SP HAMMAD
Menu

SKILLS & TRICKS

Azure MFA as Primary Authentication and Configuring Microsoft ADFS

2/29/2020

2 Comments

 
In order to setup Azure MFA as Primary Authentication with ADFS, this does require you to move to Azure MFA (cloud-based version). I have not deployed Azure Multi-Factor Authentication Server (on-prem/hybrid version) in a few years for anyone as pretty much everyone I work with has moved on to cloud-based Azure MFA. Feature parity is pretty close to the same at this point and in my opinion, the days of Azure MFA Server on-prem are numbered. If you’re still on the on-prem Azure MFA Server, it is very easy to migrate to the cloud-based Azure MFA.  I’m going to assume you have a working ADFS environment already that is federated with Azure AD using Azure AD Connect for this blogpost for a step by step guide.

Configure ADFS and Azure MFA to work

Picture
1. Log into your ADFS server. In my example, I am using ADFS 4.0 with a Farm Behavior Level (FBL) set to 3 which means Windows Server 2016 and an Active Directory 2016 schema. You can always run the PowerShell cmdlet “Get-AdfsFarmInformation” on your ADFS server to show your FBL version. Go ahead and open the AD FS console:

Read More
2 Comments

Step by Step - Azure Application Gateway

2/11/2020

1 Comment

 
Picture
​Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 – TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.

​Prerequisites
  • The NSG on the Application Gateway subnet and the backend server is allowing inbound access to ports 65503-65534 (v1 SKU) or 65200-65535 (v2 SKU) from “Internet.”
  • The NSG on the Application Gateway subnet and backend server subnet must allow port 443 from any source.
  • The User Defined Route (UDR) on the Application Gateway subnet is set to the default route (0.0.0.0/0) and the next hop is specified as “Internet.”
  • The Application Gateway Subnet must be associated with the UDR.
  • The next of the public IP address range of the Application Gateway must be specified as “Internet.”
  • The Application Gateway must not connect a virtual network which as a default route advertised by an ExpressRoute/VPN connection to a virtual network over BGP.
  • The custom DNS server is configured on a virtual network that must resolve public domain names.
  • For a public IP, you can create a new public IP address or use an existing public IP in the same location as the application gateway.
  • For a private IP, you can specify a private IP address from the subnet where the application gateway is created.
  • You configure SSL policy to control SSL protocol versions. You can configure an application gateway to deny TLS1.0, TLS1.1, and TLS1.2. Leave it default.

Read More
1 Comment

FIXED - Let's Encrypt in Azure Web Apps running on .Net Core and Linux

11/16/2019

1 Comment

 
We all know that Let's Encrypt Site Extension cannot be used for ASP.Net Core on a Linux Web App and though its an easy way to achieve getting and renewing SSL certificates for Web Apps.  However, site extensions are not available when running on Linux. Furthermore, the certificate creation process needs support from the target web app. With .Net Framework and IIS this could be achieved with web.config modification without modifying the web app (or it's web.config) itself.
Picture
This solution is based on the letsencrypt-webapp-renewer. It uses the same core library than the Azure Lets Encrypt site extension, but it is run as a WebJob. It can (should) be installed on its own web app, and supports multiple target websites.

The author of the letsencrypt-webapp-renewer has made thorough instructions, so I won't copy them here. When granting the service principal rights, you may want to only add Website Contributor and Web Plan Contributor instead of Contributor rights. The only thing needed in addition to those instructions is the support by the web app itself.

Read More
1 Comment

FIXED - Not a valid Base-64 string error by Azure CLI on a storage queue

10/13/2019

0 Comments

 
​Using Azure CLI a lot recently, it has made interactions with Azure so much easier using PowerShell.

https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest

I had to write a simple PowerShell script that added items to a Storage queue. Once the items were added to a queue an Azure function picked up the items and processed them.
Picture
According to the documentation of Azure CLI you need to use az storage message put.

Read More
0 Comments

Migrating your Server to Azure

5/19/2019

1 Comment

 
Picture
Lets admit that migration of any sort is a pain and migrating something to the cloud for the first time is always challenging. I have been going through this for quite some time and finally had the chance to play with Azure Migrate and it has been a good experience overall.

​If you plan to go to Azure you will have 2 choices for your current environment:
  • Recreate you infrastructure from scratch
  • Use Azure Site Recovery to “move” your on-premise VMs to Azure
The goal of this post is to explain you what is Server Migration and how it can help you for your migration to Azure.

Azure Migrate

​The Azure Migrate service assesses on-premises workloads for migration to Azure. The service assesses the migration suitability of on-premises machines, performs performance-based sizing, and provides cost estimations for running on-premises machines in Azure. If you’re contemplating lift-and-shift migrations, or are in the early assessment stages of migration, this service is for you. After the assessment, you can use services such as Azure Site Recovery and Azure Database Migration Service, to migrate the machines to Azure.

Why use Azure Migrate?

Azure Migrate helps you to:
  • Assess Azure Readiness: Assess whether your on-premises machines are suitable for running in Azure.
  • Get Size Recommendations: Get size recommendations for Azure VMs based on the performance history of on-premises VMs.
  • Estimate Monthly Costs: Get estimated costs for running on-premises machines in Azure.
  • Migrate with High Confidence: Visualize dependencies of on-premises machines to create groups of machines that you will assess and migrate together.

Read More
1 Comment

ASP.NET Core Process Hosting and Configuration Issue

1/10/2019

0 Comments

 
​Since ASP.NET Core 2.2 was released I have been working on getting all my different applications updated and using in-process hosting. I pretty quickly hit an issue with an application that uses SQLite. As soon as the application tried to access the database I ended up with the following error.
SqliteException: SQLite Error 14: ‘unable to open database file’. Microsoft.Data.Sqlite.SqliteException.ThrowExceptionForRC(int rc, sqlite3 db) Microsoft.Data.Sqlite.SqliteConnection.Open() Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenDbConnection(bool errorsExpected)

Issue and Work Around

After some Googling, I found an issue on GitHub that details the problem. It turns out that when the application gets its current directory it is returning the path to the IIS process that is hosting the application instead of the directory when the application is.

On another GitHub issue, I found a link to a recommended workaround. Add the following class somewhere in your application. This code comes here.

Read More
0 Comments

Which OS to use with .Net Containers

10/31/2018

0 Comments

 
Given the diversity of operating systems supported by Docker and the differences between .NET Framework and .NET Core, you should target a specific OS and specific versions depending on the framework you are using.

For Windows, you can use Windows Server Core or Windows Nano Server. These Windows versions provide different characteristics (IIS in Windows Server Core versus a self-hosted web server like Kestrel in Nano Server) that might be needed by .NET Framework or .NET Core, respectively.

For Linux, multiple distros are available and supported in official .NET Docker images (like Debian). In the image below  you can see the possible OS version depending on the .NET framework used.
Picture
You can also create your own Docker image in cases where you want to use a different Linux distro or where you want an image with versions not provided by Microsoft. For example, you might create an image with ASP.NET Core running on the traditional .NET Framework and Windows Server Core, which is a not-so-common scenario for Docker.

When you add the image name to your Dockerfile file, you can select the operating system and version depending on the tag you use, as in the following examples:

Read More
0 Comments

.Net Core OR .Net Framework for Dockers

10/15/2018

0 Comments

 
There are two supported frameworks for building server-side containerized Docker applications with .NET; .NET Framework and .NET Core. They share many.NET platform components, and you can share code across the two. However, there are fundamental differences between them, and which framework you use will depend on what you want to accomplish. This section provides guidance on when to choose each framework.
.Net Core or .Net Framework

General Overview

You should use .NET Core, with Linux or Windows Containers, for your containerized Docker server application when:
  •  You have cross-platform needs. For example, you want to use both Linux and Windows Containers.
  •  Your application architecture is based on microservices.
  • You need to start containers fast and want a small footprint per container to achieve better density or more containers per hardware unit in order to lower your costs.
In short, when you create new containerized .NET applications, you should consider.NET Core as the default choice. It has many benefits and fits best with the containers philosophy and style of working. An additional benefit of using .NET Core is that you can run side by side .NET versions for applications within the same machine. This benefit is more important for servers or VMs that do not use containers, because containers isolate the versions of .NET that the app needs. (As long as they are compatible with the underlying OS.)

You should use .NET Framework for your containerized Docker server application when:
  •  Your application currently uses .NET Framework and has strong dependencies on Windows.
  •  You need to use Windows APIs that are not supported by .NET Core.
  • You need to use third-party .NET libraries or NuGet packages that are not available for .NET Core.

Using .NET Framework on Docker can improve your deployment experiences by minimizing deployment issues. This “lift and shift” scenario is important for containerizing legacy applications that were originally developed with the traditional .NET Framework, like ASP.NET WebForms, MVC web apps or WCF (Windows Communication Foundation) services.
Picture

Read More
0 Comments

Playing with Azure Storage Explorer

6/8/2018

1 Comment

 
After being in preview for quite some time, Azure Storage Explorer is now available in general availability (GA).

You can get it from:

  • For Windows https://go.microsoft.com/fwlink/?LinkId=708343&clcid=0x409
  • For MacOs https://go.microsoft.com/fwlink/?LinkId=708342&clcid=0x409
  • For Linux https://go.microsoft.com/fwlink/?LinkId=722418&clcid=0x409

With Azure Storage Explorer you can directly access your Azure Storage from your preferred client to download/upload content, manage you blobs, files, queues, tables or even your Cosmos DB Entities.

To connect to your Azure tenant (covering all public, government or China) you can use either your credentials, a connection string or shared access URL or the storage account key.
Connect Azure Storage
Azure Storage Explorer
​You can add multiple accounts to connect to your Azure Storage using the View\Account Management menu.
Account Management
Add an Account

Read More
1 Comment

GDPR - All you you need to KNOW with Templates

3/2/2018

4 Comments

 
​For the past few weeks a lot has been spoken, written and talked about is GDPR Compliance. I have always retained the view that Europeans are much more intelligent when it comes to compliance and regulatory of Personal Data then Americans.  I am not going to use the word privacy because its been the most mocked around word in some quarters and of course in USA we all know how well its protected and implemented. :D

I'll start with first highlighting some key aspects of GDPR - like
  • What is GDPR
  • Key Regulatory Requirements
  • ​Role of IT Professionals
  • Actions for Compliance (12 Steps)
  • Microsoft and GDPR (Compliance Manager and Azure Information Protection Scanner)
  • GDPR Templates

What is GDPR

​Its not something new and before GDPR we had Data Protection Act so if you had it implemented then you will go through less pain since a lot of elements are partially covered by it. The whole idea and concept is to know how the data is collected, where the data resides, stored, processed, deleted, who can access it and how its used for EU citizens. This means that organizations will be required to show the data flow or lifecycle to minimize any risk of personal data being leaked and all required steps are in place under GDPR.

In short, GDPR is to have common sense data security  ideas, especially from the Privacy by Design school of thought: minimize collection of  personal data, delete personal data that’s no   longer necessary, restrict access, and secure data through its entire lifecycle and also by adding requirements for documenting  IT procedures, performing risk assessments under certain conditions, notifying the consumer  and authorities when there is a breach, as well as  strengthening rules for data minimization.

Read More
4 Comments
<<Previous

    Archives

    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    November 2017
    October 2017
    April 2017
    March 2017
    February 2017
    January 2017
    November 2016
    July 2016
    December 2014

    Categories

    All
    Agile
    Analysis Of Metrics
    CMS
    DevOps
    Digital Workplace
    Guideline
    Microsoft
    Microsoft Azure
    Microsoft Teams
    Microsoft WPC 2016
    MS Ignite
    Niteco
    Office 365
    Office 365 CDN
    Personalization
    PowerShell
    Project Management
    Scrum
    SharePoint
    SharePoint 2013
    SharePoint 2016
    SharePoint Framework
    Sitecore
    Sitecore 9
    Sitecore Symposium
    Software Project Audit

    RSS Feed

    Picture

Feel free to connect and Subscribe for updates!

SKYPE

hammad.ahmad

Telephone

+62 81316905997

Email

hammad@sphammad.com
  • Home
  • About Me
  • Blog
  • Contact
  • Home
  • About Me
  • Blog
  • Contact