Monday, 2 May 2022

Useful Generic Resources from Microsoft - Miscellaneous

1. Microsoft Style Guide

Microsoft have an extremely useful Microsoft Style Guide for websites and apps to ensure the communication is clear and consistent.  It is simple to follow and makes understanding for customers easier.  The key takeaway for me is be consistent and "Be warm and relaxed, crisp and clear, and ready to lend a hand as appropriate for the context." Developer content - Microsoft Style Guide | Microsoft Docs 

For Ux Developers, the finalised messages is generally not available (or known) so it is good if they provide messages that they believe are correct that are "warm and relaxed, clear, and contextual", this allows for updates to be much easier for the final content reviewer.  

https://docs.microsoft.com/en-gb/style-guide

2. Fluent UI

Fluent UI Fluent UI - Get started - Fluent UI (microsoft.com) is useful to provide a consistent framework for Ux.

3. Frontend Bootcamp

Microsoft Days in the Web - Welcome

4. Kiota

Tuesday, 1 March 2022

TLS 1.2 & Wireshark Refresher

Overview:  I have lost count of the number of TLS upgrades I have worked on.  The upgrades are easy as long as you understand the basics.  I always throw a test rig together to check settings, update settings and get the configuration and the ability to check the traffic.  

Understanding Server and Client Registry Settings for TLS

  • "Client" registry keys govern outbound protocol availability.
  • "Server" registry keys govern which protocols are available for inbound connections.

Check TLS 1.2. connections from a client to a SQL Server:

The client machine host a Console/C# Test Rig that is connecting to SQL Server that supports only TLS1.2.  Then on the client Windows registry settings you are interested in the TLS1.2/Client/Enabled setting as shown above.  

  • Below is a screen shot of a C# test rig, used to ensure the registry settings are correct (I restart the test rig after I make a change to the client/TLS registry settings.  Running the "Test Connection", tells me outbound traffic is using TLS1.2, the successful connection tells me that SQL Server is accepting TLS1.2 traffic.

If unsuccessful or you want proof: 
Wireshark - replicates the network traffic packets going thru the machines drivers/adapters.
  • Wireshark is a great tool, and can be used to verify the underlying traffic, in this scenario I have Wireshark on the client machine to capture and analyze the TLS traffic going to the SQL Server generated by the C# test rig.
  • Ensure you have the adapters you want to monitor selected, and I have added a  filter to only show traffic being sent to the SQL Server using the IP address.  "hosts 10.1.x,25"

Capture the traffic, you'll see the connection being setup in the packet transfer.  The protocol will show TLSv1.2 in Wireshark.

TLS1.2 traffic

TLS1.0 Outbound Traffic

Use Netsh or Pktmon to capture local adapter traffic, then load the logs in Wireshark.  c:> netsh trace start capture=yes from the admin run cmd prompt to capture packets.   Packet Monitor (Pktmon) is also an option.

More Info:

https://social.technet.microsoft.com/wiki/contents/articles/41703.sql-server-securing-network-communications.aspx

Sunday, 27 February 2022

Delphi TLS 1.2 to SQL Server connectivity issue

Thanks to Akshay for  figuring the issue out & working on this with me.

Problem:  C# is connecting to SQL Server using TLS1.2 & TLS 1.0.  But  Delphi application only connects using TLS1.0.

Initial Hypothesis:  

Ensure the client machine can connect using a C# test rig, or check the traffic works from any app using Wireshark.

SQL Server is accepting TLS 1.2 connections using C# but not Delphi.  SQL is good, and the client machine allows outbound TLS 1.2 data.  Issue must be with Delphi.  Delphi is using SDAC 6 to connect to the database.  Issue must be with Delphi connectivity.  Delphi SDAC uses the "SQL native client" for TLS1.2 but TLS 1.0 works without the Native SQL client.  SDAC tries to use the "Native SQL Client", if it is not there it use OLEDB.  The OLEDB version used by SDAC6 does not support TLS1.2 only TLS1.0.  Wireshark showed the Delphi application trying to connect but can't get a TLS1.2 connection.  Installing the "Native SQL Client", the TLS traffic starts connecting on TLS1.2 using SDAC6.

Resolution: Upgrade Delphi/SDAC9 (or later) or install the "SQL Native Client" on all client laptops/machines.

Sunday, 6 February 2022

Microsoft Defender for Cloud for B2B SaaS solution based on Azure PaaS

Microsoft Defender for Cloud were previously called Azure Security Center and Azure Defender.  Its function is hardening via suggestions and actively monitoring (and stopping) usage.  Azure SQL has it's own defender, and Microsoft Defender uses the same SQL tooling as part of it.  It's a great tool, while it can be expensive, even turn on in production for set periods and then deactivate.

Two tiers of Microsoft Defender for the Cloud:

  • Free - Continuous assessment & Hardening suggestions
  • Paid - Same as free but also can apply suggestions and active threat prevention.

Enable it for specific services, at the service level it is all or nothing, so if you have 40 app service instances, it's monitor all or nothing $$$

Microsoft Defender for Cloud - an introduction | Microsoft Docs

Monday, 24 January 2022

CorrelationId thoughts for improved logging in SPAs

Problem:  Single Page Applications (SPA) generate a new correlationId/guid on path changes only, when logging to something like App Insights, the SPA using a framework like Angular will have a page view with multiple actions that are logged using the same guid.  

Initial Hypothesis: You can work out the users journey by using the page view guid and tracing the actions to drill down to the issue.  It is far easier to generate a new guid for each action making error tracing simpler/faster for 1st line support.  Also performance issues are far easier to replicate and automate reporting on for changes in performance.   

SPA/Angular Resolution:

  1. import{ Injectable } from'@angular/core'; 

  1. import{ ApplicationInsights } from'@microsoft/applicationinsights-web'; 

  1. import{ environment } from'src/environments/environment'; 

  1.  

  1. @Injectable({ 

  1.   providedIn:'root' 

  1. }) 

  1. exportclassAppinsightsLoggingService { 

  1.   appInsights: ApplicationInsights; 

  1.   constructor() { 

  1.     this.appInsights = newApplicationInsights({ 

  1.       config: { 

  1.         instrumentationKey:environment.appInsights.instrumentationKey, 

  1.         enableRequestHeaderTracking:true, 

  1.         enableCorsCorrelation:true, 

  1.         loggingLevelTelemetry:1, 

  1.         enableAutoRouteTracking:true// option to log route changes 

  1.       } 

  1.     }); 

  1.     this.appInsights.loadAppInsights(); 

  1.     this.appInsights.trackPageView(); 

  1.   } 

  1.  

  1.   logPageView(name?: string, url?: string) { // option to call manually 

  1.     alert(name); 

  1.     this.appInsights.trackPageView({ 

  1.       name:name, 

  1.       uri:url 

  1.     }); 

  1.   } 

  1. } 


  1. public getTraceId (){ 

  1.     returnthis.appInsights.context.telemetryTrace.traceID; 

  1.   } 

  2. // Call when needed


Note: Thanks to Pravesh Chourasia for showing me how to do this.