any answer to this question – how to restrict azure appservice to a domain

I posted the following question on stackoverflow and forums.asp.net but never got any answer. hopefully, someone can help me out with this one.

http://stackoverflow.com/questions/37871795/restrict-azure-appservice-website-to-a-domain

https://forums.asp.net/p/2097395/6059242.aspx?restrict+azure+appservice+website+to+a+domain

I have a WCF service running on a azure app service. I want to restrict this WCF to a few azure website, external IPs and some other deployments. I am using IPSecurity tag for that in my WCF web.config

My issue is the IP restrictions work, but the azure website domains that i allow access to, dont seem to work.

for exmaple, i have an azure website with a custom domain, abcdef.info. i am trying to give this domain access to wcf, but it doesnt seem to be working. below is my configuration.

<ipSecurity enableReverseDns="true" allowUnlisted="false">
        <add ipAddress="127.0.0.1" allowed="true" /> 
        <add ipAddress="xx.xx.xx.xx" allowed="true" />  (IP of azure website i got after nslookup)  
        <add domainName="azurewebsitedomain.azurewebsites.net" allowed="true" />
        <add domainName="abcdef.info" allowed="true" /> (custom domain tied to my azure website)    
</ipSecurity>

i was assuming that one of the last 3 settings here will whitelist my wcf client running to azure website to access WCF but so far nothing.

Will appreciate any help. Thanks.

Advertisements

unpack bacpac files and ease migrations

There were days when i spend hours watching my bacpac files slowly getting restored and then suddenly crashing :/ I have seen this issue often where a table with large amount of data would crash in between restore and i had no other option as i didn’t knew what to do with bacpac files.

But after some reading I found that the bacpac file was just a renamed .zip file and could be extracted and perhaps even edited. This gave me a way out. I extracted the bacpac file to see what I could find.

Here, nicely laid out is the package that is a bacpac file. Opening the Data\ folder will show you the data that is targeted for each table nicely arranged by table name.

bacpac

This made up set of tables shows the layout. Simply choose the tables that have expendable data, such as log entries, error logs, traces etc. Open those files and delete the .BCP files that are contained in them.

Now just re-compress those files, rename the resulting .zip files to .bacpac and you are good to go. One note: when you re-zip those files, make sure to do so from the root of the bacpac folder that was extracted, not the parent folder you extracted to. If you compress the whole folder, the nesting of the files will be off and you will get an error on import.

Convert Azure D Series VM to DS Series.

I have had lot of scenarios where some old azure D Series VM need to be updated to DS Series so that premium storage disks can be added to those. We can do it manually by moving vm disks around in azure portal or just run the powershell script below and let it do the work. I picked this up from some blog and made few fixes and changes to it as it was bit outdated and crashing. But it did the work for me in the end, and hopefully helps someone out too.

<#

# Migrate a standalone virtual machine to a DS Series virtual machine with Premium storage. Both the VM’s are in the same subscription
.\MigrateVMToPremiumStorage.ps1 -SourceVMName “rajsourcevm2″ -SourceServiceName “rajsourcevm2″ -DestVMName “rajdsvm16″ -DestServiceName “rajdsvm16svc” -Location “West US” -VMSize Standard_DS2 -DestStorageAccountName ‘rajwestpremstg19′ -DestStorageAccountContainer ‘vhds’ -VNetName rajvnettest3 -SubnetName FrontEndSubnet

#>

[CmdletBinding(DefaultParameterSetName=“Default”)]
Param
(
[Parameter (Mandatory = $true)]
[string] $SourceVMName,

[Parameter (Mandatory = $true)]
[string] $SourceServiceName,

[Parameter (Mandatory = $true)]
[string] $DestVMName,

[Parameter (Mandatory = $true)]
[string] $DestServiceName,

[Parameter (Mandatory = $true)]
#[ValidateSet(‘West US’,‘East US 2′,‘West Europe’,‘East China’,‘Southeast Asia’,‘West Japan’,’Australia East’, ignorecase=$true)]
[string] $Location,

[Parameter (Mandatory = $true)]
#[ValidateSet(‘Standard_DS1′,‘Standard_DS2′,‘Standard_DS3′,‘Standard_DS4′,‘Standard_DS11′,‘Standard_DS12′,‘Standard_DS13’,‘Standard_DS14′, ignorecase=$true)]
[string] $VMSize,

[Parameter (Mandatory = $true)]
[string] $DestStorageAccountName,

[Parameter (Mandatory = $true)]
[string] $DestStorageAccountContainer,

[Parameter (Mandatory = $false)]
[string] $VNetName,

[Parameter (Mandatory = $false)]
[string] $SubnetName
)

#publish version of the the powershell cmdlets we are using
(Get-Module Azure).Version

#$VerbosePreference = “Continue”
$StorageAccountTypePremium = ‘Premium_LRS’

#############################################################################################################
#validation section
#Perform as much upfront validation as possible
#############################################################################################################

#validate upfront that this service we are trying to create already exists
if((Get-AzureService -ServiceName $DestServiceName -ErrorAction SilentlyContinue) -ne $null)
{
Write-Error “Service [$DestServiceName] already exists”
return
}

#Determine we are migrating the VM to a Virtual network. If it is then verify that VNET exists
if( !$VNetName -and !$SubnetName )
{
$DeployToVNet = $false
}
else
{
$DeployToVNet = $true
$vnetSite = Get-AzureVNetSite -VNetName $VNetName -ErrorAction SilentlyContinue

if (!$vnetSite)
{
Write-Error “Virtual Network [$VNetName] does not exist”
return
}
}

Write-Host “DepoyToVNet is set to [$DeployToVnet]”

#TODO: add validation to make sure the destination VM size can accomodate the number of disk in the source VM

$DestStorageAccount = Get-AzureStorageAccount -StorageAccountName $DestStorageAccountName -ErrorAction SilentlyContinue

#check to see if the storage account exists and create a premium storage account if it does not exist
if(!$DestStorageAccount)
{
# Create a new storage account
Write-Output “”;
Write-Output (“Configuring Destination Storage Account {0} in location {1}” -f $DestStorageAccountName, $Location);

$DestStorageAccount = New-AzureStorageAccount -StorageAccountName $DestStorageAccountName -Location $Location -Type $StorageAccountTypePremium -ErrorVariable errorVariable -ErrorAction SilentlyContinue | Out-Null

if (!($?))
{
throw “Cannot create the Storage Account [$DestStorageAccountName] on $Location. Error Detail: $errorVariable”
}

Write-Verbose “Created Destination Storage Account [$DestStorageAccountName] with AccountType of [$($DestStorageAccount.AccountType)]”
}
else
{
Write-Host “Destination Storage account [$DestStorageAccountName] already exists. Storage account type is [$($DestStorageAccount.AccountType)]”

#make sure if the account already exists it is of type premium storage
if( $DestStorageAccount.AccountType -ne $StorageAccountTypePremium )
{
Write-Error “Storage account [$DestStorageAccountName] account type of [$($DestStorageAccount.AccountType)] is invalid”
return
}
}

Write-Host “Source VM Name is [$SourceVMName] and Service Name is [$SourceServiceName]”

#Get VM Details
$SourceVM = Get-AzureVM -Name $SourceVMName -ServiceName $SourceServiceName -ErrorAction SilentlyContinue

if($SourceVM -eq $null)
{
Write-Error “Unable to find Virtual Machine [$SourceServiceName] in Service Name [$SourceServiceName]”
return
}

Write-Host “vm name is [$($SourceVM.Name)] and vm status is [$($SourceVM.Status)]”

#need to shutdown the existing VM before copying its disks.
if($SourceVM.Status -eq “ReadyRole”)
{
Write-Host “Shutting down virtual machine [$SourceVMName]”
#Shutdown the VM
Stop-AzureVM -ServiceName $SourceServiceName -Name $SourceVMName -Force
}

$osdisk = $SourceVM | Get-AzureOSDisk

Write-Host “OS Disk name is $($osdisk.DiskName) and disk location is $($osdisk.MediaLink)”

$disk_configs = @{}

# Used to track disk copy status
$diskCopyStates = @()

##################################################################################################################
# Kicks off the async copy of VHDs
##################################################################################################################

# Copies to remote storage account
# Returns blob copy state to poll against
function StartCopyVHD($sourceDiskUri, $diskName, $OS, $destStorageAccountName, $destContainer)
{
Write-Host “Destination Storage Account is [$destStorageAccountName], Destination Container is [$destContainer]”

#extract the name of the source storage account from the URI of the VHD
$sourceStorageAccountName = $sourceDiskUri.Host.Replace(“.blob.core.windows.net”, “”)

$vhdName = $sourceDiskUri.Segments[$sourceDiskUri.Segments.Length – 1].Replace(“%20″,” “)
$sourceContainer = $sourceDiskUri.Segments[$sourceDiskUri.Segments.Length – 2].Replace(“/”, “”)

$sourceStorageAccountKey = (Get-AzureStorageKey -StorageAccountName $sourceStorageAccountName).Primary
$sourceContext = New-AzureStorageContext -StorageAccountName $sourceStorageAccountName -StorageAccountKey $sourceStorageAccountKey

$destStorageAccountKey = (Get-AzureStorageKey -StorageAccountName $destStorageAccountName).Primary
$destContext = New-AzureStorageContext -StorageAccountName $destStorageAccountName -StorageAccountKey $destStorageAccountKey
if((Get-AzureStorageContainer -Name $destContainer -Context $destContext -ErrorAction SilentlyContinue) -eq $null)
{
New-AzureStorageContainer -Name $destContainer -Context $destContext | Out-Null

while((Get-AzureStorageContainer -Name $destContainer -Context $destContext -ErrorAction SilentlyContinue) -eq $null)
{
Write-Host “Pausing to ensure container $destContainer is created..” -ForegroundColor Green
Start-Sleep 15
}
}

# Save for later disk registration
$destinationUri = “https://$destStorageAccountName.blob.core.windows.net/$destContainer/$vhdName”

if($OS -eq $null)
{
$disk_configs.Add($diskName, “$destinationUri”)
}
else
{
$disk_configs.Add($diskName, “$destinationUri;$OS”)
}

#start async copy of the VHD. It will overwrite any existing VHD
$copyState = Start-AzureStorageBlobCopy -SrcBlob $vhdName -SrcContainer $sourceContainer -SrcContext $sourceContext -DestContainer $destContainer -DestBlob $vhdName -DestContext $destContext -Force

return $copyState
}

##################################################################################################################
# Tracks status of each blob copy and waits until all the blobs have been copied
##################################################################################################################

function TrackBlobCopyStatus()
{
param($diskCopyStates)
do
{
$copyComplete = $true
Write-Host “Checking Disk Copy Status for VM Copy” -ForegroundColor Green
foreach($diskCopy in $diskCopyStates)
{
$state = $diskCopy | Get-AzureStorageBlobCopyState | Format-Table -AutoSize -Property Status,BytesCopied,TotalBytes,Source
if($state -ne “Success”)
{
$copyComplete = $true
Write-Host “Current Status” -ForegroundColor Green
$hideHeader = $false
$inprogress = 0
$complete = 0
foreach($diskCopyTmp in $diskCopyStates)
{
$stateTmp = $diskCopyTmp | Get-AzureStorageBlobCopyState
$source = $stateTmp.Source
if($stateTmp.Status -eq “Success”)
{
Write-Host (($stateTmp | Format-Table -HideTableHeaders:$hideHeader -AutoSize -Property Status,BytesCopied,TotalBytes,Source | Out-String)) -ForegroundColor Green
$complete++
}
elseif(($stateTmp.Status -like “*failed*”) -or ($stateTmp.Status -like “*aborted*”))
{
Write-Error ($stateTmp | Format-Table -HideTableHeaders:$hideHeader -AutoSize -Property Status,BytesCopied,TotalBytes,Source | Out-String)
return $false
}
else
{
Write-Host (($stateTmp | Format-Table -HideTableHeaders:$hideHeader -AutoSize -Property Status,BytesCopied,TotalBytes,Source | Out-String)) -ForegroundColor DarkYellow
$copyComplete = $false
$inprogress++
}
$hideHeader = $true
}
if($copyComplete -eq $false)
{
Write-Host “$complete Blob Copies are completed with $inprogress that are still in progress.” -ForegroundColor Magenta
Write-Host “Pausing 60 seconds before next status check.” -ForegroundColor Green
Start-Sleep 60
}
else
{
Write-Host “Disk Copy Complete” -ForegroundColor Green
break
}
}
}
} while($copyComplete -ne $true)
Write-Host “Successfully Copied up all Disks” -ForegroundColor Green
}

# Mark the start time of the script execution
$startTime = Get-Date

Write-Host “Destination storage account name is [$DestStorageAccountName]”

# Copy disks using the async API from the source URL to the destination storage account
$diskCopyStates += StartCopyVHD -sourceDiskUri $osdisk.MediaLink -destStorageAccount $DestStorageAccountName -destContainer $DestStorageAccountContainer -diskName $osdisk.DiskName -OS $osdisk.OS

# copy all the data disks
$SourceVM | Get-AzureDataDisk | foreach {

Write-Host “Disk Name [$($_.DiskName)], Size is [$($_.LogicalDiskSizeInGB)]”

#Premium storage does not allow disks smaller than 10 GB
if( $_.LogicalDiskSizeInGB -lt 10 )
{
Write-Warning “Data Disk [$($_.DiskName)] with size [$($_.LogicalDiskSizeInGB) is less than 10GB so it cannnot be added”
}
else
{
Write-Host “Destination storage account name is [$DestStorageAccountName]”
$diskCopyStates += StartCopyVHD -sourceDiskUri $_.MediaLink -destStorageAccount $DestStorageAccountName -destContainer $DestStorageAccountContainer -diskName $_.DiskName
}
}

#check that status of blob copy. This may take a while if you are doing cross region copies.
#even in the same region a 127 GB takes nearly 10 minutes
TrackBlobCopyStatus -diskCopyStates $diskCopyStates

# Mark the finish time of the script execution
$finishTime = Get-Date

# Output the time consumed in seconds
$TotalTime = ($finishTime – $startTime).TotalSeconds
Write-Host “The disk copies completed in $TotalTime seconds.” -ForegroundColor Green

Write-Host “Registering Copied Disk” -ForegroundColor Green

$luncount = 0 # used to generate unique lun value for data disks
$index = 0 # used to generate unique disk names
$OSDisk = $null

$datadisk_details = @{}

foreach($diskName in $disk_configs.Keys)
{
$index = $index + 1

$diskConfig = $disk_configs[$diskName].Split(“;”)

#since we are using the same subscription we need to update the diskName for it to be unique
$newDiskName = “$DestVMName” + “-disk-“ + $index

Write-Host “Adding disk [$newDiskName]”

#check to see if this disk already exists
$azureDisk = Get-AzureDisk -DiskName $newDiskName -ErrorAction SilentlyContinue

if(!$azureDisk)
{

if($diskConfig.Length -gt 1)
{
Write-Host “Adding OS disk [$newDiskName] -OS [$diskConfig[1]] -MediaLocation [$diskConfig[0]]”

#Expect OS Disk to be the first disk in the array
$OSDisk = Add-AzureDisk -DiskName $newDiskName -OS $diskConfig[1] -MediaLocation $diskConfig[0]

$vmconfig = New-AzureVMConfig -Name $DestVMName -InstanceSize $VMSize -DiskName $OSDisk.DiskName

}
else
{
Write-Host “Adding Data disk [$newDiskName] -MediaLocation [$diskConfig[0]]”

Add-AzureDisk -DiskName $newDiskName -MediaLocation $diskConfig[0]

$datadisk_details[$luncount] = $newDiskName

$luncount = $luncount + 1
}
}
else
{
Write-Error “Unable to add Azure Disk [$newDiskName] as it already exists”
Write-Error “You can use Remove-AzureDisk -DiskName $newDiskName to remove the old disk”
return
}
}

#add all the data disks to the VM configuration
foreach($lun in $datadisk_details.Keys)
{
$datadisk_name = $datadisk_details[$lun]

Write-Host “Adding data disk [$datadisk_name] to the VM configuration”

$vmconfig | Add-AzureDataDisk -Import -DiskName $datadisk_name -LUN $lun
}

#read all the end points in the source VM and create them in the destination VM
#NOTE: I don’t copy ACL’s yet. I need to add this.
$SourceVM | get-azureendpoint | foreach {

if($_.LBSetName -eq $null)
{
write-Host “Name is [$($_.Name)], Port is [$($_.Port)], LocalPort is [$($_.LocalPort)], Protocol is [$($_.Protocol)], EnableDirectServerReturn is [$($_.EnableDirectServerReturn)]]”
$vmconfig | Add-AzureEndpoint -Name $_.Name -LocalPort $_.LocalPort -PublicPort $_.Port -Protocol $_.Protocol -DirectServerReturn $_.EnableDirectServerReturn
}
else
{
write-Host “Name is [$($_.Name)], Port is [$($_.Port)], LocalPort is [$($_.LocalPort)], Protocol is [$($_.Protocol)], EnableDirectServerReturn is [$($_.EnableDirectServerReturn)], LBSetName is [$($_.LBSetName)]”
$vmconfig | Add-AzureEndpoint -Name $_.Name -LocalPort $_.LocalPort -PublicPort $_.Port -Protocol $_.Protocol -DirectServerReturn $_.EnableDirectServerReturn -LBSetName $_.LBSetName -DefaultProbe
}
}

#
if( $DeployToVnet )
{
Write-Host “Virtual Network Name is [$VNetName] and Subnet Name is [$SubnetName]”

$vmconfig | Set-AzureSubnet -SubnetNames $SubnetName
$vmconfig | New-AzureVM -ServiceName $DestServiceName -VNetName $VNetName -Location $Location
}
else
{
#Creating the virtual machine
$vmconfig | New-AzureVM -ServiceName $DestServiceName -Location $Location
}

#get any vm extensions
#there may be other types of extensions that be in the source vm. I don’t copy them yet
$SourceVM | get-azurevmextension | foreach {
Write-Host “ExtensionName [$($_.ExtensionName)] Publisher [$($_.Publisher)] Version [$($_.Version)] ReferenceName [$($_.ReferenceName)] State [$($_.State)] RoleName [$($_.RoleName)]”
get-azurevm -ServiceName $DestServiceName -Name $DestVMName -Verbose | set-azurevmextension -ExtensionName $_.ExtensionName -Publisher $_.Publisher -Version $_.Version -ReferenceName $_.ReferenceName -Verbose | Update-azurevm -Verbose
}