Tuesday, December 1, 2020

Set Azure App Servie Settings from Azure DevOps Pipeline

 There are instances where you need to set certain values in your Azure App Service Configuration Application Settings. You can do that through your release pipeline in Azure DevOps. 

There is a task available "Azure App Service Settings Task".

Add that task to your pipeline. Select the Azure Subscription, App Service Name, Resource Group and any slot if applicable. 

You need to set the value in the App Settings section. you need to provide the array as below. 

[
{
 "name": "himalkey1",
  "value": "himalvalueabcd",
  "slotSetting": false
},
{
 "name": "himalkey3",
  "value": "$(Variable1)",
   "slotSetting": false
}
]

In the example above, himalkey1 setting will be assigned the hard coded value. While himalkey3 will be assigned the value of Variable1. Variable1 is defined in the variable group.

Similarly, you can also set General settings and Connnection string for the Azure App. 


Posted by at No comments:

Sunday, July 26, 2020

A strongly-named assembly is required.

There are instances when you are try to use a nuget package in  your project and you end up with the error "A strongly-named assembly is required.". 

 This is because you have given strong name to your assembly however the nuget package isn't strongly-named. Some of the nuget package release the strong-named versioned but not all. 

 If you are hit with this road block, you can add a nuget package "StrongNamer". This nuget package will take care of signing the other assemblies. 
Posted by at No comments:

Saturday, July 25, 2020

Build Version Number in Azure DevOps

We migrated from TFS to Azure DevOps and hit with the road block to start the versioning from the same number where it left off in TFS.
Say TFS Last build number is : 1.0.0.91
then I want the next number in Azure to start with 1.0.0.92.

Here is how i cracked it.

Create a variable say V4 and set it's value to $[counter(92)].
and then you can use $(V4) in build version number. This variable is maintained per pipeline. and increment automatically any time a build is made.

There is another issue that you want to reset the 4th build number any time first 3 number changes. So you want your 4th Number relative to the first 3 version numbers.
For example,
your current number is 1.0.0.92
and you increment third number,
1.0.1.X, you don't want your X to be 93 next. you want it to start from 0. and same rule applies anytime you change other build number

Here is how you can change it.
Create 4 variables in build pipeline.
V1 => 1
V2 => 0
V3 => 0
V4 => $[counter(format('{0}.{1}.{2}',variables['V1'],variables['V2'],variables['V3']),0)]

Here V4 is defined as related to V1, V2 and V3. The value of the counter (V4) will be maintained per value of V1, V2 & V3 per pipeline. any time the the value of any V1, V2 & V3 changes, V4 will reset the counter to zero.

This will fix your problem of managing the build number for your builds.


Posted by at No comments:

Monday, May 25, 2020

Code Coverage for Azure DevOps



  1. In your Visual Studio solution, add a unit test project (end of name with Tests).
  2. Reference the Nuget package coverlet.msbuild which will be used as an extension of the dotnet test command used later.
dotnet test --configuration Release /p:CollectCoverage=true /p:CoverletOutputFormat=cobertura /p:CoverletOutput=./TestResults/Coverage/

reportgenerator -reports:.\TestResults\Coverage\coverage.cobertura.xml -targetdir:.\CodeCoverage -reporttypes:HtmlInline_AzurePipelines

  1. In Azure DevOps Pipeline Build, add a task .NET Core to perform unit tests and collect data on code coverage (via coverlet). This task will generate a coverage.cobertura.xml file in your test project folder, in Cobertura format which is supported by Azure DevOps.
    • Commande : Test
    • Path to projet(s) : **/*[Tt]ests/*.csproj
    • Arguments : --configuration $(BuildConfiguration) /p:CollectCoverage=true /p:CoverletOutput=./TestResults/Coverage/ /p:CoverletOutputFormat=cobertura
    • Publish test results and code coverage : checked
  2. Via the Marketplace, add the extension[ReportGenerator] (https://marketplace.visualstudio.com/items?itemName=Palmmedia.reportgenerator) (from Palmmedia) and this task in your Pipeline:
    • Reports : **/coverage.cobertura.xml
    • Target directory : CoverageReport
    • Report types: HtmlInline_AzurePipelines;Cobertura
    This task will generate an HTML report of the coverage code (supported by Azure), in the /CoverageReport folder.
  3. Add a task Publish code coverage results to publish the HTML report in a Coverage tab of the Build Summary.
    • Code coverage tool : Cobertura
    • Summary file : **/coverage.cobertura.xml
    • Report dyrectory : CoverageReport

Exclude Any assembly:
reportgenerator -assemblyfilters:-BuildLibrary -reports:.\TestResults\Coverage\coverage.cobertura.xml -targetdir:.\CodeCoverage -reporttypes:HtmlInline_AzurePipelines

+ to include and - to exclude and Name of the assembly without extension.
File Filter:

reportgenerator -filefilters:-*Reference.cs* -reports:.\TestResults\Coverage\coverage.cobertura.xml -targetdir:.\CodeCoverage -reporttypes:HtmlInline_AzurePipelines

Ref:

Azure DevOps and the Code Coverage


Posted by at No comments:

Wednesday, May 6, 2020

How to set ArrAffinity cookie SameSite attribute to None for Azure App Service with web.config


<system.webServer>
  <rewrite>
    <outboundRules>
      <rule name="Add SameSite Cookie Flag to ArrAffinity cookie" enabled="true">
        <match serverVariable="RESPONSE_Set_Cookie" pattern=".*" />
        <!--pattern="ARRAffinity=.*\/;.*"-->
        <conditions>
          <!-- <add input="{R:0}" pattern="SameSite=(Lax|Strict|None)" ignoreCase="true" negate="true" /> -->
          <add input="{R:0}" pattern="ARRAffinity=(.*)" ignoreCase="true" negate="true" />
          <add input="{HTTP_USER_AGENT}" pattern="Macintosh; Intel Mac OS X 10_14.+Version/.*Safari" ignoreCase="true" negate="true" />
          <add input="{HTTP_USER_AGENT}" pattern="CPU iPhone OS 12" ignoreCase="true" negate="true" />
          <add input="{HTTP_USER_AGENT}" pattern="iPad; CPU OS 12" ignoreCase="true" negate="true" />
        </conditions>
        <action type="Rewrite" value="{HTTP_COOKIE};Path=/;HttpOnly;SameSite=None;secure" />
      </rule>
    </outboundRules>
  </rewrite>
</system.webServer>



Credit to Clover Zhang @Microsoft. 
Posted by at No comments:

Thursday, April 30, 2020

If you get internet not available while running powershell script

You may get error like
WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''.
WARNING: Unable to download the list of available providers. Check your internet connection.
PackageManagement\Get-PackageProvider : Unable to find package provider 'NuGet'. It may not be imported yet. Try 
'Get-PackageProvider -ListAvailable'.

At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7415 char:30
Open Powershell in admin mode and run following command.

 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Posted by at No comments:

Tuesday, April 21, 2020

JSON Variable Substitution in Azure DevOps

for the JSON file with Array,

{
"City"[
{
"Name": "Sydney"
},
"Name": " Melbourne"
]
}

If you want to replace say Sydney with Perth, you need to create the variable Name as

City.0.Name

To access Melbourne,
City.1.Name

Arrays should be accessed using index and should go with . (dot) in the variable name.

I'm using File Transform Task in Azure DevOps.

ref:
JSON variable substitution example

Posted by at No comments:

Wednesday, March 25, 2020

Forcing TLS 1.2 and set Default Protocol for communication to TLS 1.2

In order to force TLS 1.2 on any system, you need to disable following registry changes.  If you don't want to do those changes manually, there is a nice free tool IIS Crypto which can do it for you.

Registry Changes:


HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client



HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server


Create DWORD DisabledByDefault value is 0 and Enabled value is 1, which means that TLS 1.2 is enabled by default.

 You also need to set DisabledByDefault to 1 and Enabled to 0 for following Registry Entries

 
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server



HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server



HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server

If you are doing it through IIS Crypto, select only TLS 1.2 in server and client protocols.



Now, you need to make sure that you set the default communication to TLS 1.2 for any .net managed application.
Set following registry for the same .

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
      "SystemDefaultTlsVersions" = dword:00000001



      "SchUseStrongCrypto" = dword:00000001



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]



      "SystemDefaultTlsVersions" = dword:00000001



      "SchUseStrongCrypto" = dword:00000001


For 64 bit,

[HKLM\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]



      "SystemDefaultTlsVersions" = dword:00000001



      "SchUseStrongCrypto" = dword:00000001



[HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]



      "SystemDefaultTlsVersions" = dword:00000001



      "SchUseStrongCrypto" = dword:00000001


You can also run the following command at elevated command prompt to add SchUseStrongCrypto key.

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 /reg:32

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 /reg:64

Reboot the computer once done. And you are all set.

*.Net framework application build with 4.6.2+ use TLS 1.2 by default for the communication. but other doesn't. So you need to explicitly tell .net framework to use System Default TLS Version.

Please leave comment if you encounter any issue.

Ref:
https://thedynamicsexplorer.com/2019/11/06/dynamics-gp-error-msg-a-fatal-error-occurred-while-creating-an-ssl-client-credential-the-internal-error-state-is-10013-with-the-web-client/

https://docs.microsoft.com/en-us/configmgr/core/plan-design/security/enable-tls-1-2-client

I ran into this issue when one of our report on SQL report server wasn't able to call an API which was only supporting TLS 1.2.
Posted by at No comments:

Sunday, March 15, 2020

New In Azure - Feb 2020


  • Azure Cosmos DB 
    • New Free tier supporting 400 RUs, One per subscription
    • auto pilot mode which increse the RUs to a max threshold set by you when required.
  • Azure VM Updates Configuration
    • Maintenance policy can be set and executed with apply update. 
    • That will apply  all the updates available until that time. 
    • Can be scheduled to run during maintenance. 
    • This is to avoid any intrupption like Freeze/Reboot during updates. 
    • Supported only on dedicated/isolated VMs at the moment.
  • Ultra Disk
    • High IO disk. Supporting 80K IO per second with less than mili second latency
    • Ideal for highly critical application where a second of failure isn't ideal.
    • Only supported over certain types of VMs
  • Private Link
    • Is used to secure your resources so that you don't need to open the internet access on your devices
    • You can enable private link for a resources say storage by assigning it a VNET, which would give the resource the same IP range as VNET and the resource can be acessed privately from a VM or any other resource in that VNET
    • Your storage account in this case can only be accessed from the resource in VNET which would add more security to it. 
  • Azure Data Studio
    • Can be used to connect to SQL
    • provide a nice way to create reports that can be shared easily
    • Platform independent
  • Azure CDN Rules Engine
    • Azure CDN now supports the rules engine. 
    • You can create 2 rules at the moment while its in preview with 5 in GA. 
    • This will move the job of rules evaluation from origin to the edge. 
    • Rules like URL ReWrite / URL Redirect can be cofigured easily. 
    • You can add/edit/delete your own headers before the request hits the origin.
    • Costing Update: No charges for the data transfered from origin to the edge. 
  • Kubernetes API Security
    • now you can apply the ip-policy to your kubernets server so that the API can be accessed only from the allowed ip range. 
    • you can still access the Azure API which controls the Kubernets from any where provided you have necessary rights but your communication to Kubernets API is restricted by the whitelisted IP address. 
Posted by at No comments:

Thursday, February 27, 2020

Getting Azure Function App Cloud Stream in Command Prompt


  1. Get your publish profile and extract your username and password.



  1. Execute in CMD:
    curl -u 'myUserName:password' https://myApp.scm.azurewebsites.net/api/logstream
Additionally:
Can you set new setting SCM_TRACE_LEVEL=4 and after that in the Kudu logs you would get more information. Because usually this is normally related to Network management.

Posted by at No comments:

Sunday, February 16, 2020

Cloud Web App TroubleShooting


  1. Capture a dump on Kudu

  1. The auto heal feature with this you can set up a custom mitigation actions to run when some conditions are met( You can configure what you need). You can find more information about this feature on the following articles and how to collect the memory dump using this feature:


  1. You can capture a dump on the portal you can attached a document on this email with a step by step guide.

  1. For the crash dump that you asked me. You can use the crash diagnose tool and you can find more details on the following articles:
https://docs.microsoft.com/en-us/archive/blogs/asiatech/tips-of-using-crash-diagnoser-on-azure-web-app

https://docs.microsoft.com/en-us/archive/blogs/asiatech/use-crash-diagnoser-site-extension-to-capture-dump-for-intermittent-exception-issues-or-performance-issues-on-azure-web-app

Posted by at No comments:

Tuesday, February 11, 2020

Capture a Network Trace without installing anything (& capture a network trace of a reboot)

Posted by at No comments:

Thursday, January 23, 2020

Check File Permission for App Service Files in Azure


Below is the permissions output of files in the wwwroot directory that I ran with a Powershell command in Kudu site. So if you ever see the issue again and you ensure stdoutLogFile="\\?\%home%\LogFiles\stdout" but still have issues, you may compare your Powershell permissions output of your wwwroot directory to mine to see if they have same access control:

You should use this when your web application isn't starting and giving you the permission error. 

Navigate to your Kudu site (yourApp.scm.azurewebsites.net) --> Debug Console --> PowerShell --> navigate to wwwroot directory





(Run the PS command below to show all files access control and pipe output to avoid PS truncation of the results)

Dir | Get-Acl | Format-List

You can compare your output to mine:
F

PS D:\home\site\wwwroot> Dir | Get-Acl | Format-List
Dir | Get-Acl | Format-List​
Path   : Microsoft.PowerShell.Core\FileSystem::D:\home\site\wwwroot\wwwroot​
Owner  : O:S-1-5-21-2996674325-4160296812-1073090115-501​
Group  : G:S-1-5-21-2996674325-4160296812-1073090115-513​
Access : Everyone Allow  DeleteSubdirectoriesAndFiles, Modify, Synchronize​
         BUILTIN\Administrators Allow  FullControl​
Audit  : ​
Sddl   : O:S-1-5-21-2996674325-4160296812-1073090115-501G:S-1-5-21-2996674325-4​
         160296812-1073090115-513D:AI(A;OICIID;0x1301ff;;;WD)(A;OICIID;FA;;;BA)​
Path   : Microsoft.PowerShell.Core\FileSystem::D:\home\site\wwwroot\appsettings​
         .Development.json​
Owner  : O:S-1-5-21-2996674325-4160296812-1073090115-501​
Group  : G:S-1-5-21-2996674325-4160296812-1073090115-513​
Access : Everyone Allow  DeleteSubdirectoriesAndFiles, Modify, Synchronize​
         BUILTIN\Administrators Allow  FullControl​
Audit  : ​
Sddl   : O:S-1-5-21-2996674325-4160296812-1073090115-501G:S-1-5-21-2996674325-4​
         160296812-1073090115-513D:AI(A;ID;0x1301ff;;;WD)(A;ID;FA;;;BA)​
Path   : Microsoft.PowerShell.Core\FileSystem::D:\home\site\wwwroot\appsettings​
         .json​
Owner  : O:S-1-5-21-2996674325-4160296812-1073090115-501​
Group  : G:S-1-5-21-2996674325-4160296812-1073090115-513​
Access : Everyone Allow  DeleteSubdirectoriesAndFiles, Modify, Synchronize​
         BUILTIN\Administrators Allow  FullControl​
Audit  : ​
Sddl   : O:S-1-5-21-2996674325-4160296812-1073090115-501G:S-1-5-21-2996674325-4​
         160296812-1073090115-513D:AI(A;ID;0x1301ff;;;WD)(A;ID;FA;;;BA)​
Path   : Microsoft.PowerShell.Core\FileSystem::D:\home\site\wwwroot\hostingstar​
         t.html​
Owner  : BUILTIN\Administrators​
Group  : G:S-1-5-21-2996674325-4160296812-1073090115-513​
Access : Everyone Allow  DeleteSubdirectoriesAndFiles, Modify, Synchronize​
         BUILTIN\Administrators Allow  FullControl​
Audit  : ​
Sddl   : O:BAG:S-1-5-21-2996674325-4160296812-1073090115-513D:AI(A;ID;0x1301ff;​
         ;;WD)(A;ID;FA;;;BA)​
Path   : Microsoft.PowerShell.Core\FileSystem::D:\home\site\wwwroot\web.config​
Owner  : O:S-1-5-21-2996674325-4160296812-1073090115-501​
Group  : G:S-1-5-21-2996674325-4160296812-1073090115-513​
Access : Everyone Allow  DeleteSubdirectoriesAndFiles, Modify, Synchronize​
         BUILTIN\Administrators Allow  FullControl​
Audit  : ​
Sddl   : O:S-1-5-21-2996674325-4160296812-1073090115-501G:S-1-5-21-2996674325-4​
         160296812-1073090115-513D:AI(A;ID;0x1301ff;;;WD)(A;ID;FA;;;BA)​
Path   : Microsoft.PowerShell.Core\FileSystem::D:\home\site\wwwroot\WebApplicat​
         ion4.deps.json​
Owner  : O:S-1-5-21-2996674325-4160296812-1073090115-501​
Group  : G:S-1-5-21-2996674325-4160296812-1073090115-513​
Access : Everyone Allow  DeleteSubdirectoriesAndFiles, Modify, Synchronize​
         BUILTIN\Administrators Allow  FullControl​
Audit  : ​
Sddl   : O:S-1-5-21-2996674325-4160296812-1073090115-501G:S-1-5-21-2996674325-4​
         160296812-1073090115-513D:AI(A;ID;0x1301ff;;;WD)(A;ID;FA;;;BA)​
Path   : Microsoft.PowerShell.Core\FileSystem::D:\home\site\wwwroot\WebApplicat​
         ion4.dll​
Owner  : O:S-1-5-21-2996674325-4160296812-1073090115-501​
Group  : G:S-1-5-21-2996674325-4160296812-1073090115-513​
Access : Everyone Allow  DeleteSubdirectoriesAndFiles, Modify, Synchronize​
         BUILTIN\Administrators Allow  FullControl​
Audit  : ​
Sddl   : O:S-1-5-21-2996674325-4160296812-1073090115-501G:S-1-5-21-2996674325-4​
         160296812-1073090115-513D:AI(A;ID;0x1301ff;;;WD)(A;ID;FA;;;BA)​
Path   : Microsoft.PowerShell.Core\FileSystem::D:\home\site\wwwroot\WebApplicat​
         ion4.pdb​
Owner  : O:S-1-5-21-2996674325-4160296812-1073090115-501​
Group  : G:S-1-5-21-2996674325-4160296812-1073090115-513​
Access : Everyone Allow  DeleteSubdirectoriesAndFiles, Modify, Synchronize​
         BUILTIN\Administrators Allow  FullControl​
Audit  : ​
Sddl   : O:S-1-5-21-2996674325-4160296812-1073090115-501G:S-1-5-21-2996674325-4​
         160296812-1073090115-513D:AI(A;ID;0x1301ff;;;WD)(A;ID;FA;;;BA)​
Path   : Microsoft.PowerShell.Core\FileSystem::D:\home\site\wwwroot\WebApplicat​
         ion4.runtimeconfig.json​
Owner  : O:S-1-5-21-2996674325-4160296812-1073090115-501​
Group  : G:S-1-5-21-2996674325-4160296812-1073090115-513​
Access : Everyone Allow  DeleteSubdirectoriesAndFiles, Modify, Synchronize​
         BUILTIN\Administrators Allow  FullControl​
Audit  : ​
Sddl   : O:S-1-5-21-2996674325-4160296812-1073090115-501G:S-1-5-21-2996674325-4​
         160296812-1073090115-513D:AI(A;ID;0x1301ff;;;WD)(A;ID;FA;;;BA)​
Path   : Microsoft.PowerShell.Core\FileSystem::D:\home\site\wwwroot\WebApplicat​
         ion4.Views.dll​
Owner  : O:S-1-5-21-2996674325-4160296812-1073090115-501​
Group  : G:S-1-5-21-2996674325-4160296812-1073090115-513​
Access : Everyone Allow  DeleteSubdirectoriesAndFiles, Modify, Synchronize​
         BUILTIN\Administrators Allow  FullControl​
Audit  : ​
Sddl   : O:S-1-5-21-2996674325-4160296812-1073090115-501G:S-1-5-21-2996674325-4​
         160296812-1073090115-513D:AI(A;ID;0x1301ff;;;WD)(A;ID;FA;;;BA)​
Path   : Microsoft.PowerShell.Core\FileSystem::D:\home\site\wwwroot\WebApplicat​
         ion4.Views.pdb​
Owner  : O:S-1-5-21-2996674325-4160296812-1073090115-501​
Group  : G:S-1-5-21-2996674325-4160296812-1073090115-513​
Access : Everyone Allow  DeleteSubdirectoriesAndFiles, Modify, Synchronize​
         BUILTIN\Administrators Allow  FullControl​
Audit  : ​
Sddl   : O:S-1-5-21-2996674325-4160296812-1073090115-501G:S-1-5-21-2996674325-4​
         160296812-1073090115-513D:AI(A;ID;0x1301ff;;;WD)(A;ID;FA;;;BA)


Posted by at No comments:
Subscribe to: Posts (Atom)