Forum Widgets
Latest Discussions
How to use the newly launched MCP Registry
The newly launched Model Context Protocol (MCP) Registry in preview is as an open catalog for publicly available MCP servers. This is key in providing discoverability of MCP servers and standardization of this process. The Registry serves as a source of truth for MCP Servers and has also published a process for adding MCP servers. The MCP Registry also allows to register public and private sub-registries. This is an interesting addition and bears some semblance to DNS in its design. The public sub-registry can be likened to a MCP marketplace for servers while a private sub-registry would be suitable for enterprises with stricter privacy and security requirements. Accessing Data The Registry data can be accessed through the API provided. No authentication is required for read only access. The base URL is https://registry.modelcontextprotocol.io GET /v0/servers - List all servers with pagination GET /v0/servers/{id} - Get full server details including packages and configuration For instance, the following curl query can be used to get the list of servers curl --request GET \ --url https://registry.modelcontextprotocol.io/v0/servers \ --header 'Accept: application/json, application/problem+json' The details on usage is in the github link here Publishing Servers This requires authentication and the client package to be installed After installing the mcp-publisher client, the server.json file has be populated with the MCP server details to be added. Authentication can be done using github or DNS verification. The last step is to publish the server. The github link here has the complete set of steps for adding servers. More details can be found in the link here.Implementing Zero-Trust Network Security for Azure Web Apps Using Private Endpoints
Author: Sai Min Thu Date: 7.9.2025 Lab Objective: To demonstrate how to completely remove public internet access from an Azure App Service Web App and secure it within a private virtual network using Private Endpoints, adhering to a zero-trust network model. In today's threat landscape, the principle of "never trust, always verify" is paramount. While Azure Web Apps are publicly accessible by default, many enterprise scenarios require workloads to be isolated from the public internet to meet strict compliance and security requirements. This guide provides a step-by-step walkthrough of configuring an Azure Web App to be accessible only through a private network connection via an Azure Private Endpoint. We will: Establish a foundational resource group and virtual network. Deploy a basic web application. Implement core security controls by creating a Private Endpoint and integrating with Private DNS. Enforce network isolation by applying access restrictions. Validate the security configuration. Documents Details: https://docs.google.com/document/d/1ci17PsPCILbP8JVZMMLkjAolHK3pomgT-RE76InEkqA/edit?usp=sharing
What's the secret sauce for getting Functions API to work with static web site?
I'm brand new, got my first Azure static web site up and running so that's good! Now I need to create some images in code and that's fighting me tooth and nail. The code to generate the image looks like this: using Microsoft.Azure.Functions.Worker; using Microsoft.Azure.Functions.Worker.Http; using Microsoft.Extensions.Logging; using SkiaSharp; using System.Diagnostics; using System.IO; using System.Net; namespace Api { public class GenerateImage { private readonly ILogger _logger; public GenerateImage(ILoggerFactory loggerFactory) { Debug.WriteLine($"GenerateImage.GenerateImage()"); _logger = loggerFactory.CreateLogger<GenerateImage>(); } // http://localhost:7071/api/image/124 works [Function("GenerateImage")] public HttpResponseData Run( [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "image/{id}")] HttpRequestData req, string id) { int width = 200, height = 100; Debug.WriteLine($"GenerateImage.Run() [id={id}]"); using var bitmap = new SKBitmap(width, height); using var canvas = new SKCanvas(bitmap); canvas.Clear(SKColors.LightBlue); var paint = new SKPaint { Color = SKColors.Black, TextSize = 24, IsAntialias = true }; canvas.DrawText($"ID: {id}", 10, 50, paint); using var ms = new MemoryStream(); bitmap.Encode(ms, SKEncodedImageFormat.Png, 100); ms.Position = 0; var response = req.CreateResponse(HttpStatusCode.OK); response.Headers.Add("Content-Type", "image/png"); response.Headers.Add("Cache-Control", "public, max-age=86400"); // 1 day // response.Body = ms; ms.CopyTo(response.Body); return response; } } } and if I navigate to http://localhost:7071/api/image/124 (for example) it happily generates an image with the number 124 in it. But if I add the HTML tag <img src="/api/image/123" alt="Generated Image"> to one of my other web pages, it says there's no such page. Apparently this is because my web pages are coming from my web site and it's at https://localhost:7154 and it doesn't know how to contact the Functions API. My staticwebapp.config.json looks like this: { "routes": [ { "route": "/api/*", "allowedRoles": [ "anonymous" ] } ], "navigationFallback": { "rewrite": "/index.html", "exclude": [ "/api/*" ] } } What am I missing?How do I sign out of my OIDC Entra ID Application?
We have an application protected with Entra ID using ODIC. To sign into our application or SPA goes through a series of redirects before getting a JWT and refresh token at the end of the Entra ID OIDC authentication flow. All of that works great. When a user is done with our application, we want them to be able to sign out of our application. In our mind, that means invalidating the `refresh_token` they received when signing in. We're not seeing an OAuth endpoint to do that. Given the default lifetime for the refresh_token, I'd rather not simply ignore/discard it as it could be used to generate a new JWT (however unlikely). I am posting this on here after searching the web for several hours. All I am able to find on the web is single sign-out (SLO), which would sign my user out of all of Office 365 when they sign out of our application. That is not what I want. How do I invalidate the user's `refresh_token`? Is there a "revoke" endpoint in Entra ID? If not, then what other options do we have?Authentication deadlock
I got a Microsoft 365 developer account and a sandbox as well. Many months ago it asked me to configure 2FA which I did using Microsoft Authenticator app on Android. I also had other 2FA setup on the same device for some work accounts. Later, somehow my sandbox account got deleted or overwritten from the authenticator app on my phone. I haven't been able to login to my Office 365 sandbox ever since. Ever flow I try asks me to use the authenticator on application. But the problem is that access to authenticator for 2FA was lost due to an app error. Our company's IT department said they can't do anything about it. I tried to delete the profile but when I created it Microsoft gave back the same sandbox which was already not working. My employer spends a good deal of money on Microsoft and it's very upsetting to get such a treatment from Microsoft. This account is needed for my office work. Help appreciated.Can't access http context user claims in Azure Function
Background: Create an Azure Function (.NET Core & C#) that will be consumed in a SPO App. We created an Entra App Registration for the Azure Function and added App Roles for this App Registration where the App Role is using “Users/Group”, but not “Application”. Issue: In the SPO App (deployed in SPO Page), we can see the user claim and App Registration’s - App Role in the context of the user that’s hitting the SPO Page (thru Authorization header), however, in the Azure Function code the req.HttpContext.User.Claims object is empty. So what is required or missing from a configuration perspective either in the Azure Function or App Registration to make this work?LogicApps for AZURE VM with SharePoint farm
Hello I was wondering if it is possible to access with LogicApps a SharePoint farm in a AZURE VM. I am a developer and like to use my MSDN Subscription to access Logic Apps for using SharePoint test environment on a VM in AZURE. If it is possible, how I can do that, what are the steps, like: (1) App Registration (2) Configure an endpoint to VM and SharePoint (3) etc... Thanks in advance for any suggestion or help. Kind regards Michael
Azure Function App Http Javascript render simple html file to replicate jsrsasign sign certificate
Good day, Please Help. 1. In PowerBI im trying to render the javascript sign certificate of jsrsasign, i only got it working via an html file. So im trying to read the html file, simple hello to start of with. Am i better going directly to do the jsrsasign? 2. Locally on VS i got the simple function to return Hello Azure, but trying to read the simple html file executes no error but if i copy in postman i just get a 401 no content found, im not sure how further to debug as in VS i get Ok status, Nothing in Console? Anybody have an example or links plz? const { app } = require('@azure/functions'); const fs = require('fs'); const path = require('path'); app.http('IC5', { methods: ['GET', 'POST'], authLevel: 'anonymous', handler: async (request, context) => { context.log(`Http function processed request for url "${request.url}"`); // const name = request.query.get('name') || await request.text() || 'world'; // return { body: `Hello, ${name}!` }; //var res = { //body: "", //headers: { //"Content-Type": "text/html" //} //}; // readFile = require('../SharedCode/readFile.js'); //filepath = __dirname + '/test3.html'; //fs = require('fs'); //await fs.readFile(filepath,function(error,content){ fs.readFile(path.resolve('./test3.html'), 'UTF-8', (err, htmlContent) => { context.res = { status: 200, headers: { 'Content-Type': 'text/html' }, body: htmlContent } }) // if (request.query.name || (request.body && request.body.name)) { // res.body = "<h1>Hello " + (request.query.name || request.body.name) + "</h1>"; //} else { //fs.readFile(path.resolve(__dirname,'test3.html'), 'UTF-8', (err, htmlContent) => { //res.body= htmlContent; //context.res = res; //}); // } } }); //TEST IN POSTMAN: http://localhost:7071/api/IC5?name=hurry
