I have started moving several static websites & SPAs from “Static website hosting in Azure Storage” to Azure Static Web Apps (SWA). Main reason for this is the limitation of using apex domains with Azure CDN which is the only way to use custom domains on websites hosted with Azure Storage. This is not an issue with Static Websites where you can use ALIAS, CNAME or A Records to map your domains. And with two custom domains available in the free tier this is now my go-to default.
Continue reading Deploying to Azure Static Web Apps in Azure DevOpsAzure Functions + Storage with Managed Identity via Bicep
Today I needed to migrate an Azure Functions project that used to connect to Azure Storage with a normal connection string. Since that’s prohibited by policy in my new Azure subscription, we needed to change that.
This also meant we needed to move the Function App to a dedicated plan since Managed Identity is not supported with Consumption or Elastic Premium plans.
Continue reading Azure Functions + Storage with Managed Identity via BicepAllow Client Credentials Flow in ASP.NET & Microsoft.Identity.Web
For authenticating Entra ID users & services in ASP.NET you’re probably using the Microsoft.Identity.Web with some initialization code looking something like this in your Program.cs:

This will configure authentication based on the values stored in your appsettings’ “AzureAd” section. And it should work fine with “normal” users, but it will not accept Tokens from a Client Credentials Flow that might be used for Service-to-Service communications.
Continue reading Allow Client Credentials Flow in ASP.NET & Microsoft.Identity.WebService-to-Service comminucation with Refit & Client Credentials Flow for Entra ID
For a recent project I needed my ASP.NET Core backend service to talk to an external license server using the Entra ID Client Credentials Flow for authentication. For these scenarios I like using Refit to generate the required http client logic. And adding auth for Entra ID is pretty straight forward as well if you know which libraries to use.
Continue reading Service-to-Service comminucation with Refit & Client Credentials Flow for Entra IDRead request headers in Azure Functions v4 with Node
I often have to read information from request headers in Azure Functions. For example to get the User Object ID that made an authenticated call. This is a bit more tricky than just calling request.headers[‘x-ms-client-principal-id‘]. This is valid TypeScript but will always be undefined!
Continue reading Read request headers in Azure Functions v4 with NodeMicrosoft Teams deep links without client selection
Microsoft Teams lets you create deep links to various elements like chats, channels, conversations or apps. Usually when clicking such a link the user is first asked to choose wether to proceed in the browser or open the link in the Microsoft Teams desktop app. While this makes sense in most sharing scenarios there are situtaions where you might want to force either of these two options as the person sharing the link.
Continue reading Microsoft Teams deep links without client selectionDeploying OpenAI Models to Azure with Bicep
Deploying an Azure OpenAI Service with GPT Models is pretty straight forward. However, I ran into an issue where deploying two models at the same time resulted in the following error most of the time:
“Another operation is being performed on the parent resource ‘/subscriptions/xxxxxxxxxxxxxxxx/resourceGroups/openaibiceptest/providers/Microsoft.CognitiveServices/accounts/mlbiceptest’. Please try again later.”
Continue reading Deploying OpenAI Models to Azure with BicepConnect Azure Iot Central to Event Hubs with Managed Identity
To process data collected with an IoT Central instance it’s common to first send it to Azure Event Hubs. This makes the data available to a wide range of receivers like Microft Fabric or Azure Functions. Since we want to minimize the use of credentials here’s how to connect IoT Central with Event Hubs using Azure Managed Identities. Following this guide will also fix the “Unable to authenticate the user-provided event hub.” error.
Continue reading Connect Azure Iot Central to Event Hubs with Managed IdentityDeploying over SFTP with Azure DevOps pipelines
I recently needed to deploy some files to a webserver over SFTP using Azure DevOps pipelines. Despite the name SFTP is not related to FTP or FTPS as its SSH-based, so the FtpUpload@2 task won’t work for us. What we’re actually looking for is the CopyFilesOverSSH task. Let’s see how to configure it properly.
Continue reading Deploying over SFTP with Azure DevOps pipelinesAzure Service Bus with Bicep & Managed Identity in ASP.NET Core
Azure Service Bus can be used by clients with two different authentication mechanisms – either through Shared access policies with Manage, Send and Listen capabilities or through the Role-based access control (RBAC). The latter one is recommended as it also allows you to make use of Managed Identites instead of relying on connection strings. In this post we’ll take a look at how this can be set up using Bicep and connected to an ASP.NET Core app.
Continue reading Azure Service Bus with Bicep & Managed Identity in ASP.NET Core