Multifactor authentication via SMS is vulnerable to bot attacks, potentially leading to high costs from automated account creations. To mitigate risks, it's recommended to disable SMS MFA, implement stronger bot protection, or disable sign-ups. If attacked, quickly identify and delete bot-created accounts using Azure portal and PowerShell scripts to manage user identities.
[HOWTO] Implement Audit Logging in a .NET Core application using Entity Framework Core and Audit.NET
This blog post outlines the implementation of audit logging using Audit.NET in .NET Core applications with Entity Framework Core. It discusses the purpose of audit logs, which enhance traceability and compliance, and details the setup process, including modifying the DbContext, creating tracking properties, and configuring audit data storage in a dedicated entity.
[Headache Prevention] Workaround for the error “Could not authenticate user with requested resource” when accessing the Aspire dashboard
Recently, I deployed a .NET Aspire solution to Azure Container Apps (via Azure Container Registry). The Azure Container Apps resource is running within my personal Azure tenant. In my personal tenant, my user is assigned as Owner of the corresponding resource group and therefore also Owner (by inheritance) of the Container Apps Environment which resides... Continue Reading →
[HOWTO] Restore credentials of Work or School account(s) in Microsoft Authenticator App
Switching Android smartphones complicates restoring Work or School account credentials, requiring re-signing into accounts and possibly resetting MFA.
Software Composition Analysis in SonarQube Advanced Security for SonarQube Cloud
On the 15th of September, 2025, Sonar finally released the long-awaited Software Composition Analysis (SCA) to SonarQube Advanced Security for SonarQube Cloud! Software Composition Analysis (SCA) is an ideally automated process that analyzes software codebases to identify or detect embedded open-source software/components. The identified/detected dependencies form the basis for the following features that SCA tools... Continue Reading →
[HOWTO] Configure a custom domain and App Service Managed Certificate with Terraform
Configuring a custom domain for an Azure App Service including a App Service Managed Certificate is the kind of task where I constantly have to look up the details. For this reason, and because a colleague asked me to blog about it, I decided to briefly document the process here.
[HOWTO] Enable and configure Defender for Storage at the storage account level by using Terraform
I aimed to enable Defender for Storage on a dedicated storage account using Terraform, updating the existing configuration. Although the Terraform apply succeeded, the feature was not enabled. After research, I resolved the issue by adjusting user roles, allowing a subsequent Terraform apply to produce the desired outcome.
Six interesting use cases for Azure DevOps MCP Server for the daily work of a developer
While preparing my session for DWX 2025, in which I demonstrated a simple use case for Azure DevOps MCP Server (creating a user story from within the IDE), I came up with some other interesting use cases for the daily work of a developer. Now that I have tested them, I will outline the use... Continue Reading →
[HOWTO] Upload files to an Azure storage account using Terraform
This blog post describes how to automate the upload of files to an Azure storage account using Terraform.
[Best Practice] Make Application Configuration of ASP.NET Core applications obvious
In my work as a software developer, I have already been involved in numerous existing .NET software projects. Nearly all of these existing code bases had at least one thing in common: application configuration was not obvious. But why? Especially in the .NET ecosystem everything required to make it obvious is there. In this blog... Continue Reading →
