Forum Widgets
Latest Discussions
How to use the newly launched MCP Registry
The newly launched Model Context Protocol (MCP) Registry in preview is as an open catalog for publicly available MCP servers. This is key in providing discoverability of MCP servers and standardization of this process. The Registry serves as a source of truth for MCP Servers and has also published a process for adding MCP servers. The MCP Registry also allows to register public and private sub-registries. This is an interesting addition and bears some semblance to DNS in its design. The public sub-registry can be likened to a MCP marketplace for servers while a private sub-registry would be suitable for enterprises with stricter privacy and security requirements. Accessing Data The Registry data can be accessed through the API provided. No authentication is required for read only access. The base URL is https://registry.modelcontextprotocol.io GET /v0/servers - List all servers with pagination GET /v0/servers/{id} - Get full server details including packages and configuration For instance, the following curl query can be used to get the list of servers curl --request GET \ --url https://registry.modelcontextprotocol.io/v0/servers \ --header 'Accept: application/json, application/problem+json' The details on usage is in the github link here Publishing Servers This requires authentication and the client package to be installed After installing the mcp-publisher client, the server.json file has be populated with the MCP server details to be added. Authentication can be done using github or DNS verification. The last step is to publish the server. The github link here has the complete set of steps for adding servers. More details can be found in the link here.ArunaChakkiralaSep 10, 2025Microsoft96Views0likes0CommentsImplementing Zero-Trust Network Security for Azure Web Apps Using Private Endpoints
Author: Sai Min Thu Date: 7.9.2025 Lab Objective: To demonstrate how to completely remove public internet access from an Azure App Service Web App and secure it within a private virtual network using Private Endpoints, adhering to a zero-trust network model. In today's threat landscape, the principle of "never trust, always verify" is paramount. While Azure Web Apps are publicly accessible by default, many enterprise scenarios require workloads to be isolated from the public internet to meet strict compliance and security requirements. This guide provides a step-by-step walkthrough of configuring an Azure Web App to be accessible only through a private network connection via an Azure Private Endpoint. We will: Establish a foundational resource group and virtual network. Deploy a basic web application. Implement core security controls by creating a Private Endpoint and integrating with Private DNS. Enforce network isolation by applying access restrictions. Validate the security configuration. Documents Details: https://docs.google.com/document/d/1ci17PsPCILbP8JVZMMLkjAolHK3pomgT-RE76InEkqA/edit?usp=sharingSaiMinThuSep 07, 2025Copper Contributor24Views0likes0CommentsWhat's the secret sauce for getting Functions API to work with static web site?
I'm brand new, got my first Azure static web site up and running so that's good! Now I need to create some images in code and that's fighting me tooth and nail. The code to generate the image looks like this: using Microsoft.Azure.Functions.Worker; using Microsoft.Azure.Functions.Worker.Http; using Microsoft.Extensions.Logging; using SkiaSharp; using System.Diagnostics; using System.IO; using System.Net; namespace Api { public class GenerateImage { private readonly ILogger _logger; public GenerateImage(ILoggerFactory loggerFactory) { Debug.WriteLine($"GenerateImage.GenerateImage()"); _logger = loggerFactory.CreateLogger<GenerateImage>(); } // http://localhost:7071/api/image/124 works [Function("GenerateImage")] public HttpResponseData Run( [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "image/{id}")] HttpRequestData req, string id) { int width = 200, height = 100; Debug.WriteLine($"GenerateImage.Run() [id={id}]"); using var bitmap = new SKBitmap(width, height); using var canvas = new SKCanvas(bitmap); canvas.Clear(SKColors.LightBlue); var paint = new SKPaint { Color = SKColors.Black, TextSize = 24, IsAntialias = true }; canvas.DrawText($"ID: {id}", 10, 50, paint); using var ms = new MemoryStream(); bitmap.Encode(ms, SKEncodedImageFormat.Png, 100); ms.Position = 0; var response = req.CreateResponse(HttpStatusCode.OK); response.Headers.Add("Content-Type", "image/png"); response.Headers.Add("Cache-Control", "public, max-age=86400"); // 1 day // response.Body = ms; ms.CopyTo(response.Body); return response; } } } and if I navigate to http://localhost:7071/api/image/124 (for example) it happily generates an image with the number 124 in it. But if I add the HTML tag <img src="/api/image/123" alt="Generated Image"> to one of my other web pages, it says there's no such page. Apparently this is because my web pages are coming from my web site and it's at https://localhost:7154 and it doesn't know how to contact the Functions API. My staticwebapp.config.json looks like this: { "routes": [ { "route": "/api/*", "allowedRoles": [ "anonymous" ] } ], "navigationFallback": { "rewrite": "/index.html", "exclude": [ "/api/*" ] } } What am I missing?fcc_archivistAug 28, 2025Copper Contributor30Views0likes1CommentHow do I sign out of my OIDC Entra ID Application?
We have an application protected with Entra ID using ODIC. To sign into our application or SPA goes through a series of redirects before getting a JWT and refresh token at the end of the Entra ID OIDC authentication flow. All of that works great. When a user is done with our application, we want them to be able to sign out of our application. In our mind, that means invalidating the `refresh_token` they received when signing in. We're not seeing an OAuth endpoint to do that. Given the default lifetime for the refresh_token, I'd rather not simply ignore/discard it as it could be used to generate a new JWT (however unlikely). I am posting this on here after searching the web for several hours. All I am able to find on the web is single sign-out (SLO), which would sign my user out of all of Office 365 when they sign out of our application. That is not what I want. How do I invalidate the user's `refresh_token`? Is there a "revoke" endpoint in Entra ID? If not, then what other options do we have?TimothyJul 22, 2025Copper Contributor90Views0likes1CommentAuthentication deadlock
I got a Microsoft 365 developer account and a sandbox as well. Many months ago it asked me to configure 2FA which I did using Microsoft Authenticator app on Android. I also had other 2FA setup on the same device for some work accounts. Later, somehow my sandbox account got deleted or overwritten from the authenticator app on my phone. I haven't been able to login to my Office 365 sandbox ever since. Ever flow I try asks me to use the authenticator on application. But the problem is that access to authenticator for 2FA was lost due to an app error. Our company's IT department said they can't do anything about it. I tried to delete the profile but when I created it Microsoft gave back the same sandbox which was already not working. My employer spends a good deal of money on Microsoft and it's very upsetting to get such a treatment from Microsoft. This account is needed for my office work. Help appreciated.Naeem-MJul 11, 2025Copper Contributor239Views0likes6CommentsCan't access http context user claims in Azure Function
Background: Create an Azure Function (.NET Core & C#) that will be consumed in a SPO App. We created an Entra App Registration for the Azure Function and added App Roles for this App Registration where the App Role is using “Users/Group”, but not “Application”. Issue: In the SPO App (deployed in SPO Page), we can see the user claim and App Registration’s - App Role in the context of the user that’s hitting the SPO Page (thru Authorization header), however, in the Azure Function code the req.HttpContext.User.Claims object is empty. So what is required or missing from a configuration perspective either in the Azure Function or App Registration to make this work?Joe BotelhoJun 18, 2025Copper Contributor116Views0likes1CommentLogicApps for AZURE VM with SharePoint farm
Hello I was wondering if it is possible to access with LogicApps a SharePoint farm in a AZURE VM. I am a developer and like to use my MSDN Subscription to access Logic Apps for using SharePoint test environment on a VM in AZURE. If it is possible, how I can do that, what are the steps, like: (1) App Registration (2) Configure an endpoint to VM and SharePoint (3) etc... Thanks in advance for any suggestion or help. Kind regards MichaelMikel2024Jun 02, 2025Copper Contributor85Views0likes2CommentsAzure Function App Http Javascript render simple html file to replicate jsrsasign sign certificate
Good day, Please Help. 1. In PowerBI im trying to render the javascript sign certificate of jsrsasign, i only got it working via an html file. So im trying to read the html file, simple hello to start of with. Am i better going directly to do the jsrsasign? 2. Locally on VS i got the simple function to return Hello Azure, but trying to read the simple html file executes no error but if i copy in postman i just get a 401 no content found, im not sure how further to debug as in VS i get Ok status, Nothing in Console? Anybody have an example or links plz? const { app } = require('@azure/functions'); const fs = require('fs'); const path = require('path'); app.http('IC5', { methods: ['GET', 'POST'], authLevel: 'anonymous', handler: async (request, context) => { context.log(`Http function processed request for url "${request.url}"`); // const name = request.query.get('name') || await request.text() || 'world'; // return { body: `Hello, ${name}!` }; //var res = { //body: "", //headers: { //"Content-Type": "text/html" //} //}; // readFile = require('../SharedCode/readFile.js'); //filepath = __dirname + '/test3.html'; //fs = require('fs'); //await fs.readFile(filepath,function(error,content){ fs.readFile(path.resolve('./test3.html'), 'UTF-8', (err, htmlContent) => { context.res = { status: 200, headers: { 'Content-Type': 'text/html' }, body: htmlContent } }) // if (request.query.name || (request.body && request.body.name)) { // res.body = "<h1>Hello " + (request.query.name || request.body.name) + "</h1>"; //} else { //fs.readFile(path.resolve(__dirname,'test3.html'), 'UTF-8', (err, htmlContent) => { //res.body= htmlContent; //context.res = res; //}); // } } }); //TEST IN POSTMAN: http://localhost:7071/api/IC5?name=hurryicassiemMay 31, 2025Copper Contributor400Views0likes1CommentEntra External Identities - Sign In with LinkedIn using OpenID Connect error
Hi there, I would like to add LinkedIn as an identity provider in my Entra External Identities tenant. We have proceeded according to the following instructions (https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin-v2) and used the LinkedIn Well-Known Config Endpoint (https://www.linkedin.com/oauth/.well-known/openid-configuration). When saving the configuration I get the following error message in the EntraId portal: Custom OIDC well-known endpoint validation error: Error when deserializing response Required property 'token_endpoint_auth_methods_supported' not found in JSON. Path '', line 12, position 1. In the JSON provided by the LinkedIn Well-Known Config Endpoint the field 'token_endpoint_auth_methods_supported' is missing. However, according to the OpenId Connect specification, the field is optional. Currently I cannot add LinkedIn as an identity provider via OIDC in EntraID. Has anyone here already solved a similar problem? Thanks!SolvedBerndV91May 29, 2025Copper Contributor302Views1like3CommentsContainer App - Dapr - Service Bus
Our app is running as Dapr enabled Container App in an Container Apps Environment using Dapr pubsub component for Service Bus messages. Our Service Bus is on the Standard plan without VNET integration. The built in Service Bus Firewall does not support ipv6 it just support ipv4, but the daprd sidecar try to access it over ipv6 and get "connection denied". I have tried to set DAPR_DISABLE_IPV6=true and DAPR_INET=4 environment variables in my container because Windsurf suggested it, but it does not help. Is there a way to force ipv4 for Dapr in Container Apps Environment? Or any other solution for our problem? Without setting "allow all networks" or changing to Premium tier for the Service Bus.SolvedjhbMay 16, 2025Copper Contributor111Views1like3Comments
Resources
Tags
- web apps77 Topics
- AMA47 Topics
- azure functions40 Topics
- Desktop Apps11 Topics
- mobile apps9 Topics
- azure kubernetes service3 Topics
- community2 Topics
- azure1 Topic
- Azure Data Explorer AMA1 Topic
- Azure SignalR Service1 Topic