Azure Functions Access to Restricted Storage Accounts
With requirements for additional security, many customers have started enforcing network restrictions on their Azure storage accounts. This in turn can cause major issues with Azure Functions without the proper configuration, as Azure functions rely heavily on Azure storage for functionality. Background Azure storage There are two core concepts for Azure Functions related to Azure…
Troubleshooting Azure Functions
Troubleshooting Azure Function issues related to the host runtime can sometimes be cumbersome. Having worked in support for a number of years I’ve learned a couple useful tricks. Before we start understanding the behavior of each trigger type is very important. Here’s a previous blog that I use on a daily basis as my cheat…
Update ASE Cluster Settings without Azure Resource Explorer
Often customers using App Service Environment want to apply additional security features such as disabling TLS 1.0/1.1 or remove certain ciphers. In Azure Public you can use https://resources.azure.com to perform these actions. If you are working in any non-Azure Commercial clouds the existence of Azure Resource Explorer is not available. Here’s another programmatic method to…
Connecting to App Service’s Kudu endpoint programmatically
I recently worked on a case where a customer wanted to programmatically connect to Kudu. I’m not well versed in XML parsing (which Azure Powershell pulls for the publish profile) so I went the route of using the Azure CLI’s az rest command to pull the JSON publish profile and extracting the username and password.
TomEE with Azure Web Apps
I’m prefacing this that I am by no means a Java Developer or have a desire to become one :). This was a case related to configuring TomEE with Azure web apps. With IIS the httpPlatformHandler dynamically assigns a port to the process its communicating with (PHP, Nodejs, DotnetCore, Java, ect). Because of this the…
PreemptSdk with Application Insights and an App Service
I wasn’t able to find any documentation on this setting so PreemptSdk I figured I’d write a quick post on it. This setting when set to 1 will ignore the SDK that’s added as a NuGet package in the application deployed as an Azure Web App and fall back to the extension that’s built into…
Azure Government Private Link Endpoints
Azure SQL privatelink.database.usgovcloudapi.net Azure Automation privatelink.azure-automation.net Azure Table privatelink.table.core.usgovcloudapi.net Azure Blob privatelink.blob.core.usgovcloudapi.net Azure Files privatelink.file.core.usgovcloudapi.net DFS Storage privatelink.dfs.core.usgovcloudapi.net App Config privatelink.azconfig.azure.us Cosmos privatelink.documents.azure.us Servicebus privatelink.servicebus.usgovcloudapi.net Key Vault privatelink.vaultcore.usgovcloudapi.net Data Factory privatelink.datafactory.azure.us EventHub (same as SB) privatelink.servicebus.usgovcloudapi.net Eventgrid privatelink.eventgrid.azure.us Azure Backup (requires storage endpoints as well) privatelink.ugv.backup.windowsazure.us Site Recovery privatelink.siterecovery.windowsazure.us Azure Search privatelink.search.azure.us
Azure Web App/Function App Authentication and Authorization References
Here’s a dump of authentication related articles and blogs for Authentication and Authorization formerly known as Easy Auth. Note its always good to read through the comments of the blogs and forum post to get helpful tidbits you may have otherwise missed. If you find another article please feel free to leave a comment and…
Accessing Graph API with an Azure Function through Impersonation
Azure functions allow developers to focus on business logic. With the addition of the built in Authentication and Authorization feature a simple application can be developed that pulls specific information about a logged in user from graph API without having to write any code that requests access tokens on behalf of the user. Background The…
Application Initialization with Azure Functions
TL/DR You can warm up a function app using an applicationhost.config transform with an appliationhost.xdt. This ONLY works with Windows as application initialization is a concept built into IIS. I’m not aware of the same feature set available in Linux. Skip to the config section for the transformation setup. Background A couple months ago I…
