Allow Client Credentials Flow in ASP.NET & Microsoft.Identity.Web

For authenticating Entra ID users & services in ASP.NET you’re probably using the Microsoft.Identity.Web with some initialization code looking something like this in your Program.cs:

This will configure authentication based on the values stored in your appsettings’ “AzureAd” section. And it should work fine with “normal” users, but it will not accept Tokens from a Client Credentials Flow that might be used for Service-to-Service communications.

Continue reading Allow Client Credentials Flow in ASP.NET & Microsoft.Identity.Web

Service-to-Service comminucation with Refit & Client Credentials Flow for Entra ID

For a recent project I needed my ASP.NET Core backend service to talk to an external license server using the Entra ID Client Credentials Flow for authentication. For these scenarios I like using Refit to generate the required http client logic. And adding auth for Entra ID is pretty straight forward as well if you know which libraries to use.

Continue reading Service-to-Service comminucation with Refit & Client Credentials Flow for Entra ID

Read request headers in Azure Functions v4 with Node

I often have to read information from request headers in Azure Functions. For example to get the User Object ID that made an authenticated call. This is a bit more tricky than just calling request.headers[‘x-ms-client-principal-id‘]. This is valid TypeScript but will always be undefined!

Continue reading Read request headers in Azure Functions v4 with Node

Microsoft Teams deep links without client selection

Microsoft Teams lets you create deep links to various elements like chats, channels, conversations or apps. Usually when clicking such a link the user is first asked to choose wether to proceed in the browser or open the link in the Microsoft Teams desktop app. While this makes sense in most sharing scenarios there are situtaions where you might want to force either of these two options as the person sharing the link.

Continue reading Microsoft Teams deep links without client selection

Deploying OpenAI Models to Azure with Bicep

Deploying an Azure OpenAI Service with GPT Models is pretty straight forward. However, I ran into an issue where deploying two models at the same time resulted in the following error most of the time:

Another operation is being performed on the parent resource ‘/subscriptions/xxxxxxxxxxxxxxxx/resourceGroups/openaibiceptest/providers/Microsoft.CognitiveServices/accounts/mlbiceptest’. Please try again later.”

Continue reading Deploying OpenAI Models to Azure with Bicep

Connect Azure Iot Central to Event Hubs with Managed Identity

To process data collected with an IoT Central instance it’s common to first send it to Azure Event Hubs. This makes the data available to a wide range of receivers like Microft Fabric or Azure Functions. Since we want to minimize the use of credentials here’s how to connect IoT Central with Event Hubs using Azure Managed Identities. Following this guide will also fix the “Unable to authenticate the user-provided event hub.” error.

Continue reading Connect Azure Iot Central to Event Hubs with Managed Identity

Deploying over SFTP with Azure DevOps pipelines

I recently needed to deploy some files to a webserver over SFTP using Azure DevOps pipelines. Despite the name SFTP is not related to FTP or FTPS as its SSH-based, so the FtpUpload@2 task won’t work for us. What we’re actually looking for is the CopyFilesOverSSH task. Let’s see how to configure it properly.

Continue reading Deploying over SFTP with Azure DevOps pipelines

Azure Service Bus with Bicep & Managed Identity in ASP.NET Core

Azure Service Bus can be used by clients with two different authentication mechanisms – either through Shared access policies with Manage, Send and Listen capabilities or through the Role-based access control (RBAC). The latter one is recommended as it also allows you to make use of Managed Identites instead of relying on connection strings. In this post we’ll take a look at how this can be set up using Bicep and connected to an ASP.NET Core app.

Continue reading Azure Service Bus with Bicep & Managed Identity in ASP.NET Core

Azure Email Communication Service with Subdomains

When using the Azure Communication Service to send emails you might want to have different sender subdomains for different stages, e.g. @example.com for production and @dev.example.com & @test.example.com for Dev and QA. Unfortunately the docs are quite unclear on how to set this up, especially when it comes to the DKIM configuration.

Continue reading Azure Email Communication Service with Subdomains

Azure SignalR Service Serverless with Frontdoor & ASP.NET negotiation

Azure Frontdoor is a great way to secure your application against the outside world. One downside though is the lack of websocket support meaning no SignalR communication can get through. This is where the SignalR Service’s serverless option comes in handy. It allows us to establish a connection with the service directly which acts as a proxy between clients and servers.

Continue reading Azure SignalR Service Serverless with Frontdoor & ASP.NET negotiation