Andrew Wilson's Blog

{ ... Plan - Architect - Develop - Reflect - Improve - Repeat ... }

Azure API Management | Unintentional Pass through of Subscription Key Header

Problem Space There is a potential unintentional side effect when you add a APIM subscription key as a header to an inbound request. The header is not stripped from the request prior to being sent to the configured backend service. Rather it is retained. If you manage the backing service and are not concerned with the disclosure of the subscription key, then no problem. However, being overly permissive of this information may make your API more vulnerable to security threats and disallows a separation of concerns.

Posted by Andrew Wilson on Tuesday, November 21, 2023

Desired State Configuration | Project DSC

Problem Space I have often found myself with a peeked interest into any method that will simplify both the on-boarding and return to a given project. Why the interest you may ask… Well, in most cases when working on a given project (Greenfield or Brownfield), one member of the team will scout ahead to make sure all the engineering tasks are complete. This often allows the development team to work in parallel without stepping on each others toes or be reclined to a halt due to engineering tasks that can only be conducted by a smaller subset of the team.

Posted by Andrew Wilson on Monday, October 23, 2023

BizTalk | Replacing Strong Name Keys

Background Strong Names provide .NET Framework assemblies with unique identities. When the .NET Framework loads a strong-named assembly for a referring assembly, it verifies the strong name signature. If the strong name signature of the assembly cannot be verified, the .NET Framework will not load the assembly. !Do not rely on strong names for security. They provide a unique identity only! Alternatively in our case, BizTalk assemblies are loaded into the Global Assembly Cache (GAC).

Posted by Andrew Wilson on Wednesday, June 28, 2023

BizTalk | Deploying and Reading Secure SSO Settings

Background One of the fundamental parts to BizTalk for both configuration and integration applications is Enterprise Single Sign On, or as we will continue to reference as SSO from now on. SSO outside the bounds of BizTalk is an available service that is used to store and transmit encrypted user credentials. However, due to the nature of the service it is fairly generic, this has meant that many middleware applications and custom adapters have been designed to leverage SSO to securely store and transmit secure settings.

Posted by Andrew Wilson on Wednesday, April 26, 2023

Bicep | Deployment Scope Hopping

Background An Azure Tenant is hierarchically structured with the following make up: Tenant One or more Management Groups One or more Subscriptions One or more Resource groups One or more Resources Deployment Scopes {Tenant, Management Group, Subscription, Resource Group} allow us to deploy respective types of resources at each level. A Scope is dictated by two attributes, the selected scope level, and the identifier of the item at that scope level.

Posted by Andrew Wilson on Tuesday, April 25, 2023

avatar

Andrew Wilson
Husband - Father - Principal Consultant at Black Marble.

Has a passion for creating software [especially solution integrations] that help others execute their jobs faster and more efficiently.

QUICK LINKS
FEATURED TAGS
api-management apim apim-policy arm az-cli azure azure-devops azure-portal bicep biztalk biztalk-deployment-framework btdf dsc fluent-ui function-app git iac keyvault logic-app logic-app-standard nerd-fonts office-ui-fabric ohmyposh powershell rbac react rest-client roles security speaking sso storage-account strong-name-key swagger typescript vs-code webpack windows-terminal winget winget-configuration yaml-pipeline