Friday, 16 March 2018

Azure Key Vault, Managing Secrets with AAD

Azure Key vault is a cryptographic key management service based on FIPS-validated Hardware security modules (HSMs). This service is a public Azure service that will, over time, be the trust root for important Microsoft first party services, for third party services seeking to offer higher assurances, and for your own custom line of business (LOB) Azure-hosted applications. It offers an Azure Key Vault service, a SQL Server Connector, and an Cloudlink SecureVM.

The interaction with Azure Key Vault can be done in many ways, from masterkey, powershell, .NET, RESTful api, Java etc.

In the following post I am going to do an end to end of how to create a "Secret" in Azure Key Vault, and retrieve it from the console.

Step 1 - Create a Vault for your keys and secret in Azure

Step 2 - Create the Secret (some kind of connection string or key from a provider), I called it HMAC

Step 3 - Probably the hardest, find all the bits and pieces to retrieve the secret. It happens that in orger to get the "Secret" from Azure Key Vault, you need authentication, this is provided by Azure Active Directory. So the next step will be to register our application (the one will be using Azure Key Vault). So lets go for it:
Azure Active Directory-> App Registrations -> New application registration

Step 4 - It is time to get the Application ID, also called ClientID (For security reasons some info has been removed, but as long you have your ClientID, all will be fine)

Step 5 -The next thing we need is the ClientSecret. Go to Settings->Keys. Put a name in the key and duration. A new key will be generated automatically. That is your ClientSecret !

Step 6 - We almost there with Azure. We have just need to tell Key Vault to give access to ur application from  Azure Active Directory so it can access to the keys.
Home->Your Key Vault->Access Policies

Step 7 - In our application in Azure Active Directory will have to allow Azure Key Vault to access to it. We will go to Azure Active Directory->App registrations-> [Our App Name] -> Settings -> Required Permissions-> Add -> Select API -> Azure Key Vault

Step 8- Delegate permissions to the service.

Step 9 - A JSON file needs to be created for "MasterKey" (the program in charge of retrieving the secret) See below. Save it as azuresecret.json in the folder C:\usr\local\.masterkey\ .

Replace your ClientID for mine
Replace your ClientSecret for mine

    "clientSecret": "JTqMWnQPOncAAOc11x52oIAlHYp71iCajba5lXSAAok=",
    "vaultUri": ""

Step 10 - Install MasterKey:

Step 11 - Execute the file with your key vauly url, this should be the result:

This is a proof of concept will help you to not just understand how Azure Key Vault works behind the scenes, but also to check if the configuration is right.

Thursday, 12 January 2017

Continuous Code Quality with .NET, Sonarqube and Docker

Coming back to the devops world, we have realised that there is a platform is becoming very successful in the Java stack, called Sonarqube. Luckly for .NET developers, Microsoft have decided to lend some of the Microsoft developers to improve the C# side of Sonarqube.

Sonarqube is a product based in a MySql database and a set of rules. This product is free, so if you are a dev I will reconsider to install it in your machine. You will learn good practices, and will have a second opinion of your code. On the top of this, you can develop propel productive code.

We have seen few articles about setting up Sonarqube in Windows for C# but to be honest, we have decided to follow our own way, so instead of installing an Apache server + MySql and all the programs needed, we will be creating an instance of a Docker Sonarqube image. What are the advantages? well, we can spin our own machine whenever we want, and have a configured instance we can carry with us.

So how are we going to do it? To have a different approach than my previous article, we are going to use Kitematic , it is some kind of nice UI for Docker. We assume you have installed Docker for Windows already, so no download Kitematic and install it.

Skip the login and open the program. Go to search and type sonarqube. A list of images should come up, select the official one (the first one)


Click in create. It will create an instance of SonarQube, and it will give you an address to access to SonarQube in this case is localhost:32769, bear in mind that SonarQube runs in port 9000 but 9000 in the Docker instance is binded to your local 32769:


If the last line looks like this, that means you have SonarQube running


Now you can go to your browser and type http://localhost:32769, click in Login and enter as user admin and password admin


Now let’s go to create a small windows forms project called MyProject1. We will save it on C:\work\MyProject1\MyProject1\ . The folder content will look like this


Time to install the client, Sonar Scanner, which will send our project to SonarQube (it will take one min). Download and unzip the SonarQube Scanner (let's say in "C:\sonar-scanner"). Go “"to “This PC in Windows 10->Right click->Properties” and add in the Environmental Variables area a new Path “C:\sonar-scaner”


Then we are going to tell Sonar Scanner where our project lives, so it can analysed it. Open a file called which lives on C:\sonar-scanner\conf

Edit the file, and add few lines (see below) should look like this after adding the lines:

#Configure here general information about the environment, such as SonarQube DB details for example
#No information about specific project should appear here

#----- Default SonarQube server

#----- Default source code encoding

#----- Global database settings (not used for SonarQube 5.2+)

#----- PostgreSQL

#----- MySQL

#----- Oracle

#----- Microsoft SQLServer

PROJECT_HOME = C:\work\MyProject1\MyProject1\



Save the file and open CMD with “Run as Administrator”, then navigate to your project folder C:\work\MyProject1\MyProject1\ and type sonar-scanner


And you should get something like this


Let’s go to check the project, go to http://localhost:32769 and navigate to “Projects->explore projects->Click in MyProject1” you should get a screen like this (I have added a condition for the comments, so it fails):

Wednesday, 11 January 2017

Publishing a ASP.NET MVC Site or WebApi to a Docker Machine locally in Windows on Windows Server.

It happens sometimes you will want to develop a single project application. One of those, proof of concepts you do to learn new stuff. The problem comes when you have to stop doing Micky Mouse applications and move to a different world where environments and continuous integration becomes the core of the development.

This is where a new position has risen to help the devs, they are called the DevOps. The issue with DevOps, it is sometimes they have too much work to to, so they can be solving your own problems. Especially if you are doing continuous integration in Azure or Amazon AWS.

This is where Docker becomes a big player, we have a tool it is sophisticated enough to do the job, and it is simple enough to be used by devs. Docker comes from the Java and Linux world, so I thought it will be interesting to try to create a Docker image to run .NET stuff.

So step by step…. the first step will be to create a MVC or WebApi application, ASP.NET 4 or ASP.NET Core whatever you prefer.


Step 2: Right click in your project (in my case web) –> Publish…

Step 3: Click on custom and enter DockerDeployment and click OK



Step 4: In the Publish method with the drop down list select File System and in target location, select c:/docker



Step 5: Click Next->select release->select Publish



Step 6: It is time to play with Docker. Install Docker (the beta version) 
and right click on the task bar, then select “Switch to Windows containers…”



Step 7: Create a file called “Dockerfile” in c:\docker and paste this (see below). This code will get the code from your deployment and will put it in the image microsoft/aspnet copying the data to the root folder

FROM microsoft/aspnet

WORKDIR /inetpub/wwwroot
COPY .  /inetpub/wwwroot

Step 8: Open powershell with admin permissions, and go to the C:\docker folder and execute this command:

This will execute the Dockerfile script and will create a new instance


Step 9: It is time to run your instance, just type:



Step 10: You can list the images by doing a Docker ps . Get the first 3 digits of the CONTAINER ID, in this case 989



Step 11: It is time to know your URL. just type the following and you will get the URL of your docker machine
docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" 989



Step 12: If you want to access to your local machine you can do things like this (where 989 is the Container Id)

Access to MS-DOS: docker exec -i –t 989 cmd


To Create a new Site, use this DockerFile (we called the web Webgenerator):
FROM microsoft/aspnet
SHELL ["powershell"]

RUN Install-WindowsFeature NET-Framework-45-ASPNET ; \  
    Install-WindowsFeature Web-Asp-Net45

COPY WebGenerator WebGenerator 
RUN Remove-WebSite -Name 'Default Web Site'  
RUN New-Website -Name 'WebGenerator' -Port 80 \  
    -PhysicalPath 'c:\WebGenerator' -ApplicationPool '.NET v4.5'

CMD ["ping", "-t", "localhost"]