Logic Apps KeyVault Connector - Part 1

Azure Logic Apps now supports writing custom connectors, which are just custom REST APIs for which you can customize the experience so that they feel like the built-in Logic Apps connectors. I wanted to give try my hand at writing one, so decided on a simple use case: Writing a...

Azure Managed Service Identity - Querying in ARM Template

In a previous post I was lamenting not having a way to obtained the managed service identity generated for an Azure resource, such as a Azure SQL logical server or a Web App from the Azure Resource Manager (ARM) template itself. The issue was that the reference() function in an...

Unable to locate registry entry for adalsql.dll file path

A couple of days ago I was testing with a customer using Azure Active Directory integrated authentication to Azure SQL Database through the SQL Server ODBC drivers. On one test machine, we kept getting an error similar to this: Microsoft ODBC Driver 13 for SQL Server : SQL Server Network...

Permissions needed to create a Web App on an ASE

Documenting this here in case I run into this again. While working with a customer that is taking advantage of App Service Environment to host internal applications on Azure with connectivity to their Express Route connection, we ran into an issue when trying to setup permissions so that selected users...

Azure Managed Service Identity Library

A few days ago, the preview of Managed Service Identity for Azure was released, opening up some interesting possibilies to access other Azure resources from your application in a secure manner. App Service is one of the services adding support for managed service identity, including a nice library to make...

Deploying a Key Vault-based TDE protector for Azure SQL

Azure SQL now supports setting up Transparent Data Encryption while bringing your key encryption keys. This is easy to setup in the Azure Portal, but I wanted to try setting this up in an automated manner, preferably leveraging ARM templates as much as possible. This turned out to be a...

Authenticating to SQL Azure with delegated tokens

In a previous post, I discussed how to authenticate to an Azure SQL database from a Web Application (running in Azure App Service) using an Azure Active Directory Service Principal. For this I used a certificate stored in Key Vault to authenticate the principal and obtain a token I could...

Token authentication to SQL Azure with a Key Vault Certificate

In a previous post, I presented a PowerShell script to create a new Service Principal in Azure Active Directory, using a self-signed certificate generated directly in Azure Key Vault for authentication. Now, let’s try using it for somethig useful. All the code and samples for this article can be found...

Azure AD Service Principal with a Key Vault Certificate

It is often useful to create Azure Active Directory Service Principal objects for authenticating applications and automating tasks in Azure. While you can authenticate a Service Principal using a password (client secret), it might be better to use an X509 certificate as an alternative. You still need to find a...

Creating Event Grid Subscriptions

A few days ago, I wrote about using Azure Resource Manager (ARM) templates to deploy Azure Event Grid. That sample showed how to create a new Event Grid Topic resource. This basically gives you an URL you can publish custom events to and have them routed to one or more...