Everything about Windows Azure

Tuesday, June 27, 2023

Azure API Management: Setting secret from Azure Key Vault in header policies

Credits: Accessing Azure Key Vault from within Azure API Management | Vincent-Philippe Lauzon’s (vincentlauzon.com)

This article is an extension to what has been talked about in the above post. The code snippet to read Azure Key Vault Secret to set <set-header> under <inbound> <policies> in Azure API Management along with caching the secret for 60 secs has been given below

Code-Snippet for copy paste:

<cache-lookup-value key="cached-user-secret" variable-name="cached-user-secret" />

<send-request mode="new" response-variable-name="cached-user-secret" timeout="20" ignore-error="false">

<set-url>https://{{kvname}}.vault.azure.net//secrets/{{secret-name}}/?api-version=7.0</set-url>

<set-method>GET</set-method>

<authentication-managed-identity resource="https://vault.azure.net" />

</send-request>

<set-variable name="cached-user-secret" value="@((((IResponse)context.Variables["cached-user-secret"]).Body.As<JObject>()).Property("value").Value.ToString())" />

<cache-store-value key="cached-user-secret" value="@((string)context.Variables["cached-user-secret"])" duration="60" />

</when>

</choose>

<set-header name="User-secret" exists-action="append">

<value>@((string)context.Variables["cached-user-secret"])</value>

</set-header>

</inbound>

</backend>

</outbound>

<on-error>

</on-error>

</policies>

Performance numbers:

Inbound (268+ ms) - 1st time

api-inspector (0.259ms)

api-inspector (0.003ms)

cors (0.024ms)

cache-lookup-value (0.006ms)

cache-lookup-value (0.934ms)

choose (0.024ms)

set-method (0.025ms)

authentication-managed-identity (0.253ms)

authentication-managed-identity (0.005ms)

send-request (0.078ms)

send-request (267.616ms) -> Key Vault call for User Secret

send-request (0.034ms)

response-variable-handler (0.010ms)

response-variable-handler (11.223ms)

set-variable (0.118ms)

set-variable (0.014ms)

cache-store-value (0.005ms)

cache-store-value (0.065ms)

cache-store-value (0.087ms)

From 2nd time onwards, it is only few ms

Thursday, May 7, 2015

Nuget Package Upgrade Error - Already referencing a newer version of dependent assembly

Nuget Package Upgrade Error:
Already referencing a newer version of <dependent assembly>

Error:
This occurs mostly with Microsoft.Data.OData while upgrading Windows Azure Storage(Microsoft.WindowsAzure.Storage.dll)

Error Details:
Attempting to resolve dependency 'Microsoft.Data.OData (≥ x.x.x-1)'.
Attempting to resolve dependency 'System.Spatial (= x.x.x)'.
Attempting to resolve dependency 'Microsoft.Data.Edm (= x.x.x)'.
Attempting to resolve dependency 'Newtonsoft.Json (≥ x.x.x)'.
Attempting to resolve dependency 'Microsoft.Data.Services.Client (≥ x.x.x)'.
Attempting to resolve dependency 'Microsoft.Data.OData (= x.x.x)-1'.
Already referencing a newer version of 'Microsoft.Data.OData'.
Resolution:
- Remove/ Uninstall/ downgrade Microsoft.Data.OData
- Upgrade Microsoft.WindowsAzure.Storage
- This will automatically add minimum dependent version of Microsoft.Data.OData.dll
- Upgrade package Microsoft.Data.OData

Saturday, March 21, 2015

How to get deployed package files from Azure Cloud Service

Method 1: Using Cerebrata Cmdlets

1. Create a Management Certificate from Visual Studio Command Prompt as an administrator
    - VS Cmd Prompt can be found at Visual Studio Tools folder
    - For Visual Studio 2013, path is
             C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Tools\Shortcuts
    - Run 'Developer Command Prompt for VS2013' as administrator

2. Run the MakeCert command to create a certificate
    makecert -sky exchange -r -n "CN=<CertificateName>" -pe -a sha1 -len 2048 -ss My "<CertificateName>.cer"
   - Replace <CertificateName> with any name - say AzureMgmtCert
   Ref: https://msdn.microsoft.com/en-us/library/azure/gg551722.aspx

3. Certificate will be created to Personal Store
    - In Run prompt, type mmc and click enter
    - Select certificates and first option

4. Export certificate(.cer) to a local drive say c:\AzureMgmtCert.cer

5. Export the certificate to Azure Management Portal for a subscription
    - Select 'Settings' (left bottom option)
    - Select the tab 'Management Certificates'
    - Upload AzureMgmtCert.cer using Upload button from bottom

6. Install Cerebrata(trail or licensed) Cmdlets
      Ref: http://www.cerebrata.com/products/azure-management-cmdlets/introduction

7. Open 'Microsoft Azure Powershell'

8. Run Get-DeploymentPackage
    - ServiceName: <Cloud Service Name>
    - Slot: <production/ staging>
    - SubscriptionId: XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
    - Certificate: C:\azuremgmtcert.cer (provide path of the certificate)

9. Package(.cspkg) and configurations(.cscfg) will be uploaded to First Storage account
   - If you don't have storage create, you need to create one

10. Use Azure Storage Explorer to download the file from the Container

Method 2: Using Azure Get Package REST API
Ref: https://msdn.microsoft.com/en-us/library/azure/jj154121.aspx

There are two ways to authenticate against Azure Subscription
       - via Management Certificate(explained above)
       - via WAAD

If you want to authenticate to Azure Subscription using WAAD instead of Management Certificate, below blog post has nicely outlined the steps
http://www.bradygaster.com/post/using-windows-azure-active-directory-to-authenticate-the-management-libraries