 8 shows the "Review + Create" tab.
Fig. 8
Correct any errors reported. When all settings are validated, click the [Review + Create] button (Fig. 9) to begin creating the Key Vault.
Fig. 9
It takes a few seconds to create and deploy a Key Vault. Upon completion, the confirmation message shown in Fig. 10 displays.
Fig. 10
Click the [Go to resource] button (Fig. 11) to display the Key Vault's "Overview" blade, as shown inf Fig. 12.
Fig. 11
Fig. 12
You are now ready to store secrets, keys, and certificates in your Key Vault, which I will cover in a future article.
Episode 712
Drew Brown on The New Technology Employment Contract
Drew Brown is the CIO of Union Bank & Trust. He discusses the way the workplace has changed in the last few years and what this means for the future.
With "Paddington Marches On", I am now halfway through the twelve collections of short stories that Michael Bond published about the talking bear Paddington Brown.
Paddington continues to get in trouble, despite his best intentions. And, in each case, things work themselves out for the best. Mr. Bond has found a formula and it works. We keep reading because we like Paddington and we care about him and we want him to succeed, even though we know he always will.
As a bonus, I learned a bit about the sport of cricket!
And there is a nice surprise for Paddington and for the reader at the end of the last story!