How to get Azure App Service TLS configuration information using Azure .NET Fluent SDK?
I'm trying to get TLS version configured on an App Service (WebApp) using Azure Fluent .NET SDK in C#.
I used the following code to get WebApp information using LINQPad :
// Nuget : Install-Package Microsoft.Azure.Management.AppService.Fluent -Version 1.24.0
// using Microsoft.Azure.Management.AppService.Fluent;
// using Microsoft.Azure.Management.AppService.Fluent.Models;
// using Microsoft.Azure.Management.ResourceManager.Fluent;
// Using a Service Principal created on my Azure Subscription
var clientId = "<service_principal_clientid_with_readaccess>";
var tenantId = "<my_azuread_tenantid>";
var credentials = SdkContext
.AzureCredentialsFactory
.FromServicePrincipal(clientId,
Util.GetPassword("azure-cli-secret"), // LINQPad helper, replace if needed
tenantId,
AzureEnvironment.AzureGlobalCloud);
// Get one web app with TLS 1.2 configured
var webApp = AppServiceManager
.Authenticate(credentials, "<azure_subscription_id>")
.WebApps
.GetById("<webapp_resource_id>");
// Dump object returned, LINQPad helper method
webApp.Dump();
When dumping object model returned, I don't find the TLS information returned anywhere. That something that should be available since it's returned by the REST API.
Analysis
You can see that the information is available using https://resources.azure.com or directly on this endpoint :
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Web/sites/{appServiceName}/config?api-version=2018-02-01
That give you the following output (properties list shortened here) :
{
"value": [
{
"id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Web/sites/{appServiceName}/config/web",
"name": "{appServiceName}",
"type": "Microsoft.Web/sites/config",
"location": "West Europe",
"properties": {
"http20Enabled": false,
"minTlsVersion": "1.2",
"ftpsState": "AllAllowed",
"reservedInstanceCount": 0,
"preWarmedInstanceCount": null,
"healthCheckPath": null
}
}
],
"nextLink": null,
"id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Web/sites/{appServiceName}/config"
}
Then I looked at the SDK code source available here : https://github.com/Azure/azure-libraries-for-net. I found that the TLS version should be available in the SiteConfig object. This SiteConfig appears to be located inside the Inner property.
When looking at the object dump we got with LINQPad, we can see that the SiteConfig object isn't populated :
When debugging this code, with a break point, we can see that the information seems available internally but it's not mapped to the SiteConfig property available publicly inside Inner property.
Debug session screenshot where we see the non-public member _siteConfig populated :
Is it a bug or I missed something ?
Any ideas ?
Yes. If you use this way, the siteConfig will always return null. It is by design. If you want to get the related information, you can use the following method which would correct configuration as per your requirement:
AzureCredentials credentials = SdkContext.AzureCredentialsFactory.FromServicePrincipal(
clientId,
clientSecret,
tenantId,
AzureEnvironment.AzureGlobalCloud).WithDefaultSubscription(subscriptionId);
RestClient restClient = RestClient
.Configure()
.WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.WithCredentials(credentials)
.Build();
ResourceManagementClient resourceManagementClient = new ResourceManagementClient(restClient);
WebSiteManagementClient webSiteManagementClient = new WebSiteManagementClient(restClient);
webSiteManagementClient.SubscriptionId = subscriptionId;
var configs = webSiteManagementClient.WebApps.GetConfigurationAsync("<rg name>", "<app name>").Result;
var minTls = configs.MinTlsVersion;
Console.WriteLine(minTls);
- Azure Maps rejecting Route Request with ZipCode
- Create-React-App hosted in Azure getting a 404 with manual refresh or by typing the url manually on any page except the home page
- Why I'm getting 404 Resource Not Found to my newly Azure OpenAI deployment?
- Scanning for malware in files uploaded to Azure
- Azure blob, controlling filename on download
- How to delete/clear active/dead-letter messages from Azure Service Bus Queue?
- How to Generate .AAB file and Sign Android app Bundle using azure pipeline
- Get Access Token from Microsoft Graph for ClientId with delegated permissions
- Can't create password containing parentheses in Azure CLI
- Azure Web App Cannot Access Azure Container Registry Using Managed Identity
- Azure Access token just created but not capable to verify that is authentic
- Querying azure table storage for null values
- Azure App Functions, Storage queue trigger
- Error while running Terraform Import Command to import Azure Key Vault
- How to get Node.js app running on Azure App Service?
- K6 - Azure Blob Storage Authentication
- how to deprovision iotedge module and reconnect to a different iothub
- How to get the Azure assistant to use the vector store using SDK
- How can I invoke Azure Trusted Signing from a Linux OS?
- How to get client IP address in Azure Functions node.js?
- Get request headers in azure functions NodeJs Http Trigger
- Terraform Azure include NSG with subnet deployment
- What is preventing AKS from pulling images from ACR?
- Make Azure Keyvault secrets available in entire pipeline
- How to read S/MIME mails and their attachements
- Use delegated permissions with Client App Registration
- Unable to connect to Azure Function App after integrating into VNET
- add-kdsrootkey error the request is not supported
- How do you use Active Directory in a "hosted solution"?
- How can I select the proper openai.api_version?