I have some domain names that I use for testing out Azure features, write some blogs and other fun stuff. I find myself needing, wanting to use HTTPS and using the instructions I wrote some time ago, see below, to create the certificate is long and tedious. I had an epiphany which lead me to […]
Read More →Category: Security
Set or change an Azure App Service file or folder permission
I was using FileZilla to try to change the file permissions and I got this error: Status: Setting permissions of ‘/site/wwwroot/index.html’ to ‘644’ Command: SITE CHMOD 644 index.html Response: 500 ‘SITE’: command not understood Status: Setting permissions of ‘/site/wwwroot/index.html’ to ‘755’ Command: SITE CHMOD 755 index.html Response: 500 ‘SITE’: command not understood Then I started […]
Read More →Machine Keys on an Azure App Service, machineKey multiple instances Azure
When you run an ASP.NET application on multiple instances of an App Service Plan (ASP) you do not need to worry about machineKeys as the App Service Platform will use the same one across all your instances and therefore will not need to make any changes to your application. I found this sample code and […]
Read More →How (I) configured Azure Active Directory into my ASP.NET MVC OWIN web application
Before I get started, keep in mind, that I am not a security expert, if you want to enable security for your Azure App Service Web App I recommend using EasyAuth as described here, so much easier, IMO. You likely get some benefits from the ‘Change Authentication’ features of: No Authentication Individual User Accounts Work […]
Read More →Scan your App Service for vulnerabilities
A recent feature deployed for App Services (Web App, Mobile App, API App or Logic App) is a tool that can scan your App Service for vulnerabilities, announced here. Once you have signed up, you will see a link to your management console similar to that shown in Figure 1. Figure 1, check your App […]
Read More →Add an SSL certificate to an Azure Web App (CRT and P7B)
I was following these instructions here using CERTREQ to create my certificate request, and everything worked fine up to step 6. In step 6 is states that I should have a CER file. I wrote some articles about creating a certificate here and here, where there is a CER file created, however, when I downloaded […]
Read More →Using TLS 1.2 with WCF
NOTE: Security is a very serious topic and you should always engage an IT security expert before deploying an application that needs to be secure. This article is intended to share my experience versus being an article to use as a guideline. With all the news about the different vulnerabilities like heartbleed and poodle, developers […]
Read More →Renew an IIS 7, IIS 7.5, IIS 8.0 or IIS 8.5 … SSL Certificate (PKCS #10 vs. PKCS #7)
I will confess to not being a security expert. So this article is not about how the process works, instead about a change that I had a hard time finding when working with a customer some months ago. Security is serious business, so I like to leave those kinds of things to the experts and […]
Read More →Configure Application Request Routing (ARR) with Client Certificates
The kind of Client Certificate I use most is stored electronically on a chip located on the back of my id badge. There is a card reader in my PC that can access these certificates, which are protected by a pin and requested when I attempt to access a web site that is configured to […]
Read More →HTTP 404 after installing an SSL Certificate
I was configuring an SSL certificate and once complete, when I attempted to access the website using https://localhost I started receiving a 404 error as shown in Figure 1. Figure 1, 404 HTTP Status after installing an SSL Certificate I tried some shots at troubleshooting the issue using Failed Request Tracing and LogParser to view […]
Read More →