Stuff about Software Engineering

Category: Ikke kategoriseret (Page 7 of 14)

Setting roles and policies on Azure KeyVault to enable getting secrets from an Azure Function

This is just a follow up on this post: https://azure.microsoft.com/en-us/blog/simplifying-security-for-serverless-and-web-apps-with-azure-functions-and-app-service/ for a bit more clarification on the roles and policies required in KeyVault to make this work.

The enable an Azure Function to access secrets in KeyVault you have to do the following:

  1. Create a system assigned managed identity to the Function. Just go to Platform Features in your Function and select Identity and enable the System assigned identity – remember to click save!
  2. Giving the role “Managed Application Reader” to the managed identity of the Function.
    1. Go to KeyVault and click on “Access control (IAM) in the menu and click on “Role assignments”.
    2. If you want to see existing App/Functions that have assignments select “App Services or Function Apps” from the Type dropdown menu.
    3. Click on Add and select the “Managed Applications Reader” from the Role drop down menu.
    4. Type in the name of your Function and select it from the menu – make sure you select the actual identity of the Function – see the icon in the screendump below.
    5. Click on save.
      Adding roles to KeyVault
  3. Assigning at least the “Get Secret” policy to the service principle of the managed identity.
    1. Click on “Access policies” in the KeyVault menu
    2. Click on Add and click on the “Select principal” fly out menu and type in the name of your Function
    3. This time it’s the service principal we want to select – click on it and click on select
    4. From the “Secret permissions” drop down menu select at least the “Get” permission.
    5. Click on OK.
      Adding policies to KeyVault

You’re done and you should now be able to get secrets from your KeyVault in your application settings in your Function.

Payroll Services Firm Transforms its Product Into a Platform with API Management

Bluegarden, a large Scandinavian payroll service, is using Microsoft Azure API Management to gain a simple, efficient, security-enabled way to share application programming interfaces (APIs) with partners. By publishing APIs for key product capabilities, Bluegarden can create an extensible product to fit every customer’s needs, expand its partners and consequently its business, and help keep APIs secure.

Installing ELMAH on IIS

Just for reference because it just too long looking for this information on how to install ELMAH on IIS to troubleshoot a failling application.

Download ELMAH using Nuget:

nuget install elmah

Copy elmah.dll to the bin folder of your application.

Add the following to the same sections in your web.config

<system.web>
       <httpHandlers>
              <add verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" />
       </httpHandlers>
       <httpModules>
              <add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah"/>
              <add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" />
              <add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" />
       </httpModules>
</system.web>
<system.webServer>
       <modules runAllManagedModulesForAllRequests="true">
              <add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah"/>
              <add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" />
              <add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" />
       </modules>
       <handlers>
              <add name="Elmah" verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" />
       </handlers>
<system.webServer>

Goto localhost/yourwebapplication/elmah.axd

SCRUM needs CRACK

Posted this on my internal blog at Traen:

A critical success factor for SCRUM projects is having access to customer representatives who are:

  • Collaborative
  • Representative
  • Authorized
  • Committed
  • Knowledgeable

If the customer representatives are not collaborative, they will sow discord and frustration, resulting in the loss of morale.

If the are not representative, they will lead the developers to deliver unacceptable products.

If they are not authorized, they will incur delays seeking authorization or, even worse, lead the project astray by making unauthorized commitments.

If they are not committed, they won’t do the necessary homework and won’t be there when the developers need them most.

If they are not knowledgeable, they will cause delays, unacceptable products or both.

So SCRUM needs customers who are CRACK!

From “Balacing Agility and Descipline: A Guide for the Perplexed

Actually it’s true for any kind of project based on any proces or methodology…

Virtuel maskine på Windows Azure

I sidste måned lancerede Microsoft officielt IaaS på Windows Azure. Det var også på tide kan man sige, og det bliver spændende at se om Microsoft kan indhente noget af det forspring som andre spillere som Amazon og Rackspace allerede har.

Anyways, det skal selvfølgelig testes. Så jeg har aktiveret IaaS på min Windows Azure profil og får dermed muligheden for at starte virtuelle maskiner i skyen.

Processen er temmelig enkel. Fra Virtual Machines “tabben” i Windows Azure Portalen vælger man +New fra bunden af siden.

image

Derefter kan man så vælge om man vil konfigurere selv fra bunden eller om man vil vælge en skabelon.

image

Her kan man så vælge fra en række skabeloner herunder diverse Unix distroer og selvfølgelig Windows Server 2012.

image

Derefter skal man blot svare på en række standard spørgsmål som størrelse på maskine (small, medium, large eller x-large) hostname, dns-navn og kodeord til administrator.

Og 2 minutter senere har man en virtuel maskine.

image

Med virtuelt netværk er det muligt at forbinde maskinen direkte til en hjemmenetværk og dermed tilgå f.eks. med brugere fra et privat domæne.

Indtil videre har Amazon været min favorit til Iaas, men jeg må sige at det her faktisk ser bedre ud.

300 nordiske it-chefer: Fremtiden er mobil

Iflg. en undersøgelse der bl.a. er lagt på Version 2 er følgende IT-trends de vigtigste for IT-chefer i Danmark, Sverige og Norge:

  1. Mobilitet
  2. Virtualisering
  3. Cloud computing
  4. Sociale medier
  5. Outsourcing
  6. Grøn it
  7. Biometri

Et par umiddelbare observationer fra min side må være at:

  • Forskellen på virtualisering, cloud computing, outsourcing og grøn it sikkert er meget lille gående mod 0. I hvert fald set fra en IT-chef med ansvar for drift.
  • Fokus på mobilitet er på vej til at blive 10’ernes svar på 00’ernes SOA. Forskellen er bare at HTML5 næsten allerede har løst problemet.

Jeg ville nok proppe åben data og åbne data protokoller som OData på listen i stedet for, så kommer muligheden for mobilitet af sig selv.

Min liste vil så være:

  1. Cloud computing
  2. Åbne protokoller
  3. Sociale Medier
  4. Biometri
« Older posts Newer posts »

© 2026 Peter Birkholm-Buch

Theme by Anders NorenUp ↑