Exploring .NET WebAssembly with WASI

Overview WebAssembly (Wasm) is something that the Cloud Native Advocacy team has been exploring. It has been around for a few years and has mostly been used within browser-based applications. There are many blog posts on what makes WebAssembly an ideal target for running applications (e.g., smaller footprint with .wasm files compared to containers, code isolation, and sandboxing). My colleague Steven Murawski wrote a blog series on getting started with hosting Wasm apps on an emerging PaaS platform called Hippo which is developed by folks at Fermyon. Continue reading

Extending Visual Studio Code Dev Container Features

UPDATE: The dev-container-features-template repo referenced in this post has been archived. Please see my new post here or visit containers.dev for the latest on this topic. Have you ever wanted to try an Azure CLI extension without having to install the extension yourself on your local machine? VSCode Dev Containers may be a good option. What is a Dev Container? Visual Studio Code has an extension called Remote - Containers. Continue reading

Azure AD B2C logouts and redirection URLs

Background I’ve been helping a client build a customer-facing NodeJS web application which leveraged Azure AD B2C as its identity provider. Things were going well with the development and Azure AD B2C served them really well. It’s cost-effective and gives them all the controls and security features they’ve come to expect with Azure AD (the non-B2C version). As any responsible company, they run penetration tests on the application prior to releasing to production and they identified one item that can pose as a security threat. Continue reading

Run Terraform With Azure Pipelines

This repo will walk you through an approach to provisioning Azure resources using Terraform code stored in a Git repo and leverage Azure Pipelines (YAML-based) to deploy to dev, test, and prod environments (all in different subscriptions) with approval gates in front of test and prod environments. Prerequisites Azure Subscription If you don’t have Azure, go sign up for a free account and come back. Azure DevOps If you do not already have an Azure DevOps organization, follow these instructions to create one. Continue reading

Run Your Pipelines in Azure Container Instance

Background Microsoft-hosted Azure Pipeline agent run in the public space; therefore, they can only deploy to environments that are publicly accessible. Some organizations may need to deploy to target environments that are only accessible within private space (e.g., inside a Azure Virtual Network). When the target environment is not publicly accessible, deploying self-hosted pipelines agents are a common solution. Organizations can self-host Azure Pipeline agents on Linux, macOS, or Windows (physical or virtual machines) or Azure Virtual Machine Scale Sets; however, this may introduce unwanted overhead in having to patch and maintain these machines. Continue reading

Validating Azure AD B2C Tokens

I recently ran into an issue where I needed to help a customer validate an Azure AD B2C JWT access token. We tend to take JWT tokens for granted and sometimes forget that they should be validated by the application. I thought this was going to be pretty straight-forward to solve since Azure AD B2C is effectively Azure AD under the hood. I was wrong. I initially thought browsing to the OIDC metadata endpoint would reveal the info I needed to validate the signature of the JWT but finding the endpoint was my first challenge. Continue reading

Getting Started With Terraform on Azure

Check out the official Get Started - Azure tutorial here Terraform basics Download and Install Download terraform from https://www.terraform.io/downloads.html Extract the executable and add the folder to your PATH variable Open a shell and type terraform version The basic commands we’ll use are: terraform init terraform plan terraform apply terraform destroy I advise you to use the terraform fmt command often to ensure your scripts well formatted according to HashiCorp’s style conventions Continue reading