C# 8.0 Features

C# 8.0 is available in .Net Core 3.0 & .Net Standard.

Using Declarations

Now we can use using as a declaration rather than as a block.

using var file = new System.IO.StreamWriter(“WriteLines2.txt”);

Here the variable file will be disposed after end of scope.

Static Local Functions

Static Local Functions can be created within a Method which will not consume any Instance variables.

int M()

{

int y = 5; int x = 7;

return Add(x, y);

static int Add(int left, int right) => left + right;

}

Default Interface Methods

We can add default methods in Interfaces.  This will help in later versions of Interfaces.

interface IDefaultInterface
{
     int GetAge()
     {
         return 18;
     }
}

New Switch Structure

public static RGBColor FromRainbow(Rainbow colorBand)

=> colorBand switch {

Rainbow.Red => new RGBColor(0xFF, 0x00, 0x00),

Rainbow.Orange => new RGBColor(0xFF, 0x7F, 0x00),

_ => throw new ArgumentException(message: “invalid enum value”, paramName: nameof(colorBand)), };

// Saves “case” statement

More

https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-8

Multithreading vs. Asynchronous

Multithreading & Asynchronous Programming are both Concurrent Programming.

Multithreading	Asynchronous
CPU-concurrency	I/O-concurrency
Thread class (old way)	async.. await syntax
Task class (new way)
Task Parallel Library	Task Synchronous Programming Model

Task Parallel Library

Task Parallel Library is the preferred way of using Threads in C# for CPU concurrency.

var task = Task.Run((Action)DoProcess);
task.Wait();

Task Synchronous Programming Model

References

https://docs.microsoft.com/en-us/dotnet/csharp/programming-guide/concepts/async/

Azure VNET Connectivity Options

We can connect 2 VNET using following options:

• VNET Peering
• VPN Gateway

VNET Peering

VNET Peering is the best option as it gives fastest connectivity using the Microsoft backbone infrastructure using Private addresses.

There are 2 types of VNET Peering:

• VNET Peering for same region connectivity
• Global VNET Peering for different region connectivity

VPN Gateway If you have one of the VNET in an On-Premise then you can choose the VPN Gateway option.  It also offers Encryption which could make a decision. However VPN Gateway will be slower compared with Peering, More Configuration & More Setup Time overheads exists. Comparison
Description	VNET Peering	VPN Gateway
Easy Setup	Yes	No
Encryption	No	Yes
Cross-Region Support	Yes	Yes
Pricing	Less	More
Speed	High	Low
Bandwidth Limit	No	Yes
Public IP	No	Yes
On-Premise Support	Complicated	Yes

References

https://azure.microsoft.com/en-us/blog/vnet-peering-and-vpn-gateways/

What are the Different Ways to connect from Azure to On-Premise SQL Server?

Here I would like to list down the different ways to connect from Azure to On-Premise SQL Server.

VPN

We can create a site-to-site VPN for connecting from Azure to On-Premise.  Here the VPN device on Azure takes care of transmitting the request to the On-Premise network.

https://docs.microsoft.com/en-us/office365/enterprise/connect-an-on-premises-network-to-a-microsoft-azure-virtual-network

Azure Data Factory

Azure Data Factory requires running an Integration Runtime service in the On-Premise machine to make the connectivity happen.  It also requires Outbound port opening from On-Premise machine if there is any Outbound connection required back to the Azure SQL.

https://azure.microsoft.com/en-us/services/data-factory/

Azure Hybrid Connections

Hybrid Connections are created within the App Service.

https://docs.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections

https://nishantrana.me/2018/02/19/using-azure-hybrid-connections-to-connect-to-sql-on-prem-database-from-azure-webjob/

Azure Service Bus Relays

Relays create endpoints on the On-Premise application which can be accessed by the Outside World.

Link: https://www.c-sharpcorner.com/article/overview-of-azure-service-bus-relay/

Express Route

Express Route is a highly secured option as it creates a new connectivity other than Public Internet.

https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction

On-Premises Data Gateway

If you are using Logic Apps, Power BI then you can rely on On-Premise Data Gateway.  This involves installing the On-Premise Data Gateway on Azure & On-Premise too.

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-gateway-install

https://www.codit.eu/blog/installing-and-configuring-on-premise-data-gateway-for-logic-apps/

Note

Depending on your Network Security guidelines choose the appropriate one.

How to Verify Custom Domain from GoDaddy.com in Azure Portal?

In this post we can see how to verify custom domain purchased from www.godaddy.com in Azure Portal.

Purchase Domain

You can visit www.godaddy.com to complete the domain purchase.

Azure Portal

You can open the Azure Portal > Azure Active Directory > Custom domain names blade as shown below.

Choose the Add custom domain option > Enter your name > Copy the following values.

Copy the values.

GoDaddy

Now go to the www.godaddy.com website

https://dcc.godaddy.com/domains/

Choose > Manage DNS from the Ellipssis

In the upcoming records page click the Add button.

In the appearing page choose TXT and enter the values from Azure Portal.

Now wait for 1 minute & Come back to Azure Portal & Click Verify

You will get it Verified!

Azure Certificate based Authentication from App Service to Access Key Vault

In this post I would like to demonstrate the usage of Certificate based Authentication from a deployed App Service in Azure & thereby accessing Azure Key Vault.

Control Flow

Following picture depicts the entire Control Flow.

Follow the steps for Certificate creation: LINK 1

• Create Certificate
• Export to .CER format
• Export to .PFX format

Following are the App Service & App Registration activities LINK 2

• Create App Service
• Associate the .PFX Certificate
• Create App Registration
• Associate the .CER Certificate

Following are the Key Vault Activities LINK 3

• Create Key Vault
• Create Secret
• Provide necessary permissions to the App Registration

Create the Code LINK 4

• Create Web API Project
• Load the certificate
• Access the Key Vault
• Deploy the Application

Test the application

• Access the URL https://jp-app-svc.azurewebsites.net/keyvault
• Validate the Secret

Note This is a real-world scenario & hence steps & complexities are high.

Certificate vs Password

Certificate based Authentication is more secured than Password because:

• Certificate is difficult to copy, re-generate & install – hence more security
• Certificate based Authentication enforces that the Token is only provided to Certificate holder
• Password can be copied easily & played back – hence less security

Common Errors

• Forbidden – Add necessary permission for App Registration in the Key Vault
• Not Found – This should be Key Vault Secret Name is invalid

Contact

For any information OR consulting please contact me through Linked-in.

References

https://docs.microsoft.com/en-us/azure/key-vault/key-vault-group-permissions-for-apps

NCRONTAB Expression in Web Jobs

NCRONTAB is the library used in Web Jobs & Azure Functions to prepare Scheduled Execution.  Using the library we can schedule jobs like:

• Every day
• Every day at 10 AM
• Every Monday
• Every Monday at 10AM
• Every Year
• Every Year December 31st at 12 PM

NCRONTAB Format

{second} {minute} {hour} {day} {month} {day-of-week}

Please note that the last parameter is NOT year

Asterisk

Use * to denote repeat

Examples

0 5 * * * *	Every 5th minute
0 */5 * * * *	Every 5 minutes
0 0 * * * *	Every hour
0 0 */2 * * *	Every 2 hour
0 0 9-17 * * *	Every hour from 9AM to 5PM
0 30 9 * * *	At 9:30 AM everyday
0 30 9 * * 1-5	At 9:30 AM every weekday
0 30 9 * Jan Mon	At 9:30 AM every January Monday

More

https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-timer?tabs=csharp#ncrontab-expressions

Create Web API Project to Access Certificate & Key Vault Secret

Create a new Web API project.

Add package: Microsoft.Azure.KeyVault

Create a new Controller.  Add the following code.

public class KeyVaultController : Controller
{
     public IActionResult Index()
     {
         string result = string.Empty;

        try
         {
             result = new KeyVaultSecretProvider().GetKeyVaultSecret(“MySecret”);
         }
         catch (Exception ex)
         {
             result = ex.ToString();
         }

        return Content(result);
     }
}

Create a new class.  Add the following code.

using Microsoft.Azure.KeyVault;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;

namespace KeyVault_Cert_WebAPI.Controllers
{
     public class KeyVaultSecretProvider
     {
         public const string ClientID = “YOUR-CLIENT-ID”;
         public static string Thumbprint = “YOUR-THUMBPRINT”;
         public const string VaultURL = “https://YOUR-KEY-VAULT.vault.azure.net/”;
         public ClientAssertionCertificate Certificate { get; set; }

        public X509Certificate2 FindCertificateByThumbprint()
         {
             X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
             store.Open(OpenFlags.ReadOnly);
             X509Certificate2Collection col = store.Certificates.Find(X509FindType.FindByThumbprint, Thumbprint, false);
             store.Close();

            if (col == null || col.Count == 0)
                 throw new Exception(“ERROR: Certificate not found with thumbprint”);

            return col[0];
         }

        public void GetCertificate()
         {
             var clientAssertionCertPfx = FindCertificateByThumbprint();
             Certificate = new ClientAssertionCertificate(ClientID, clientAssertionCertPfx);
         }
         public async Task<string> GetAccessToken(string authority, string resource, string scope)
         {
             var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
             var result = await context.AcquireTokenAsync(resource, Certificate);

            return result.AccessToken;
         }

        public string GetKeyVaultSecret(string secretNode)
         {
             var secretUri = string.Format(“{0}{1}”, VaultURL + “secrets/”, secretNode);
             GetCertificate();
             var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetAccessToken));

            return keyVaultClient.GetSecretAsync(secretUri).Result.Value;
         }
     }
}

Deploy the Application

Publish the application to the same App Service we created in previous step.

Article Series

This post is part of an Article Series:

Azure Certificate based Authentication from App Service to Access Key Vault

Create Key Vault & Secret

In this post we can create a Key Vault & Secret.

Create Key Vault

Go to Azure > Key Vaults > Create new Key Vault

Copy the Key Vault URL.  You will need it in the upcoming step.

Create Secret

Go to the Secrets blade & Create a new secret.

Set Permissions

Go to Key Vault > Access Policies > Add Access Policy > Select App Registration

Congratulations!

Now we are ready to proceed with next step.

Article Series

This post is part of an Article Series:

Azure Certificate based Authentication from App Service to Access Key Vault

Azure Locks

Azure allows Locking the resource, resource group from accidental modifications OR deletions.

Types of Locks

There are 2 types of locks:

• DELETE LOCK prevents deletion of resource
• READONLY LOCK prevents modifications Or deletion of resource

LOCK Blade

The Lock Blade is available for all the resources:

• App Service
• Virtual Machines
• Data Factory
• etc.

Now let us create a Delete Lock.

Testing Lock

Now go to the App Service & Try deleting it.

You will get the following Message preventing it from deletion.

Note

This is a wonderful feature for Administrators & Prevents accidental deletion & modifications of the Azure Resource OR Resource Groups.