Azure Free SSL Certificate with “Let’s Encrypt”

Recently, I have a chance to read Nik Molnar article [“Let’s Encrypt” Azure Web Apps the Free and Easy Way]. This article provides an easy way to incorporate a free SSL Certificate and automate it renewal.

Several minor issues I have to correct during the installation process.

  1. The tenantId was not displayed on the Azure portal. I used  az login PowerShell command to display TenantId. The simple command:
    $tenantId =  (az login | ConvertFrom-Json)[0].tenantId
    $tenantId
    
  2. Another issue was with the usage of legacy PowerShell Azure command in the “Register a Service Principal” section. I replaced them with the latest “az” CLI commands:
    az login
    $uri = 'http://' + (New-Guid).Guid
    $passwordData='qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890$!*'
    $password = 'p' + ((Get-Random -Count 25 -InputObject ([char[]]$passwordData)) -join '') + 'Z0!'
    $app = (az ad app create --display-name Lets-Encrypt-For-Azure-Web-Apps --homepage $uri --identifier-uris $uri --password $password)
    $applicationId = ($app | ConvertFrom-Json).appId
    az ad sp create --id $applicationId
    az role assignment create --role Contributor --assignee $applicationId
    $applicationId
    $password
    

Several points:

  1. I used Guid for Uri name of the home page;
  2. I autogenerated random password;
  3. The ApplicationId now called appId.
  4. I converted JSON output using “ConvertFrom-Json

 

Advertisements

Run Azure function with HTTPS endpoint under localhost from Visual Studio

Recently, I worked on Azure function and Angular integration project. The Angular application is using https port on localhost. Call to Azure function on the localhost failed as we have mixed (HTTP and HTTPS) content.

Searching for a solution I found several recommendations to use the direct call:

func host start --port <SSL_PORT> --useHttps --cors * --cert certificate.pfx --password <password>

First, I was not even sure how to run this command within Microsoft Visual Studio. Secondary, where I should get a certificate.

If you install Microsoft .net core, you have a localhost certificate. SCOTT HANSELMAN in his article explains it in details.

Interesting that the certificate installed and bind to all ports from 44300 to 44399. You may use the following DOS command to confirm this:

C:\> netsh http show sslcert 0.0.0.0:44310

The above command should show output similar to one below:

SSL Certificate bindings:
-------------------------
IP:port : 0.0.0.0:44310
Certificate Hash : b1cf45ab3a51bd347bd809580e55bb7d541a3b84
Application ID : {214124cd-d05b-4309-9af9-9caa44b2b23a}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Reject Connections : Disabled
Disable HTTP2 : Not Set
Disable QUIC : Not Set
Disable TLS1.3 : Not Set
Disable OCSP Stapling : Not Set

Now I can bind my local azure function to any of the 100 ports.

The first step is to choose a port. For example, 43310.

The second is to add this port to Azure function project. Find, a file called “local.settings.json”. Add the following line:

"Host": {
"LocalHttpPort": 44310
}

Add the following to the property of the azure function project:

host start --pause-on-error --useHttps

host start –pause-on-error –useHttps

Now, you should be able to run the azure function project and verify that it’s hosted on https://localhost:43310/

 

Troubleshooting Azure WEBSITE_RUN_FROM_PACKAGE deployment

You may already know about the new Azure Run From Package feature. This is an excellent new feature comparable with Containers. The zip file does not need to be changed when you move from Test environment to Production. Just point your Application Settings to the zip file on your Azure storage.

The problem with this type of deployment is when you are trying to troubleshoot your application code. The web.config now is read-only and cannot be modified without repacking the new ZIP.

The Azure “Log stream” will not help. To output errors into Azure “Log stream” add the following loggers to your code:

public void ConfigureServices(IServiceCollection services)
        {
            services.AddLogging(loggingBuilder =>
            {
                loggingBuilder.AddConfiguration(this.Configuration.GetSection("Logging"));
                loggingBuilder.AddConsole();
                loggingBuilder.AddDebug();
                loggingBuilder.AddAzureWebAppDiagnostics();
            });
...
}

The AddAzureWebAppDiagnostics will output error messages into the Azure “Log stream“. Make sure you enable the “Application Logging” and “Detailed error messages” in the Azure Diagnostics logs.


PM> Install-Package Microsoft.Extensions.Logging.AzureAppServices -Version 2.2.0

Prepare your Angular1 to Angular2 migration

As a Sr. Software Architect, currently I’m working on very large Angular 1 project. We have over hundred controllers, services, directives and components. Our goal is to convert the project into Angular2 in order to use pre-rendering techniques. Unfortunately, we cannot stop current development and spend time to massive conversion.  We have many feature that we need to implement asap.

In order to simplify conversion we adopted several strategies:

  1. We converted our JavaScript files to Typescript. The compilation and types bring immediately code quality benefits. We discovered several bugs that we missed during development and testing.
  2. We are starting to use Angular 1.5 components for every new form.

Continue reading

Package Manager and update-database timeout

When you are using the Microsoft Visual Studio update-database command in Package Manager, you may receive the following error:

ClientConnectionId:00000000-0000-0000-0000-000000000000
Error Number:-1,State:0,Class:20
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)

This error maybe because you have another project in solution with Entity Framework and a separate database deployment. If that (separate) project set as a “StartUp Project” that is most likely reason for timeout. Make sure that correct project is set as Default Project in Package Manager console and it also set as StartUp Project in Solution Explorer.

GE Centricity Loading issue fix

If you are using GE Centricity CPS 12 and experiencing client loading issue, try the following:

  1. Add your site to the IE browser compatibility view;
  2. Clear user setting by executing the following SQL statement (please replace the ‘username’ with actual user name):

DELETE from UI_LAYOUT where pvid= (select PVID from USR where LOGINNAME = ‘username’)

Create app.config transformation for vdproj deployment projects

To add transformation follow these steps:

  1. Create new App.Debug.config and App.Release.config transformation files and exclude them from project.
  2. Unload MyProject.csproj project from solution.
  3. Right mouse click on the project file and select Edit “MyProject.csproj”.
  4. Search for app.config string.
  5. Change to:
      <ItemGroup>
        <None Include="App.config">
          <TransformOnBuild>true</TransformOnBuild>
        </None>
        <None Include="App.Debug.config">
          <DependentUpon>App.config</DependentUpon>
          <IsTransformFile>True</IsTransformFile>
        </None>
        <None Include="App.Release.config">
          <DependentUpon>App.config</DependentUpon>
          <IsTransformFile>True</IsTransformFile>
        </None>
      </ItemGroup>
    
  6. Add after above code:
      <ItemGroup>
        <Content Include="$(OutputPath)$(AssemblyName).exe.config">
          <InProject>false</InProject>
          <Link>$(AssemblyName).exe.config</Link>
        </Content>
      </ItemGroup>
    
  7. Add the following code just before the </Project> tag:
      <UsingTask TaskName="TransformXml" AssemblyFile="$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v$(VisualStudioVersion)\Web\Microsoft.Web.Publishing.Tasks.dll" />
      <Target Name="AfterCompile" Condition="exists('App.$(Configuration).config')">
        <!-- Generate transformed app config in the intermediate directory -->
        <TransformXml Source="App.config" Destination="$(IntermediateOutputPath)$(TargetFileName).config" Transform="App.$(Configuration).config" />
        <!-- Force build process to use the transformed configuration file from now on. -->
        <ItemGroup>
          <AppConfigWithTargetPath Remove="app.config" />
          <AppConfigWithTargetPath Include="$(IntermediateOutputPath)$(TargetFileName).config">
            <TargetPath>$(TargetFileName).config</TargetPath>
          </AppConfigWithTargetPath>
        </ItemGroup>
        <PropertyGroup>
          <SetupProjectPath>$(MSBuildProjectDirectory)\$(IntermediateOutputPath)$(TargetFileName).config</SetupProjectPath>
        </PropertyGroup>
      </Target>
    
  8. Save and reload MyProject.csproj
  9. Go to Setup (.vdproj) project and add MyProject.csproj as Primary Output.
  10. Select added project and add ExcludeFilter *.config
  11. Add MyProject.csproj as Content Files.
  12. Build solution. You will have correct transformed configuration file in your setup project.