Thursday, December 22, 2016

Redirecting cloud service traffic to load host and port

When you are developing cloud services, sometimes you want to debug the service which is hosted outside of your dev box.
The most common case is that there is a web portal which talks to a web service. The web service is not behaving as expected and you want to debug it.

The easiest step is to add an entry in host file (%SystemRoot%\System32\drivers\etc\hosts)    

Now, when you open the web portal on your dev box, the web service hosted on your dev box will be called and you can debug it by putting breakpoints.

Now comes the interesting part. What if the web service on your dev box is running on a specific port say https://localhost:44310/
Just adding a host entry will not work since you want to redirect the traffic to your host as well as port.

Fiddler comes to rescue here which can be downloaded from
You need to do the following steps:

1. No need to change the host file (%SystemRoot%\System32\drivers\etc\hosts)
2. Open Fiddler
3. Go to Tools->Host and add the below entry
4. Go to Rule->Customize Rules and add the below snippet in static function OnBeforeRequest(oSession: Session)
if (oSession.HostnameIs(""))
5.Restart Fiddler

That’s it, now when you open the web portal on your dev box, the web service hosted on your dev box will be called and you can debug it by putting breakpoints.

Wednesday, January 6, 2016

Azure Active Directory - Get Tenant Id from Tenant Name

This question "How do I get my Tenant Id?" has come up several times so I though I will blog it.

You can do that my going to where TenantName is the one of the domain name of your tenant.

For example, will return

{"authorization_endpoint":"","token_endpoint":"","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt"],"jwks_uri":"","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","token id_token","token"],"scopes_supported":["openid"],"issuer":"","claims_supported":["sub","iss","aud","exp","iat","auth_time","acr","amr","nonce","email","given_name","family_name","nickname"],"microsoft_multi_refresh_token":true,"check_session_iframe":"","end_session_endpoint":"","userinfo_endpoint":""}

This contains my Tenant Id 46650ea8-7413-4415-82c6-f891fc15a31e

Monday, September 28, 2015

One or more errors occurred while publishing Azure Cloud Service from Visual Studio

Recently, I was trying to publish my Azure Cloud Service from Visual Studio and was getting an error "One or more errors occurred".

I couldn't find any more details in the Output window and was wondering what went wrong
Finally I looked at Server Explorer and it showed "Reneter your credentials".

After right clicking and re-entering the credentials, I was finally able to publish the cloud service.

Friday, August 28, 2015

AADSTS65001: No permission to access user information is configured for xxx' application, or it is expired or revoked

Recently, I had built an AAD application in my tenant with the permission “Enable single sign-on and read user’s profile”.

The application didn’t have admin consent so any time a user would login to my site, he would be asked for consent. I had some users who had consented to my app.

After some time, I added another permission “Access Azure Service Management” to my app and I was able to login fine. Users who had never consented to my app earlier could also sign in. However, users who had already consented to my app before I added the new permission started seeing this error “AADSTS65001: No permission to access user information is configured for xxx' application, or it is expired or revoked. “

I was really confused why the app works for some users but not for others.

After understanding the pattern that the error occurs only for users who had already consented, I asked them to perform the following work around:

  1. Go to
  2. Remove the app
  3. Sign in again to the app in a fresh browser session
  4. Now you will see the consent prompt for two permission
  5. Grant consent   

After this, all users were able to login successfully.

Tuesday, March 31, 2015

FiddlerCore - ByPass Intranet Traffic

Found a nice trick to bypass intranet traffic while using fiddler core.

CONFIG.sHostsThatBypassFiddler = "<local>";

Friday, February 27, 2015

Comparing X509Certificate Subject with User Input

Recently I encountered an issue where I was comparing the certificate name of an X509Certificate with a user input.
The issue was that the subject a user would see on the certificate property has spaces in it
E.g. CN = xxx

However, when querying the subject of an X509Certificate2 object, it won’t have any spaces in it
E.g. CN=xxx

This would make the subject comparison fail
The fix was to use X500DistinguishedName for comparison of subject. Below is a snippet    

X509Certificate2 certificate = new X509Certificate2(@"xxx.cer");
// certificate.Subject results in CN=xxx
            X500DistinguishedName certificateSubjectname = new X500DistinguishedName(certificate.Subject);
            X500DistinguishedName configuredSubjectname = new X500DistinguishedName("CN = xxx");
            bool result = string.Equals(certificateSubjectname.Decode(X500DistinguishedNameFlags.None), configuredSubjectname.Decode(X500DistinguishedNameFlags.None), StringComparison.CurrentCulture);