Handcrafted, AI-free blog posts about DevOps, DevSecOps, application security, web development, Azure and similar topics
In a project involving infrastructure as code (IaC) with terraform, Microsoft Entra ID security groups were manually created in the Azure portal. To avoid recreation, the import feature in terraform was used to bring existing groups into terraform state. This involved obtaining object IDs and descriptions, adding the groups as resources in terraform code, and importing them into terraform state.
This blog post guides the configuration of Serilog for a .NET Core Web API running on an Azure App Service. It covers logging requirements and implementation, including Serilog setup in Program.cs and appsettings.json. It also provides instructions for querying logs in Azure Application Insights and streaming them using Log Stream in Azure App Service.
The author was tasked with setting up a CI/CD process for a Blazor application using JetBrains Space. They had experience with other tools like Azure DevOps and GitHub Actions but found implementing pipelines in Space challenging. They struggled with creating the necessary automation scripts and host parameters. Despite good documentation, they found the CI/CD features lacking in predefined steps and tasks for standard cases, leading to unnecessary effort. They were also concerned about the exposure of project-wide secrets as plain text in runtime parameters.
The blog post discusses transitioning from SQLite to Testcontainers for .NET to run integration tests for ASP.NET Core applications. The author encountered limitations with SQLite when running complex Linq queries. While alternatives like Mocking, EF Core In-Memory Database Provider, and LocalDB were considered, these were found to be wanting. Instead, Testcontainers was chosen for its simple setup, good documentation, and excellent integration with MSSQL servers. This approach does necessitate Docker being installed and operational on the local development environment.
The blog post explains the preferred setup for infrastructure deployments using Infrastructure as Code (IaC) with Terraform and Azure DevOps YAML pipelines. The author discusses the organization of service connections and security settings, and provides an in-depth look at the pipeline structure and tasks within each stage. The text also mentions an important update regarding Azure Pipelines Terraform tasks and offers a practical approach on pipeline re-runs after local fixes.
The author discusses the importance of integration tests in ASP.NET Core Web APIs, citing benefits, such as real-life-like REST requests, serialization and deserialization, server application startup code execution, etc. Furthermore, the Microsoft.AspNetCore.Mvc.Testing library is highlighted. Despite challenges, the author promotes maintaining similarity to production during tests. The text then explores code bases and integration tests. Several sections cover API initialization, authentication configuration, running tests against a Sqlite database, and antiforgery subject. The article concludes by discussing alternative approaches found during the research.
The Azure webhook consumer/receiver failed to receive any events apart from heartbeat events due to an error during the webhook's update. The issue, which originated from the event filter altering from a wildcard to [], was fixed by an event filter update. To prevent similar issues, an Azure Monitor Metric Alert was established. It signals less than seven executions of the Azure Function per hour and emails the Azure Resource Manager (ARM) role members on each alert,
The article discusses how the author implemented middleware to verify payload signatures for webhook calls from Enode, an energy device connection and management platform, using the .NET Azure Functions isolated worker model. The author created a middleware that validates the Enode signature and an Azure Function that consumes the webhook, returning an unauthorized status code if the signature is invalid. The author also noted limitations with .NET integration testing for isolated model .NET Azure Functions.
During a penetration test preparation, an issue arose where multiple test accounts couldn't be invited as guest users to Microsoft Entra ID. The problem was due to all emails being redirected to one address. The takeaway is to ensure that the email addresses invited are not redirections to an existing user account.
The post discusses the implementation of a CSV export feature in an application with an ASP.NET Core Web API backend and a React frontend. The author used the CsvHelper library for creating the CSV file. The post details the construction and functions of various classes and methods, crucial for successful export. A key mention is the axios for requests and the correct setting of response type.
blog.rufer.be 