Wednesday, July 5, 2017

NEWSEQUENTIALID() with Entity Framework and SQL Azure

I was creating on a table in my database on SQL Azure which had a GUID column as the primary key. I wanted to use NEWSEQUENTIALID() instead of NEWID() as the default value for the column because that would generate a sequentially incrementing GUID instead of a random GUID and have better performance.
To do this in entity framework, I added [DatabaseGenerated(DatabaseGeneratedOption.Identity)] attribute on the on column.
I was also using code first migrations. To know more about code first migrations, see https://msdn.microsoft.com/en-us/data/jj591621.aspx
This generates this script
c.Guid(nullable: false, identity: true)
Now when the database would be created in SQL Azure, the column values were still random instead of being sequentially incrementing. But if the same database was created locally on SQL server, the values were sequentially incrementing.
The fix was to change the script to

c.Guid(nullable: false, identity: true, defaultValueSql: "newsequentialid()")

Thursday, December 22, 2016

Redirecting cloud service traffic to load host and port

When you are developing cloud services, sometimes you want to debug the service which is hosted outside of your dev box.
The most common case is that there is a web portal which talks to a web service. The web service is not behaving as expected and you want to debug it.

The easiest step is to add an entry in host file (%SystemRoot%\System32\drivers\etc\hosts)
127.0.0.1              mywebservice.com

Now, when you open the web portal on your dev box, the web service hosted on your dev box will be called and you can debug it by putting breakpoints.

Now comes the interesting part. What if the web service on your dev box is running on a specific port say https://localhost:44310/
Just adding a host entry will not work since you want to redirect the traffic to your host as well as port.

Fiddler comes to rescue here which can be downloaded from http://www.telerik.com/fiddler
You need to do the following steps:

1. No need to change the host file (%SystemRoot%\System32\drivers\etc\hosts)
2. Open Fiddler
3. Go to Tools->Host and add the below entry
 localhost              mywebservice.com
4. Go to Rule->Customize Rules and add the below snippet in static function OnBeforeRequest(oSession: Session)
if (oSession.HostnameIs("mywebservice.com"))
{
            oSession.host="localhost:44310";
}
5.Restart Fiddler

That’s it, now when you open the web portal on your dev box, the web service hosted on your dev box will be called and you can debug it by putting breakpoints.


Wednesday, January 6, 2016

Azure Active Directory - Get Tenant Id from Tenant Name

This question "How do I get my Tenant Id?" has come up several times so I though I will blog it.

You can do that my going to https://login.windows.net/TenantName/.well-known/openid-configuration where TenantName is the one of the domain name of your tenant.

For example, https://login.windows.net/anujc.onmicrosoft.com/.well-known/openid-configuration will return

{"authorization_endpoint":"https://login.windows.net/46650ea8-7413-4415-82c6-f891fc15a31e/oauth2/authorize","token_endpoint":"https://login.windows.net/46650ea8-7413-4415-82c6-f891fc15a31e/oauth2/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt"],"jwks_uri":"https://login.windows.net/common/discovery/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","token id_token","token"],"scopes_supported":["openid"],"issuer":"https://sts.windows.net/46650ea8-7413-4415-82c6-f891fc15a31e/","claims_supported":["sub","iss","aud","exp","iat","auth_time","acr","amr","nonce","email","given_name","family_name","nickname"],"microsoft_multi_refresh_token":true,"check_session_iframe":"https://login.windows.net/46650ea8-7413-4415-82c6-f891fc15a31e/oauth2/checksession","end_session_endpoint":"https://login.windows.net/46650ea8-7413-4415-82c6-f891fc15a31e/oauth2/logout","userinfo_endpoint":"https://login.windows.net/46650ea8-7413-4415-82c6-f891fc15a31e/openid/userinfo"}

This contains my Tenant Id 46650ea8-7413-4415-82c6-f891fc15a31e

Monday, September 28, 2015

One or more errors occurred while publishing Azure Cloud Service from Visual Studio

Recently, I was trying to publish my Azure Cloud Service from Visual Studio and was getting an error "One or more errors occurred".











I couldn't find any more details in the Output window and was wondering what went wrong
Finally I looked at Server Explorer and it showed "Reneter your credentials".











After right clicking and re-entering the credentials, I was finally able to publish the cloud service.

Friday, August 28, 2015

AADSTS65001: No permission to access user information is configured for xxx' application, or it is expired or revoked

Recently, I had built an AAD application in my tenant with the permission “Enable single sign-on and read user’s profile”.

The application didn’t have admin consent so any time a user would login to my site, he would be asked for consent. I had some users who had consented to my app.

After some time, I added another permission “Access Azure Service Management” to my app and I was able to login fine. Users who had never consented to my app earlier could also sign in. However, users who had already consented to my app before I added the new permission started seeing this error “AADSTS65001: No permission to access user information is configured for xxx' application, or it is expired or revoked. “

I was really confused why the app works for some users but not for others.

After understanding the pattern that the error occurs only for users who had already consented, I asked them to perform the following work around:

  1. Go to https://myapps.microsoft.com
  2. Remove the app
  3. Sign in again to the app in a fresh browser session
  4. Now you will see the consent prompt for two permission
  5. Grant consent   

After this, all users were able to login successfully.