azure-security

Azure Policy not denying Custom Role creation

时光怂恿深爱的人放手 提交于 2020-05-30 10:40:39
问题 I am currently helping investigate adopting Azure for my organization's public cloud. One of the tasks I have been assigned is locking down accounts to prevent users from being able to elevate their permissions within a subscription. One of the things in particular I am interested in is denying the creation of Custom Roles, as we don't want people to go and start creating their own roles until the need for the role has been vetted by security. I have been trying to do this via an Azure policy

Authentication difference between using AAD app key and Service Principal Password

我怕爱的太早我们不能终老 提交于 2020-01-23 05:41:46
问题 To run applications in Azure, I need to create an Application in Azure AD and a corresponding Service Principal. Then my application authenticates against this App/Principal pair. To authenticate, I can create an application key in the App registration, or I can create a password in the Service Principal (among other options). What's the difference from a practial standpoint? For example, this code runs exactly the same (from the outside) whether the $key is the App's key or the Service

AccessControlException when .Net Client App accessing Azure Data Lake

China☆狼群 提交于 2020-01-06 05:33:04
问题 I am trying to access a Data Lake from a .Net client application using this example I have registered the Client App in AAD Tenant and using the Client Id and Client secret from there (as what i believe is service-to-service authentication.) The Data Lake is in a different subscription but belongs to the same Tenant/AAD The App has Read/Write/Execute permission under 'Owner' and 'Assigned Permissions' for the specific folder (two hierarchies down the root folder) in the datalake. The parent

Azure PowerShell or CLI command to Provide a User with Owner access to a specific Web Application

穿精又带淫゛_ 提交于 2019-12-24 19:52:59
问题 I have around 100 Azure Web Apps and Azure Functions which I created using Azure PowerShell and CLI, now I need to assign Owner Access to these Web Apps to users (Separate users for each Web Apps) I am unable to find any sample for this, most sample are pointing to Assigning Resource Group Level Access, but not to the Specific Resource. The task is achievable in the Azure Portal, just need the PowerShell or CLI command to assign users owner or contributor rights to these specific resources.

Is it possible to access Azure Security Center recommendations outside of Azure Portal?

不问归期 提交于 2019-12-23 04:23:27
问题 For part of a project, I need to be able to display security center recommendations for a given resource group on a webpage. To be clear, I'm looking to access the data on the Recommendations blade of Azure Security Center and filter that information by a resource group, only displaying the recommendations relevant to those resources. I've been looking at two ways to implement this: Security Resource API seems to be a good starting place, however I can't find any API endpoint that will allow

Surface the application associated to a Managed Service Identity service principal in AAD app registrations

谁都会走 提交于 2019-12-14 02:33:08
问题 I've got a service principal in Azure which was created when i turned on Managed Service Identity for one of my Azure assets. I'd like to grant permissions to this SP using the App Registrations area in the portal (I know I can do it with New-AzureADServiceAppRoleAssignment, but I'd like to create an application in this case). The Service Principal has an associated application whose guid is visible in the Enterprise Applications section of the AAD blade, but that application id isn't visible

ADAL.Net TokenCache throwing server timeout error with 500 error code

主宰稳场 提交于 2019-12-12 02:18:14
问题 I am trying to integrate WS-Federation in my Asp.Net MVC app using OWIN. I followed the github samples and it is working as expected. Now I want to take this one step further and call an external WebApi hosted on different Azure web app from within my website. I couldn't find any WS-Fed samples for this scenario. WebApi needs an access token to provide access to protected resources. In one of my MVC controllers I tried using ADAL.Net code to acquire the access token but i get timeout error.

Connection to Azure Vault using MSI

有些话、适合烂在心里 提交于 2019-12-10 10:35:50
问题 I am trying to connect to my azure vault from a console application with using MSI For this vault i have added my user as the Selected Principle the code i am using to connect is var azureServiceTokenProvider = new AzureServiceTokenProvider(); var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); var secret = await keyVaultClient.GetSecretAsync("https://<vaultname>.vault.azure.net/secrets/<SecretName>")