9/5

Today I am grateful for my first visit to Vail, CO.

9/6

Today I am grateful to attend a baseball game at Coors Field for the first time.

9/7

Today I am grateful for

- a visit to the Denver Museum of Art yesterday

- a long weekend in Colorado with friends

9/8

Today I am grateful for 5 days in Colorado

9/9

Today I am grateful for an invitation to use the DALL-E AI tool.

9/10

Today I am grateful for front row tickets to an outstanding Al Dimeola concert last night

9/11

Today I am grateful to hear and meet former United States Poet Laureate Natasha Trethewey yesterday.

9/12

Today I am grateful for the return of NFL football

9/13

Today I am grateful to my trainer, who always spends a few extra minutes with me than she is required each session.

9/14

Today I am grateful for a frictionless return of a defective product.

9/15

Today I am grateful GrubHub finally reversed a charge that someone else made to my account.

9/16

Today I am grateful to sit an outdoor café last night, sipping a pilsner and reading poetry.

9/17

Today I am grateful to witness enthusiastic celebrations of Mexican Independence Day around the city this week

9/18

Today I am grateful for my 300th book review on GoodReads.com

9/19

Today I am grateful for an afternoon listening to live music on the patio at Fitzgerald's

9/20

Today I am grateful to see Roxy Music in concert last night

9/21

Today I am grateful for a new pair of eyeglasses.

9/22

Today I am grateful to see Michelle Branch in concert last night.

9/23

Today I am grateful for lunch with Jeffrey yesterday

9/24

Today I am grateful I was able to complete a bunch of half-written blog posts yesterday.

9/25

Today I am grateful to hang out in downtown Minneapolis last night with Tim

9/26

Today I am grateful to see an exciting Vikings-Lions game on my first visit to U.S. Bank Stadium with my sons.

9/27

Today I am grateful for dirty vodka martinis with extra garlic-stuffed olives

9/28

Today I am grateful to discover a path along the Chicago River North Branch that I had never traveled before last night.

9/29

Today I am grateful for a beautiful sky last night

9/30

Today I am grateful for:

- Live music at the Montrose Saloon last night

- A community get-together at the Aon Center yesterday afternoon

10/1

Today I am grateful for lunch yesterday with Dan and Stephen

10/2

Today I am grateful to see Noel Coward's "Hay Fever" last night.

Episode 721

Brian Gorman on Messaging, Queueing, and Eventing in Azure

Brian Gorman describes the value of using queueing to build asynchronous applications and the native Messaging, Queueing, and Eventing services in Azure. He discusses the value of each service and when it is appropriate to use each one.

https://github.com/blgorman/ServerlessMessagingDemystified

GCast 131:

Managing Secrets in an Azure Key Vault

Learn how to store and manage secrets in an Azure Key Vault using the Azure Portal.

Episode 718

Michael Richardson on Yarn Berry

Michael Richardson describes how to use the Yarn Berry package manager to add functionality to your JavaScript applications.

GCast 130:

Creating an Azure Key Vault

Azure Key Vault allows you to securely store certificates, encryptions keys, and other secrets. In this video, you will learn how to create an Azure Key Vault.

Episode 717

Michael Scherotter on Galleryst

Using tools from Adobe and Microsoft, as well as open source libraries, Michael Scherotter has created a portal to display photography and artwork within a virtual gallery. He describes how he created galeryst.com and how to use it.

"Cruel Intentions: The 90s Musical" is a play based on a movie I never saw, which is based on a book I never read. I did not know what to expect.

In preparation to see the live show at the Chopin Theatre Saturday evening, I watched the 1999 movie on Friday. I was underwhelmed by the campy dialogue and mediocre acting, despite the presence of stars Reese Witherspoon and Sarah Michelle Gellar and semi-star Ryan Phillipe.

But the things that brought down the movie worked in the live production. The musical version took itself far less seriously than the film, making the campy dialogue seem more appropriate, often gaining an audience laugh where the same line inspired an eye roll while watching the movie.

"Cruel Intentions" is the story of Sebastian Valmont and Kathryn Merteuil – entitled step-siblings enrolled at an exclusive prep school in Manhattan. They are so privileged and amoral that they place a bet on whether Sebastian can deflower the virginal daughter of the school's new headmaster.

Manipulation, false promises, and general sociopathy ensue; but all this is interrupted periodically by cast members bursting into hit songs from the 1990s. In the stage version, the plot takes a back seat to the music. Feeling confused or angsty? Sing REM's "Losing My Religion"; Feeling sexy? Belt out Marcy Playground's "Sex and Candy"; a little self-hate can be expressed with a raucous rendition of Garbage's "I'm Only Happy When It Rains"; Use the Back Street Boys' "I Want it That Way" to flirt. The lyrics do not always fit the situation exactly, but the mood does. And somehow it works.

It works because the cast has fun with it. And so did I.

Overview

Java is a popular language for developing applications on a variety of platforms. In order to create applications, you must first install Java on your machine or virtual machine. This article will walk you through the steps to install Java on Windows 10 or 11.

Is Java Already Installed?

You can test whether Java is currently by opening a command prompt, typing "java -version", and pressing ENTER.

If Java is installed, information about the current Java version will display. If Java is not installed, you will see a message similar to the following:

'java' is not recognized as an internal or external command, operable program or batch file.

A Note About Versions

You can choose from a number of available versions of Java. Generally, I recommend installing the latest Long Term Support ("LTS") version of Java. You may want to install a more recent non-LTS version of Java if you require a feature that is only available in that version. Also, the application on which you are working may require a specific version of Java.

As of this writing, Java 18 is the most recent version of Java, but it is not LTS. The available LTS versions are Java 8, 11, and 17.

This article describes the current LTS versions of Java.

Download the installation Executable

To download the installation files, navigate to https://www.oracle.com/java/technologies/downloads/. This page is shown in Fig. 1.

Fig. 1

In the center of the page are tabs for "Java 18" and "Java 17", as shown in Fig. 2.

Fig. 2

Currently, Java 18 is selected, so I will select "Java 17" because I want the LTS version. The "Java 17" tab is shown in Fig. 3.

Fig. 3

Lower on the page are tabs for different operating systems (Linux, macOS, and Windows), as shown in Fig. 4.

Fig. 4

Currently, Linux is selected; but I want to install this on Windows, so I will click the Windows tab. The Windows tab is shown in Fig. 5.

Fig. 5

NOTE: As of this writing, you navigate directly to the Java 17 Windows tab with the following URL: https://www.oracle.com/java/technologies/downloads/#jdk17-windows

The tab lists the available downloads relevant to Windows developers for Java 17.

Click jdk-17_windows-x64_bin.exe to begin downloading it.

Install It!

When the exe file finishes downloading, click the file to launch the install wizard.

The Installation Wizard displays, as shown in Fig. 6.

Fig. 6

Click the [Next>] button to advance to the next page of the Wizard, as shown in Fig. 7.

Fig. 7

If desired, click the [Change…] button to change the folder in which Java is installed. Usually, there is no reason for doing this.

Click the [Next] button to begin installing Java.

When installation completes, a confirmation dialog displays, as shown in Fig. 8.

Fig. 8

Click the [Close] button to close the Installation Wizard.

Verify Installation

After installing Java, it is a good idea to verify that it was installed correctly. The simplest way to do this is to open a command prompt, type "java -version", and press ENTER.

If Java is installed, information about the current Java version will display. If Java is not installed, you will see a message similar to the following:

'java' is not recognized as an internal or external command, operable program or batch file.

Note that you must open this command prompt after installing Java. If you opened the prompt before installation, it will not know that Java is installed.

Conclusion

In this article, I showed you how to install the latest LTS version of Java on your Windows machine.

Overview

By default, Azure App Services will not enforce any authorization for your Web Apps. You can implement authorization within your code, or you can configure an Identity Provider to perform authentication and authorization for you. In this article, I will walk you through the process of configuring Azure Active Directory as an identity provider. This will force anyone to log in with an Account in or registered in Azure Active Directory before accessing your website.

Register Identity Provider

The first step after you create your web app is to register an Identity provider.

Navigate to the App Service, as shown in Fig. 1.

Fig. 1

Select "Authentication" from the left menu to open the Authentication blade, as shown in Fig. 2.

Fig. 2

A new app will contain no Identity Providers. Click the [Add identity provider] button (Fig. 3) to open the "Add an identity provider" dialog, as shown in Fig. 4.

Fig. 3

Fig. 4

Completing this dialog will create a new App Registration in Azure Active Directory. From the "Identity provider" dropdown, select "Microsoft". The rest of the dialog will display prompts related to this provider, as shown in Fig. 5.

Fig. 5

At the "App registration type" prompt, select the "Create new app registration" radio button.

At the "Name" prompt, enter a unique name for the app registration. This will default to the name of your web app.

At the "Supported account types" prompt, you can choose to restrict access to only accounts in the current Active Directory tenant, to accounts in this and other tenants, and/or to personal accounts registered with Active Directory.

At the "Restrict access" prompt, select the "Require authentication" radio button.

The "Unauthenticated requests" prompt allows you to select the HTTP response returned when a user fails to authenticate. Most of these are appropriate for APIs. For a website, select the "HTTP 302" radio button.

Click the [Add] button to create a new App Registration in Azure Active Directory and return to the "Authentication" blade, as shown in Fig. 6.

Fig. 6

You should now see your newly created Identity Provider listed.

Grant access to roles

After registering your application, the next step is to grant access to specific users or roles within your app. By default, each App Service contains a couple of dozen roles. Adding an account to a role permits them to perform certain activities, such as viewing or updating your site.

To assign an account to a role, click the [Access control (IAM)] button (Fig. 7) in the left menu to open the "Access control (IAM)" blade, as shown in Fig. 8.

Fig. 7

Fig. 8

On the "Access control (IAM)" blade, click the [Add role assignment] button (Fig. 9) to open the "Add role assignment" page, as shown in Fig. 10.

Fig. 9

Fig. 10

On the "Role" tab, select the "Reader" role; then, click the [Next] button to advance to the "Members" tab, as shown in Fig. 11.

Fig. 11

Click the "Select members" link (Fig. 12) to open the "Select members" dialog, as shown in Fig. 13.

Fig. 12

Fig. 13

Search for an Active Directory account, as shown in Fig. 14 and 15.

Fig. 14

Fig. 15

Click the [Select] button to add this account to the "Reader" role. You will return to the "Add role assignment" page, as shown in Fig. 16. The account will now be listed under "Members".

Fig. 16

Click the [Review + assign] button to advance to the "Review + assign" tab, as shown in Fig. 17.

Fig. 17

Click the [Review + assign] button to save your changes.

Conclusion

In this article, you learned to configure Azure Active Directory as an Identity Provider for an Azure Web App. The steps above will create a new App Registration, which you can view from the "App Registration" blade of Azure Active Directory, as shown in Fig. 18.

Fig. 18

You have the option to create and configure the App Registration yourself; but the steps describe here take care of much of the configuration for you.

Overview

You can use Visual Studio Code to create applications in a number of languages. Many of those applications can run in Microsoft Azure App Services. This article will show you how to deploy a web application from Visual Code to an Azure App Service.

## Install VS Code Azure App Service Extension

Before you begin deployment, you must install the Azure App Service Extension. Click the Extensions icon (Fig. 1) in the left sidebar and search for the Azure App Service extension from Microsoft, as shown in Fig. 2.

Fig. 1

Fig. 2

If this extension is not yet installed, a [Publish] button will display. Click this button to install it.

Create a Web App

You can create a web app using ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP, or Python. Visual Studio Code has extensions to support each of these. The language and framework are not relevant to this article, as the steps are the same.

Create a New Azure App Service

Before you deploy your code, you will need to Create a New Azure App Service to Host your Web App.

With your web application code open, click the Azure icon (Fig. 3) in the left sidebar and expand the Azure subscription to which you want to deploy and the "App Services" group within that subscription, as shown in Fig. 4.

Fig. 3

Fig. 4

You will need an Azure Web App to host your code. If you have not yet created a Web App, you can create one now by right-clicking the "App Services" node and selecting "Create New Web App.." from the context menu, as shown in Fig. 5.

Fig. 5

Enter a globally unique name for this Web App, as shown in Fig. 6, and press ENTER.

Fig. 6

Select the runtime stack from the list of supported stacks and press ENTER. In Fig. 7, I selected Node 16 LTS because I wrote my application in Node. The language in which you wrote your app will determine your selection.

Fig. 7

At the "Select a pricing tier" prompt, select the tier to which you want to deploy your Web App, as shown in Fig. 8. More powerful tiers will be more robust and reliable, but more expensive.

Fig. 8

After a few minutes, an Empty Web App is created. You can now deploy your application to this Web App by clicking the [Deploy] button on the confirmation dialog, as shown in Fig. 9.

Deploy App to Azure App Service

You can now deploy your application to this Web App by clicking the [Deploy] button on the confirmation dialog, as shown in Fig. 9.

Fig. 9

The prompt in Fig. 10 displays.

Fig. 10

Select the folder containing your application's code from the list or click browse to find it on your computer.

After you select the code location, the warning in Fig. 11 displays.

Fig. 11

Click the [Deploy] button to begin deploying your code to the Azure App Service.

You will receive the confirmation message shown in Fig. 12 when the deployment succeeds.

Fig. 12

You can now browse your web site or manage the App Service in the Azure Portal.

Conclusion

In this article, I showed how to deploy a web application quickly and easily from Visual Studio Code.

Episode 716

Darryl Hogan on Accelerating Technologies for Nonprofits

Darryl Hogan discusses how technologists can help nonprofit organizations with their technical issues, such as building applications, databases, web sites, or infrastructure.

With "The Final Cut", Michael Dobbs concludes his "House of Cards" trilogy, and he does so in dramatic fashion.

This story begins with a flashback to a young Francis stationed in Cyprus in the British Army, assigned to fight the Cypriots in their battle for independence. Urquhart committed and covered up a war crime that no one has since discovered. Decades later, Urquhart faces a new challenge in Cyprus, which gives him the opportunity to rise above the public's criticism and save the day. He is decisive and forceful and determined to achieve victory at all costs; and he knows that he will be hailed a hero if he succeeds.

The series tells of the rise to power of British Prime Minister Francis Urquhart. TFC reveals what happens when Urquhart reaches the top and the world tires of him. Urquhart has been PM for 10 years and he is poised to eclipse Margaret Thatcher's tenure, but his popularity is declining. The public is clamoring for new blood and fresh ideas, while Francis is losing the support of many in his cabinet. Dobbs paints a picture of a ruthless man, terrified of losing his power. FU knows only politics and has no interests outside politics. He knows he will be lost if he loses the power he has built. "The Final Cut" is the story of a master Machiavellian, who rose to power by exploiting and destroying others and must use those same vile skills to stay on top. The PM always seems to come out on top at the expense of his rivals. Dobbs keeps us wondering if that will be the case this time.

This is a strong finish to an excellent trilogy.

Overview

The Microsoft Edge web browser allows you to create and manage multiple profiles on the same machine.

Using multiple profiles, you can open browser sessions on the same machine that are associated with different users or different accounts. This can be useful to keep separate your work and personal browser settings and your company settings separate from each customer's environment.

Each profile is associated with an email address. You can create a new email address at https://outlook.com

Creating a New Profile

To create a new profile, open Microsoft Edge and click the profile icon (Fig. 1) in the top right corner of the browser to launch the menu shown in Fig. 2. My profile icon has a photo of me, but yours may have your initials. You configured a default profile the first time you launched Microsoft Edge after installing it on this machine.

Fig. 1

Fig. 2

Click the [Add profile] menu option to open the "Add a profile" blade, as shown in Fig. 3.

Fig. 3

The "Welcome to Microsoft Edge" screen displays, as shown in Fig. 4.

Fig. 4

Click the [Sign in to sync data] button to display, the "Let's get you signed in" dialog, as shown in Fig. 5.

Fig. 5

Enter your email address and click the [Sign In] button to display the "Enter password" dialog, as shown in Fig. 6.

Fig. 6

Enter the password associated with this email and click the [Sign In] button to display the "Help us protect your account" dialog, as shown in Fig. 7.

Fig. 7

Re-enter your email address and click the [Next] button to display the "Enter your security code" dialog, as shown in Fig. 8; then check your email for a message with a 6-digit code.

Fig. 8

Enter the 6-digit code from the email and click the [Next] button to display the confirmation dialog, as shown in Fig. 9.

Fig. 9

Click the [OK] button to close this dialog and display the "Windows Security" dialog, as shown in Fig. 10.

Fig. 10

Enter the PIN you use to unlock this Windows workstation. click the [OK] button to display the "Add details" dialog, as shown in Fig. 11.

Fig. 11

Enter your name, birth date, and country in the appropriate fields and click the [Next] button to display the "Please confirm your age" dialog, as shown in Fig. 12.

Fig. 12

Click the [Next] button if your birth date is displayed correctly and click the [Next] button to display a confirmation dialog, as shown in Fig. 13. If your birth date is not displayed correctly, click the [Back] button and correct it.

Fig. 13

Click the [Confirm and start browsing] button to begin using this new profile.

Now that you have create the profile, you can switch between profiles by clicking the profile icon at the top right of the Edge browser, as shown in Fig. 14.

Fig. 14

Managing a Profile

You can make changes to your profiles from the Edge Settings page. Open the Edge Settings page by clicking the Ellipsis in the top right corner of the browser and selecting "Settings" from the dropdown menu, as shown in Fig. 15.

Fig. 15

The "Settings" page displays, as shown in Fig. 16.

Fig. 16

If the "Profiles" tab is not selected, select it from the left sidebar. The current profile is highlighted, but you can view your other profiles in the "More profiles" section below. Click the [Switch] button next to one of these profiles to view the settings associated with it.

To modify profile settings, click the Ellipsis next to the profile and select "Edit" from the dropdown menu, as shown in Fig. 17.

Fig. 17

The "Edit profile" dialog displays, as shown in Fig. 18.

Fig. 18

Give this profile a more descriptive name, making it easy to identify from a list of your profiles.

By default, this profile displays only your initials. To upload your own picture, click the "Change picture" link, which displays the dialog shown in Fig. 19.

Fig. 19

Click the "Add a photo" link and select a photo from your local drive. The photo will display in the Drop Zone, as shown in Fig. 20.

Fig. 20

Use the controls to zoom in and out and position the photo as desired. Click the [Save] button to commit this photo.

The confirmation dialog shown in Fig. 21 displays.

Fig. 21

Click the [Close] button when finished.

Deleting a Profile

If you decide you no longer need a profile, you can delete it from the Microsoft Edge Settings page. Sometimes, I create a profile for the purpose of using Single Sign On in with a customer's credentials and I no longer need this profile when my work with that customer concludes.

Open the Edge Settings page by clicking the Ellipsis in the top right corner of the browser and selecting "Settings" from the dropdown menu, as shown in Fig. 22.

Fig. 22

The "Settings" page displays, as shown in Fig. 23.

Fig. 23

If the "Profiles" tab is not selected, select it from the left sidebar. The current profile is highlighted, but you can view your other profiles in the "More profiles" section below. Click the [Switch] button next to one of these profiles to view the settings associated with it.

To delete a profile, click the Ellipsis next to the profile and select "Delete" from the dropdown menu, as shown in Fig. 24.

Fig. 24

Conclusion

In this article, you learned how to create a new profile in Microsoft Edge, manage that profile, and delete that profile.

GCast 129:

Using the Microsoft Docker Extension for Visual Studio Code

Learn how to use the Microsoft Docker extension for Visual Studio Code to make your Docker development more efficient.

Episode 715

Jeff Fritz on .NET Conf

Jeff Fritz is preparing for .NET Conf - a 3-day online conference scheduled in November, considiing with the release of .NET 7. He talks about the content of the conference, what goes into putting it on, and how you can get involved.

Howie Day has a beautiful voice, is an accomplished guitar player, and has written dozens of great songs. For many, that would be enough. But Day takes it a step further in his concerts.

Thursday night at City Winery, Day appeared on stage with only a guitar and a few switches at his feet. Frequently, he would record his voice or his guitar playing or the sound of him tapping on the exterior of his instrument; then, play back these recordings on a loop to create rich layers of music. At times, he would enhance the playback with a bit of reverb. We heard musical arrangements and harmony vocals as if he were not alone on stage.

Between songs, Howie chatted casually with the audience about his life and his music. He introduced the song "Disco" by telling us he recorded it in his parents' basement "which sounds sad, but I was seventeen at the time". He sang an alternate country music version of his song "Be There", entitled "Beer There", complete with a southern twang.

Highlights included "Be There", "Tree Tops", "Longest Night", and his biggest hit "Collide". Nearly every song was an original, but he mixed in U2's "One" and opened his encore set with Crowded House's "Don't Dream It's Over".

It was a show filled with more energy than one would expect from a singer/songwriter who specializes in ballads and love songs.

I have never seen anything quite like a Howie Day performance. I have seen many musicians backed by drum machines or pre-recorded instruments and I have even seen a few record a brief snippet before playing on loop as their own accompaniment; but I have never seen a musician layer so many levels of music simultaneously and create such a rich sound as I witnessed Thursday evening.

More photos

Episode 714

Michael Mishal on Reinforcement Learning

Michael Mishal describes how reinforcement learning can use rewards to solve complex artificial intelligence problems.

7/4
Today I am grateful for all the good things about the United States and for the freedom to express my opinions on the bad things about it

7/5
Today I am grateful to watch fireworks displays around the city from my balcony.

7/6
Today I am grateful for groceries delivered to my door.

7/8
Today I am grateful to sleep much of yesterday while recovering and still be able to sleep last night

7/9
Today I am grateful to the friend who gave me a bunch of really nice furniture yesterday.

7/10
Today I am grateful to those who care about my health

7/11
Today I am grateful for a call from my brother and sister-in-law in Australia yesterday.

7/12
Today I am grateful to finally test negative for COVID

7/13
Today I am grateful for:
- a kickoff to the Fiscal Year with others in my organization
- having Zoe stay with me for a couple weeks

7/14
Today I am grateful for:
-my first visit to Nebraska
-hanging out last night with the Nebraska.Code speakers

7/15
Today I am grateful to deliver a keynote presentation at the Nebraska.Code conference yesterday

7/16
Today I am grateful to Ken and the organizers and volunteers that made Nebrasa.Code a great success!

7/17
Today I am grateful to see the Nitty Gritty Dirt Band in concert last night

7/18
Today I am grateful to go bike riding this weekend for the first time since getting sick weeks ago.

7/19
Today I am grateful:
- for dinner last night with Chris and his family
- to see an entertaining David Gray concert last night

7/20
Today I am grateful:
- to attend the Microsoft Inspire event with partners at the Aon Center yesterday
- for drinks and jazz with Thad last night

7/21
Today I am grateful for an unexpected visit from my son this week

7/22
Today I am grateful for 75 years of marriage for my Uncle Bill and Aunt Jean.

7/23
Today I am grateful for my first visit to the South Loop Farmers Market at Grant Park

7/24
Today I am grateful to see the Psychedelic Furs in concert last night.

7/25
Today I am grateful to catch up on sleep yesterday and last night.

7/26
Today I am grateful to work with my trainer this morning for the first time since I became sick last month.

7/27
Today I am grateful for online training resources.

7/28
Today I am grateful for an ice cream social  at the Aon Center yesterday.

7/29

7/30
Today I am grateful to experience Teatro Zinzanni last night in Chicago

7/31
Today I am grateful for my first visit to Second City in years.

8/1
Today I am grateful that my lingering COVID symptoms are nearly gone

8/2
Today I am grateful for a new (to me) kitchen table - the first one I have owned in over 8 years!

8/3
Today I am grateful to see the Jim Irsay collection and band at Navy Pier last night

8/4
Today I am grateful for dinner with a bunch of Microsoft folks in downtown Chicago last night.

8/5
Today I am grateful:
-to co-lead a Diversity & Inclusion workshop yesterday morning
-to attend the Windy City Smokeout with Josh yesterday afternoon
-to see Howie Day in concert last night

8/6
Today I am grateful for a return to Grand Rapids, MI for the first time in years.

8/7
Today I am grateful to speak at an excellent Beer City Code conference yesterday.

I have been to circuses and concerts and restaurants and theater, and dinner theater and improv shows and drag shows.

Thursday night at the Cambria Hotel in Chicago's Theater District, I experienced Teatro ZinZanni, which combined all of these into a single evening performance.

I had heard good things about this show but an announcement that it would close in two days was the motivation I needed to buy Friday evening tickets.

At center stage was a cross-dressed oversexed giantess, who shamelessly teased and flirted with the audience, driving the show forward. He/she was funny and crass and over the top.

But in between, we heard excellent singers backed by a top-rate band and jugglers and acrobats and trapeze artists. The trapeze artists were the most impressive to me.

In between these, cast members ran among the tables in elaborate costumes interacting with the audience.

In between these, we enjoyed a very good dinner.

I did not know what to expect, but the show entertained us greatly.

Teatro ZinZanni has left Chicago to begin a run on the west coast. But the theater will reopen with Cafe Zazou in September. I think I know what to expect from this show.

But who knows?

GCast 128:

Maintaining State with Docker Volumes

Docker containers are stateless by default, which means that, when one is destroyed, all data created after the container is lost. However, you can get around this limitation by attaching a volume to your container. This video shows you how to create and manage Docker volumes.

To access an Azure Key Vault secret from your code, you must register your key vault as an application.

The steps are:

1. Create the key vault
2. Register the application with Azure Active Directory
3. Add a Client Secret to the App Registration
4. Add an Access Policy to the Key Vault
   
5. Set Environment Variables
   
6. Write the code

Create the key vault

First, you need to create a Key Vault in which to store your secrets. For instructions on how to create a Key Vault, see this article.

Register the application with Azure Active Directory

After creating a Key Vault, register the Key Vault with Azure Active Directory.

This article shows how to do this.

For our purposes, the most important pieces of information from the Application Registration are the  Application ID, which is sometimes called the Client ID.

You can find this on the Azure Active Directory "App registrations" blade. Search for your App Registration by name, as shown in Fig. 1.

Fig. 1

Record the Display name, the Application (client) ID) and the Directory (tenant) ID. You will need these later.

Add a Client Secret to the App Registration

Next, you will need to create a Client Secret within your Application Registration.

Within the App Registration, click the [Certificates & secrets] button (Fig. 2) to open the "Certificates & secrets" blade, as shown in Fig. 3

Fig. 2

Fig. 3

To create a Client Secret, select the "Client secrets" tab and click the [New client secret] button (Fig. 4) to open the "Add a client secret" dialogue, as shown in Fig. 5.

Fig. 4

Fig. 5

At the "Description" field, enter a description of the secret (e.g., for which application are we generating a secret).

At the "Expires" dropdown, select how soon this secret will expire, requiring you to generate a new one.

When you finish completing the dialogue, click the [Add] button (Fig. 6) to return to the Application Registration" page, as shown in Fig. 7.

Fig. 6

Fig. 7

Your newly created secret will display in the list on the "Client secrets" tab. Copy and save the "Value" column. After you navigate away from this page, you will no longer be able to view the Value.

Add an Access Policy to the Key Vault

An Access Policy tells Azure which users, applications, and services have access to Azure Key Vault and what actions they can take on the information stored in Key Vault. After you have registered the application, you will need to create an Access Policy in Azure Key Vault, providing the Application Registration access to the key vault.

To add an Azure Key Vault Access Policy, navigate to the Azure Portal, log in, and open the Azure Key Vault, as shown in Fig. 2.

Fig. 8

Click the [Access policies] button (Fig. 3) in the left menu to display the "Access Policies" blade, as shown in Fig. 4.

Fig. 9

Fig. 10

Click the [Add Access Policy] button (Fig. 5) to display the "Add access policy" dialogue, as shown in Fig. 6.

Fig. 11

Fig. 12

This dialogue provides a number of templates which preselect permissions to access and manage keys, secrets, and certificates in this Azure Key Vault. If you like, you can select one of these, as shown in Fig. 7.

Fig. 13

Alternatively, you can specify each permission explicitly for keys, secrets, and certificates in this key vault. Fig. 8 shows how to select all permissions for managing secrets, which I will do for this demo.

When you have selected all the desired permissions, click the [Add] button (Fig. 8) to return to the "Add access policy" dialogue.

Fig. 14

The next step is to give these permissions to the Application Registration. Click the link next to "Select principal" to open the "Principal" dialogue, as shown in Fig. 9.

Fig. 15

Search for the Application Registration by display name, select the Registration from the list, as shown in Fig. 10 and click the [Select] button to close the "Principal" dialogue and return to the "Add Access Policy" dialogue, as shown in Fig. 11.

Fig. 16

Fig. 17

Finally, click the [Save] button (Fig. 12) to close the "Principal" dialogue and return to the "Access Policies" blade, as shown in Fig. 13. You will lose your changes if you fail to click the [Save] button before navigating

Fig. 18

Fig. 19

Set Environment Variables

The sample application below uses the DefaultAzureCredential class to authenticate the user. This class pulls information from the following environment variables:

• AZURE_CLIENT_ID (from App Registration "Overview" blade)
• AZURE_CLIENT_SECRET (from App Registration "Certificates & secrets" blade, "Value" field)
• AZURE_TENANT_ID (from App Registration "Overview" blade)

The values for each of these fields were acquired in the steps above.

Write the code

In a .NET Core application, the following NuGet packages assist you when working with Azure Key Vault.

• Azure.Security.KeyVault.Secret
• Azure.Identity

Create a new Console Application in Visual Studio and install the Azure.Security.KeyVault.Secrets and Azure.Identity NuGet packages.

As stated above, we can use the DefaultAzureCredential class to represent the principal used to make calls to our Azure Key Vault and the information (AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID) are stored in environment variables.

We create a DefaultAzureCredential object with the following code:

var credentials = new DefaultAzureCredential();

Then, we use this object to create a SecretClient object, as in the code below.

secretClient = new SecretClient(new Uri(keyVaultUri), credentials);

The SecretClient object provides methods to access and manage our Key Vault secrets.

For instance, we can get information about all the secrets in our Key

The following code retrieves information on all secrets in the Key Vault and lists the name, value, and content type of each

Console.WriteLine("All Secrets:");
var allSecrets = secretClient.GetPropertiesOfSecrets();
foreach (var secret in allSecrets)
{
     var secretValue = secretClient.GetSecret(secret.Name);
     Console.WriteLine($"{secret.Name} | {secretValue.Value.Value} | {secretValue.Value.Properties.ContentType}");
}
Console.WriteLine();

Other SecretClient methods allow us to get, set, or delete a Secret, as shown in the following code snippets:

await secretClient.SetSecretAsync(setSecretName, setSecretValue);
var secret = secretClient.GetSecret(setSecretName);
var operation = secretClient.StartDeleteSecret(deleteSecretName);

By default, Azure Key Vault supports soft delete, meaning that a deleted object can be retrieved for a given period after deletion (90 days, by default).
To permanently delete a secret prior to this, we can issue a purge command after the soft delete has completed. We can determine when the soft delete has completed by querying the Boolean DeleteSecretOperation.HasCompleted property.

if (operation.HasCompleted)
{
     secretClient.PurgeDeletedSecret(purgeSecretName);
}

Below is the full code of a .NET Core Console application

using Azure.Identity;
using Azure.Security.KeyVault.Secrets;
using System;
using System.Threading;
using System.Threading.Tasks;

namespace testKeyVaultConsoleApp
{
     internal class Program
     {
         const string KEYVALUTNAME = "dgtestkeyvault"; // Set this to the name of your key vault
         static string keyVaultUri = $"https://{KEYVALUTNAME}.vault.azure.net";

        static SecretClient secretClient = null;

        static async Task Main(string[] args)
         {
             var credentials = new DefaultAzureCredential();
             secretClient = new SecretClient(new Uri(KEYVAULTURI), credentials);

            ListAllSecrets();

            Console.Write("Input the Secret name to set (ENTER to skip):");
             var setSecretName = Console.ReadLine();
             if (setSecretName != "")
             {
                 Console.Write("Input the Secret value to set:");
                 var setSecretValue = Console.ReadLine();

                Console.WriteLine("Setting secret...");
                 await secretClient.SetSecretAsync(setSecretName, setSecretValue);
                 Console.WriteLine($"Secret {setSecretName} set to {setSecretValue}!");

                // Set content type
                 var secret = secretClient.GetSecret(setSecretName);
                 secret.Value.Properties.ContentType = "Demo Type";
                 secretClient.UpdateSecretProperties(secret.Value.Properties);
             }

            Console.Write("Input a Secret Name to soft delete (ENTER to skip):");
             var deleteSecretName = Console.ReadLine();
             if (deleteSecretName != "")
             {
                 var operation = secretClient.StartDeleteSecret(deleteSecretName);
                 Console.Write($"Deleting secret {deleteSecretName}...");
                 while (!operation.HasCompleted)
                 {
                     Thread.Sleep(1000);
                     Console.Write($".");
                     operation.UpdateStatus();
                 }
                 Console.WriteLine();
                 Console.WriteLine($"Secret {deleteSecretName} deleted!");
             }

            Console.Write("Input a Secret Name to permanently delete (ENTER to skip):");
             var purgeSecretName = Console.ReadLine();
             if (purgeSecretName != "")
             {
                 var operation = secretClient.StartDeleteSecret(purgeSecretName);
                 Console.Write($"Soft deleting secret {purgeSecretName}...");
                 while (!operation.HasCompleted)
                 {
                     Thread.Sleep(1000);
                     Console.Write($".");
                     operation.UpdateStatus();
                 }
                 Console.WriteLine();
                 Console.WriteLine($"Secret {purgeSecretName} deleted!");
                 secretClient.PurgeDeletedSecret(purgeSecretName);
                 Console.WriteLine($"Secret {purgeSecretName} purged!");
             }

            ListAllSecrets();

            Console.WriteLine();
             Console.WriteLine("Done!");
         }

        private static void ListAllSecrets()
         {
             Console.WriteLine("All Secrets:");
             var allSecrets = secretClient.GetPropertiesOfSecrets();
             foreach (var secret in allSecrets)
             {
                 var secretValue = secretClient.GetSecret(secret.Name);
                 Console.WriteLine($"{secret.Name} | {secretValue.Value.Value} | {secretValue.Value.Properties.ContentType}");
             }
             Console.WriteLine();

        }
     }
}

You can find the code here.

NOTE: Visual Studio reads Environment Variables on launch, so it may be necessary to restart Visual Studio after you set the environment variables.

Conclusion

In this article, you learned how to create a Key Vault and manage its secrets from a .NET Console application.

Episode 713

James McKee on Application Security vs Developer Security

Security Advocate James McKee describes how we can increase cybersecurity by building security into the application development process.

Some things stay the same and sometimes that is a very good thing. Brothers Richard and Tim Butler formed The Psychedelic Furs in the late 1970s and they form the core of the band today. Saxophonist Mars Williams joined in 1983 and remains with the band.

Saturday night, they were joined by Amanda Kramer (keyboards), Rich Good (guitar), and Zack Alford (drums) to the delight of thousands of fans at the Aragon Ballroom in Chicago's Uptown neighborhood.

The evening began with a set by LA-based band X, a group I remember from my college days in the early 1980s. Back then, they were primarily a punk band, but they showed greater range on this night than I remember from their LPs in my dorm room. In addition to their earlier hardcore music, we heard a mix of rockabilly and alternative rock. X maintained even more consistency over the decades than the Furs. Their founding members - D. J. Bonebrake, Exene Cervenka, John Doe, and Billy Zoom still perform together and still know how to rock hard.

Listening to X primed the audience for The Psychedelic Furs, who opened by launching into the frantic "Mr. Jones", which got the crowd bouncing. Of course, the biggest cheers came when they played their biggest hits, such as "Pretty in Pink", "Love My Way", "Heaven", and "Heartbreak Beat". These songs were recorded and released in the 1980s, but they sound fresh today. Vocalist Richard Butler's voice remains unchanged over the decades and the rest of the band retains a high energy when playing these songs for the thousandth time. Thanks in large part to Richard’s vocals, the live performance retains the technical quality of their recording sessions.

The Psychedelic Furs were part of a strong group of British synthpop bands that emerged after the punk movement of the 1970s. They have had more staying power than most of their peers, thanks to strong melodies and arrangements and a commitment to touring for the past decades.

We nearly saw a second show when an unstable patron tripped and fell, knocking heads with a woman in the front row of the balcony, nearly sending both of them over the railing. Thankfully, no one was seriously injured.

And no one went home disappointed from this excellent, high-energy show.

Registering an application in Azure Active Directory (AAD) allows the Microsoft Identity Platform to manage access to that application. Registration establishes trust between the application and the client.

To register an application, navigate to the Azure Portal, log in, and select the [Azure Active Directory] button (Fig. 1) in the left menu (or search for Azure Active Directory in the search box at the top of the portal.

Fig. 1

The Azure Active Directory "Overview" blade displays, as shown in Fig. 2.

Fig. 2

Click the [App registrations] button (Fig. 3) in the left menu to display the "App registrations" blade, as shown in Fig. 4.

Fig. 3

Fig. 4

Click the [New registration] button (Fig. 5) to display the "Register an application" dialogue, as shown in Fig. 6.

Fig. 5

Fig. 6

At the "Name" field, enter a name for this registration. If I am registering one application, I like to include the name of that application, followed by "AppReg". Whatever you choose, it should be easily identifiable, so you can pick it out of a list of app registrations.

At the "Supported account types" prompt, select the appropriate radio button depending on where the login accounts of the client reside. You can accept logins from only the current Azure Active Directory, from this and other Active Directories, from Active Directories plus non-AAD Microsoft accounts, and only from non-AAD Microsoft accounts.

The "Redirect URI" section is optional. It is most useful in web applications to indicate to which page the system redirects a user after a successful authentication. If you are unsure, you can leave this empty and configure it later.

The "Service Tree ID" field is only relevant if you are using the Microsoft Service Tree service, which allows you to relate multiple apps and services, making them more easily searchable by your users.

If you have a Service Tree account, enter the ID in this field.

After completing the dialogue, click the [Register] button to register the application. It typically takes less than a minute to register an application.

After the registration is complete, the app registration page displays, as shown in Fig. 7.

Fig. 7

The next steps depend on the type of application you are registering. I will cover some scenarios in future articles; but you can get a head start by clicking the appropriate link under "Build your application with the Microsoft identity platform".