Microsoft – Andy's Blog

AZ-900 Azure Fundamentals exam

I’ve been messing around with various prep materials for various Microsoft exams for a while now. I go back and forth, but I never seem to get far enough to actually take a test. The ground shifts under me, and I have to switch my focus to something else.

I’d been working towards taking the AZ-204 exam, starting in mid-2024, but I kept getting sidetracked. Well, I got serious about it again recently. But then I realized that there’s some overlap between AZ-204 and AZ-900, and I could probably prep for the AZ-900 in just a few days. I already know a lot of the material on AZ-900, so there wasn’t much extra stuff to learn.

So I spent some time last week studying, then got enough done over the weekend that I felt I could take the exam today. And with the online exams, you can generally get a same-day appointment. So I did that, and passed the exam today!

The process for the online, at-home, exam is pretty much the same as it was in 2023, when I passed the PL-900 exam. The one wrinkle I had this time was that I couldn’t get through the pre-exam system check. Long story short: I had to go into “Windows Features” on my laptop and disable anything related to Hyper-V. They don’t want you taking the exam on a VM, which I can kinda understand, but they also make it impossible to take the exam on a laptop that’s configured as a VM host, which is kinda silly. I also had an issue where the proctor made me wander around my table with my laptop, showing her my entire kitchen table via the webcam, to make sure the table surface was actually clear. And she had me take off my watch. So the prep was a bit of a pain, and took longer than the actual test. I don’t remember the proctor bothering me at all last time.

I paid for the exam myself, using a 50% discount that I can get through ESI (Enterprise Skills Initiative), so it was only $50. I might get reimbursed for it, or I might not. I decided to take this exam without running it by my boss first. I was afraid he might throw some obstacles in my way, and I just wanted to “strike while the iron was hot,” so to speak.

I’ve also rediscovered today that my “test anxiety” problem is still a thing. I’ve always had it. It peaked in high school, where I went through a phase where I would get physically sick when dealing with high-pressure tests (like finals or mid-terms). At some point, I realized what was happening, and got it under control. (There was really no guidance for mental health stuff for teenagers back then, so I’m not sure how I did it. I just figured it out on my own.) Anyway, even taking a dumb little Microsoft cert exam still makes me break out in a sweat, apparently.

I’m probably going to try for the AZ-204 later this year, if I can find the time to finish the prep.

Windows 11, and more audio stuff

I feel like I’m blogging too much lately, but I also feel like I have a lot of stuff rattling around in my head, and I need to get it out.

I’ve mentioned in a recent post that we’re in the middle of a company-wide Windows 11 upgrade at work. They finally got around to pushing it out to my desktop on Wednesday and my laptop on Thursday. The desktop upgrade broke networking, which was a bit of an issue. I won’t get into the details, but I had to unplug the PC and walk it over to our help desk so they could get it working again. That cost me a couple of hours, between the upgrade and all the troubleshooting and back and forth.

The laptop upgrade was easier. I had a similar networking issue, but I knew how to fix it now, and could do that myself, in that instance. Also, I could continue working on the desktop while the laptop was updating itself. (With the desktop, I hadn’t brought in the laptop that day, so I was stuck fooling around on my phone while the upgrade was running, and while I was waiting on the help desk…)

Windows 11 hasn’t broken any of the tools I rely on for work. It’s made one or two things slightly harder to do. I don’t think it’s made anything easier. (I’ve probably said this before, but my criteria for OS upgrade success these days isn’t “does it make things better?” but rather “does it break anything important?” and “how much more of a pain is it vs. the old version?”)

I’ve been toying with the idea of upgrading my home desktop PC to Windows 11, despite the fact that it’s not really supported. (The CPU is too old.) I set a registry value that is supposed to bypass the CPU check. But that still wouldn’t allow me to run the installation assistant. So, then, I made a bootable installer on a USB stick, but that won’t let me upgrade, just do a clean install. So, anyway, that was all a waste of time.

Back on the audio stuff: There were three football games airing exclusively on the NFL Network yesterday, and I wanted to watch them. (Maybe not all of them, but I wanted to kill a little time with football playing in the background.) My NFL+ subscription lets me do that, but I couldn’t get the audio working in the NFL app on my Apple TV. This is one of those things that should just be a minor irritation, but I was in enough of a mood when this happened that I got really frustrated with it. I actually could get sound, weirdly, if I switched from my TV speakers to AirPlay output to my Sonos speakers. (I’m using a Sonos soundbar as my TV speaker anyway, but I have it directly hooked up to the TV, so the Apple TV isn’t normally aware that it’s even using the Sonos.) I’m definitely not the only person to have this issue with the NFL app. I’ve found references to it on Reddit and the Apple forums. And the NFL+ site has an article about troubleshooting audio problems, but it’s typically generic and useless.

The frustration was mostly around how complex something as simple as watching TV has gotten… It used to be that you could just turn on your TV, and, you know, watch a football game. Now I have to turn on the TV, switch the HDMI input to the Apple TV, turn on the Apple TV, launch the app, watch it lock up, force quit the app, relaunch the app, wait for it to load, find the right button to press to get into the right feed… Yeah, I know I’m an old man. I should be happy I have so many options for quality entertainment.

And a little more on my new Beats Studio Pro headphones: I found a good video review of them from MKBHD. And I used them last night to watch 65 on Netflix. “Loud dinosaur movie” was a good choice for checking them out. They worked well for that, and successfully drowned out the Christmas music outside.

I’ve been awake today since 5:30 AM. It’s almost noon now. I haven’t done much useful, but I made myself a nice breakfast, went for two walks, listened to some music, read some comics, and had a croissant for a snack, so life is good, I guess.

Software changes – Edge, Apple Music, Windows 11

I thought I’d post a follow-up today on a couple of software items I’ve blogged about recently, plus one new one.

Microsoft Edge

First: my switch from Firefox to Edge at work. I’m not having any real problems with Edge, though I’m missing a few things I had in Firefox. And I’m experimenting with some Edge features that look interesting. One thing I tried to figure out today is the difference between tab groups, collections, and workspaces. (And whether or not it was worth using any of them.) In Firefox, I used to use the OneTab extension to take groups of tabs and save them off to the side. That extension is available for Edge too, though it’s not on our “officially approved” list. So I thought I’d see if I could just use a built-in Edge feature for that. Here’s what I figured out:

Tab groups are a simple way to group a bunch of tabs together. You can’t really do much with them other than group them together. Tab groups seem to survive closing and reopening Edge. I’m not sure if they’ll sync between my laptop and desktop, but I suspect they will.
Collections are a little more flexible than tab groups. You can add open tabs to a collection, and you can also add text notes and images apparently (though I haven’t tried). Collections definitely survive closing and reopening Edge, and I’m pretty sure they sync. You can dump a collection out to a new OneNote page too, so that’s potentially useful. And you can copy all of the URLs in a collection to the clipboard, which is similar to something I used to do in Firefox with a specific extension. (I can’t remember the name on that one, but OneTab replaced it, really.)
Workspaces looked promising, at first, but I think they’re mostly useful for sharing a group of tabs/pages with a group. There are limitations on using them that, I think, make them less useful than tab groups or collections for my purposes.

So, in a nutshell, I think I’m going to start using collections for the stuff I used to use OneTab for.

Apple Music

I mentioned last week that I’d installed the Apple Music Preview on my PC. It’s working out OK, I guess, but I had been assuming that I could switch back and forth between Apple Music and iTunes. That turns out to be incorrect. If I launch iTunes now, it shows me a message saying that it can only be used to manage podcasts and audiobooks now. Once you install Apple Music, you can’t use iTunes for music anymore. And, on top of that, you need to install Apple TV Preview if you want to manage your movies and TV shows. So I went ahead and did that too.

If I knew that there was no going back to iTunes, I don’t think I would have installed Apple Music. But now I guess I have to get used to it.

Windows 11

I got an email today saying that my work machines would be upgraded to Windows 11 soon. (I have a laptop and a desktop, both on Windows 10 right now.) They’re going to push the upgrade out through Windows Update. I’m a little unclear on timing, but I think they might be pushing it out over the Thanksgiving weekend.

It occurs to me that I’ve never actually done a Windows 11 upgrade. At home, I have a Windows 10 desktop and a Windows 11 laptop. The desktop can’t be upgraded to Windows 11, unfortunately. It meets all of my needs, otherwise, so I’ve just stuck with it. But if my work machines are all going to be running Windows 11, I probably need to ditch the old desktop at home and buy a new one that can handle Windows 11, so I’m running it everywhere. And if I do that, it’s going to push me into a bunch of other upgrades, I think. Like maybe getting a new monitor that actually uses HDMI instead of whatever old standard my current monitor uses. And probably buying an external DVD burner, since new machines don’t ever seem to come with built-in optical drives anymore. Oh well. I got this old PC in 2016, and I’m not sure how old the monitor is. So it’s probably time for some new hardware.

AI chaos

It figures. On Friday, I decide to finally buy in to the whole ChatGPT thing, first trying to sign up for ChatGPT Plus, then, when I couldn’t do that, signing up for a paid Poe subscription instead. Then, the whole thing starts falling apart. Last time I checked, Sam Altman is probably working for Microsoft now, and most of OpenAI’s employees are threatening to quit if the board doesn’t resign. Or maybe the Microsoft thing isn’t final, and Altman could still go back to OpenAI (according to one article I read about five minutes ago)… It’s all very confusing.

There are a LOT of articles out there about this stuff, of course. I’ve tried to find a couple of good/useful takes, and I think this one from Ben Thompson is probably useful, and this one from Jeff Jarvis is interesting and at least a little funny.

I’ve been getting into all this stuff maybe a little too deeply lately. I should probably leave it alone this week, and see what it looks like after Thanksgiving (assuming this stuff will shake out by then).

.NET Conf, and yet more on AI

.Net Conf was this week. I caught a few sessions here and there, but not much. Maybe I can check the playlist and catch up on anything good that I missed over the weekend. The main point of the conference was to push .NET 8. From what I’ve seen so far, it’s… fine. But there’s nothing there that makes me want to jump on it and start moving older projects over to it.

Meanwhile, I’m continuing to try to learn more about ChatGPT and other generative AI / LLM topics. I finished a LinkedIn course called ChatGPT for Web Developers this week, and that was kind of useful. I’d reached the point where I was ready to sign up for ChatGPT Plus, so I could play around with GPT 4 and other advanced stuff, but now there’s a waitlist. I guess there was so much interest from the DevDay stuff, that they couldn’t keep up. (I wonder how much money/hardware/etc. it takes to keep ChatGPT running. I know it’s a lot, but…)

So, since I couldn’t give OpenAI any of my money, I threw some at Poe instead. I gave them $200 for a year’s subscription. I’m not sure if Poe is worth that much, but at least I can now use GPT 4, albeit only through Poe’s interface. Maybe I’ll experiment with Poe’s bot creation tools, though I don’t know if I have any compelling bot ideas. Oh, and of course, as soon as I paid for Poe, I noticed that work started blocking it. So I guess work is committed to blocking all AI chatbots except our internal one, and the Bing/Copilot one. (Which is fine… Bing/Copilot chat works well enough, I guess.)

I actually used the Bing/Copilot chatbot a lot over the last few days, as I was trying to figure out how to solve a specific problem with a project I’m working on. It was useful, but I could probably have gotten just as far with old-fashioned internet searches. It might have taken a little longer though.

some follow up on grammar checking and AI

First, a bit of follow-up on my post about Grammarly and other grammar checkers: I missed one obvious alternative, Microsoft Editor. It’s a little confusing. It seems to be available as a free browser extension, but only for Edge and Chrome, not Firefox or Safari. And the “premium” features are part of Microsoft 365, which I do subscribe to. I guess it also works in MS Word, so I could theoretically copy my blog posts into Word, check the grammar there, then paste them back into WordPress, but I know that won’t work well. Or I could switch to Edge, but that’s only on Windows. Or I could switch to Chrome, which will work on Windows and Mac, but I’m really trying to avoid that. So… I guess I’ll think about it. Probably not my best option.

And, in general AI news, I liked this snarky article from Gizmodo. Sam Altman and OpenAI are certainly fascinating. I’m not sure if the company is going to change the world, or if it’s a load of B.S. and it’s going to fall apart a year from now. There are a few good lines in the article, like this one: “So far, ChatGPT is very good at writing limericks and telling lies.” Which is basically true. I’m pretty sure that we’re still a long way from AGI, if such a thing is even possible. (Though it’s pretty hard to even nail down what would count as AGI, at this point.)

I’m not sure about the whole “effective altruism” thing. It’s been getting a lot of negative press lately. The article says “Effective Altruism posits that the solution to humanity’s problems is for people with good intentions to get extremely rich and then donate the money to good causes,” which is… not exactly correct, but probably close enough, in practice. I’m not sure if I trust folks like Sam Altman to effectively redistribute his wealth once he decides he has enough to do that. Or for other effective altruists to make all the right decisions for the rest of us…

Something else I saw recently reminded me of the concept of fully automated luxury communism, which I remember some folks talking about on Twitter a few years ago, in a generally jokey way. My naive understanding of that, at the time, was that it was basically describing a post-scarcity future, like Gene Roddenberry‘s conception of what Earth would be like in the future, as envisioned in Star Trek.

And of course I just asked ChatGPT to compare and contrast Effective Altruism and Fully Automated Luxury Communism, and it came back with a pretty good summary. And then I asked it what Gene Roddenberry would have thought of FALC, and it came back with, again, a pretty reasonable answer. So maybe this ChatGPT thing isn’t just good for limericks and telling lies.

no more Firefox (at work)

I got a little surprise this morning, when I logged into my work PC and launched Firefox. The program still worked, but I got a popup from Windows telling me that access to the Mozilla update site was blocked.

Firefox has always been on our approved software list, so that surprised me. There hadn’t been an email about banning it, or anything like that. I checked the list, and it was still on there, so that got me wondering if the block was a mistake or something. I also considered that maybe they’d switched to a managed install, with updates pushed out from Software Center. But that didn’t seem to be the case either.

So I gave up and opened a support ticket to ask about it. (I’m always hesitant to do that for stuff like this, because I get paranoid that maybe I was never supposed to be using Firefox, and asking about it is going get me sent before the Spanish Inquisition or something.) I got a response back that, yep, InfoSec had decided to block Firefox. So, oh well, I had to switch to Edge today.

Edge actually isn’t that bad. And it has one advantage over Firefox (at least in our org). We’ve always blocked syncing Firefox user profiles, so I can’t easily keep my bookmarks or preferences in sync between my laptop and desktop with Firefox. But we do allow sync in Edge. So that’ll be nice.

The thing I’ll miss most about Firefox (and the main reason why I’ve stuck with it at work) is the Multi-Account Containers add-on. I have to juggle a bunch of different Microsoft accounts, and it’s nice to be able to have a container for the oddball ones, so they don’t confuse things for my everyday work under my normal AAD account. In Edge, I guess I’ll have to just use private windows for that, which kind of sucks, since I’ll then have to log in every single time. But I can deal with that.

I managed to import my Firefox bookmarks into Edge, then spent a bunch of time cleaning them up and organizing them. All said, I probably spent about two hours today figuring out why I couldn’t use Firefox, switching to Edge, cleaning up bookmarks, logging in to sites, poking around in preferences, and so on.

As part of this switch, I’m also going to try to switch from DuckDuckGo to Bing. Microsoft really wants you to use Bing, and there are some advantages to it, so I’m going to give it a try.

We’re also planning a mass Windows 11 upgrade at work. I’m not sure how they’re going to do that, but I’m a little worried about it. If I have to upgrade both my desktop and laptop, that could take a bit of time and involve a bit of risk. I guess that maybe I’m better off there than a lot of people, since i have two machines, and I can keep using one while the other is getting upgraded. (Most people now only have a laptop.)

Oh well, I guess it’s time to embrace the all-Microsoft future, and get used to Windows 11, Edge, Bing, and whatever else they throw at us.

General learning stuff

First, a little follow-up from my last post: The Credly thing was a little weird. There’s a working LinkedIn integration that will add the credential to your profile and let you post about it. So that’s good. There are options to share to Twitter and Facebook too, but neither worked. I manually posted the credential link to Facebook, Twitter, and Mastodon, just for yuks. So maybe I’ll get some “likes” out of that. Not that it matters, but I crave attention and validation, like most 21st-century humans.

On the broader topic of education: I’ve been working on figuring out some of the newer .NET Web API stuff lately. My existing .NET Web APIs are all .NET 4.x. Until recently, I hadn’t tried to create one under ASP.NET Core. I’ve been working my way through this course on Pluralsight.

I still get access to Pluralsight through work, which is great. My company recently discontinued access to Percipio though. I wasn’t really using Percipio that much, and I still have access to it through ACM, so it’s no big deal that work has stopped paying for it. That got me thinking about O’Reilly Learning again. When I got the email telling me that we were dropping Percipio, I responded with a suggestion that they look into O’Reilly. I don’t have much hope that our L&D folks will want to spend the money on O’Reilly, but I thought I’d suggest it. You never know.

Our L&D folks (and I guess someone influential in management) have been pushing a lot of leadership stuff lately in a couple of areas that I wasn’t previously familiar with. First is John C. Maxwell’s 5 levels of leadership. I guess that Maxwell is actually a pretty big name in the “leadership” area, though I’d never heard of him. He’s written a bunch of books. I’m considering picking up the 5 Levels of Leadership book, either in Kindle or Audible format. I’ve got mixed feelings though. On the one hand, I want to learn stuff that might be important and help make me a better manager. On the other hand, I’m about halfway through the third Wheel of Time book, and I don’t want to get off track on that.

The other big thing they’re starting to push at work is something called Emergenetics, which sounds pretty fishy to me, but is apparently not a weird pseudo-religion or anything like that. I don’t have much to say about it, since i haven’t really started looking into it yet.

I’m not really sure where these two initiatives came from. It might be somebody in L&D, or somebody in management. We do have a bunch of new high-level managers that have been hired from outside recently. We used to get most of our high-level managers from internal promotions, but I guess our president wanted to bring in some fresh blood. Overall, there’s a good bit of uncertainty in the company, due to all of the new managers coming in, and various changes going on. I’m trying to take a “wait and see” attitude, and keep an open mind.

I do have three direct reports now, so I should probably try to keep up on the management philosophy stuff. I haven’t really been an active manager in a long time. And, since they made me a manager about six months ago, I’ve actually done very little management. I’m mostly just letting my direct reports do their work, and leaving them alone. But I should probably try to more actively engage with them. At some point, I’ll probably have to do performance reviews, so I guess I should at least engage enough to be able to do that properly.

It’s hard to juggle all of this. I want to keep up on all the technical stuff, like ASP.NET and Power Platform, and so on, but I also need to work on the “soft skills” stuff.

finally Microsoft certified, again

Well, it’s just about three months since I committed to taking the exam for Microsoft’s PL-900 certification. Per this post, I got an exam voucher from my company, back in March. At that time, I set a “next week” reminder flag on that email in Outlook, and I’ve just been kicking the reminder to “next week” again every Friday. So finally I decided to just stop putting it off and take the test today. (It helps that it was a quiet day, with nothing else on my calendar.)

I have a few observations about the exam-taking process that I thought I’d share, since I wasn’t at all sure how it was going to work, so maybe this will help someone else who is planning on taking a Microsoft exam.

First, I wasn’t sure if I should go for the at-home option or go to a testing center. I checked Pearson’s site for local testing centers, and there’s one that’s about 10 miles away from here. So not too far, but far enough that I thought I’d try the at-home option instead.

At-home, of course, was not an option the last time I took an exam, back in 2010. I’d heard some worrying things about the requirements for at-home tests, which I wasn’t sure I’d be able to fulfill. They want to minimize cheating, of course, so you have to take photos of your work environment, to show that you don’t have any reference material at hand. My apartment is so cluttered that I wasn’t sure I’d be able to do that. But I managed to clear everything off my kitchen table, and I guess the photos I took were good enough for them.

But to back up a bit, first I had to schedule the exam. I know that there’s supposed to be some human review/monitoring of the exam, so I wasn’t sure if it would be easy to get a spot, but it turned out to be quite easy to schedule the exam for today. If I’d wanted, I could have taken the exam right away. I didn’t want that though, so I scheduled it for 1:45 PM. You need to check in for the exam prior to the start time, and you can do that 30 minutes prior.

After registration, I went through the “pre-flight check” that involved downloading a small program to my computer and verifying that my webcam and microphone worked, and that my internet connectivity was good enough. That was no problem.

After that, I spent some time taking (and failing) the MeasureUp practice exam again. Given that I’ve never successfully passed the practice exam, I really wasn’t sure I’d be able to pass the real one.

So at 1:15 PM, I went ahead and checked in for the exam. That process takes a while, and requires you to go through the webcam and microphone check again. Then it requires you to take some photos on your phone. They need a photo of your face, your ID (front and back), and four photos of your workspace. That all went smoothly enough. There’s no phone app for this; it’s all done through a website, which you can get to through a QR code or a text message link.

Once you’ve done all that, you have to put your phone away, so it’s out of reach, then you get put into a queue to start the test. I’m guessing that a human needs to manually review your photos and OK them. Or maybe it’s all fed into an AI thing, and only manually reviewed if the AI fails. I don’t know. It took a while for me to get out of the queue, and there were a couple of notices about connection issues that worried me a bit. But eventually I got through and the test started.

I kind of thought that there might be some required human interaction before the test, either in chat or onscreen via webcam/mic, but there was none. I just got transferred into the test.

There weren’t any unexpected surprises in the test itself. The questions were all pretty similar to what I’d seen in the practice exams. It took me about 30 minutes out of the 45 allowed to finish. And I got my results onscreen right after the exam.

I passed by a pretty reasonable margin, I think. I guess that result is a combination of (1) taking the real test more seriously than the practice tests, (2) having learned something from my repeated practice test failures, and (3) the practice tests being purposely harder than the real test.

So, post-exam, I went to the MS Learn site and downloaded a little PDF certificate, showing that I passed. I couldn’t initially find a detailed report on my score, but I just went back and checked again, and it’s there, on Pearson’s site. So my actual score was 822, where 700 was passing. Info on the scoring and the reports can be found here. I guess that’s 822 out of 1000, so… good enough.

I guess the next step here is to boast about passing the exam on social media. I think there was something on LinkedIn at one point where you could link your MCP profile to LinkedIn and then post a verified link to show that you’ve actually passed. I’m not sure if that’s still there, or if I’m even remembering that correctly. So I’ll want to look at that. And I kind of remember at one point that if you tagged MS Learning in a tweet about passing an exam, they’d retweet it and congratulate you. So I should see if I can do that. (Though I’m mostly staying off Twitter these days, for obvious reasons…)

I’ve already sent the scoring report to the person at my company that sent me the exam voucher. I guess that having a certain number of certified professionals on staff does something to help us maintain our partner status, or something like that. I know that we keep track of it.

I don’t really get much, personally, out of passing this exam. I’m not looking for a new job, and if I was, it wouldn’t be as a Power Platform guy anyway. And I don’t get a raise or bonus for doing it. But it was kind of fun and interesting to do. It’s been so long since I’ve had to take a test that it felt kind of weird to do it.

On the broader topic of continuing education, I’ve got a lot of stuff going on. This post is getting pretty long, so I’m not going to get into any of that here. Maybe I’ll write up another post over the weekend.

(UPDATE: Since I first published this, I’ve figured out that I can share a certified link to the certification through a site called Credly. So here’s the official link. So now you know I’m not lying about all this.)

getting authentication tokens from MSAL via PowerShell

I have a little PowerShell script that I can use to get tokens from MSAL, for an API project I maintain, and I could have sworn that I’d blogged about it at some point. But I can’t find a post mentioning it. So I guess it’s one of those things I meant to blog about, but never got around to it.

I just rewrote it for a new API project, so I thought I’d blog about that. And since I never actually blogged about the first version, I might as well include that too.

So the first API is an older .NET Framework project. In the Visual Studio solution, I have both the API and a console program that can be used to run some simple tests against it. The console program, of course, uses MSAL.NET to authenticate. (I blogged about that in 2021.) I also like to do little ad-hoc tests of the API with Fiddler, using the Composer tab. But I need to get a bearer token to do that. There are a bunch of ways to do that, but I wanted a simple PowerShell script that I could run at the command line and that would automatically save the token to the clipboard, so I could paste it into Fiddler. I also wanted the PowerShell script to read the client ID and secret (and other parameters) from the same config file that was used for the console program. The script shown below does that, reading parameters from the console program’s app.config file, and pulling the actual client ID and secret from environment variables. (All of this is, of course, to avoid storing secrets in any text files that might get accidentally checked in to source control…)

# get-auth-hdr-0.ps1
# https://gist.github.com/andyhuey/68bade6eceaff64454eaeabae2351552
# Get the auth hdr and send it to the clipboard.
# ajh 2022-08-29: rewrite to use MSAL.PS.
# ajh 2022-11-23: read secret from env vars.

#Requires -Version 5.1
#Requires -Modules @{ ModuleName="MSAL.PS"; ModuleVersion="4.0" }

# force TLS 1.2
$TLS12Protocol = [System.Net.SecurityProtocolType] 'Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $TLS12Protocol

echo $null | clip	# clear the clipboard.

# read the settings file.
$configFilePath = ".\App.config"
[xml]$configXML = Get-Content $configFilePath
$configXML.configuration.appSettings.add | foreach {
	$add = $_
	switch($add.key) {
		"ida:Authority" 		{$authority = $add.value; break}
		"xyz:ServiceResourceId"	{$svcResourceId = $add.value; break}
		"env:ClientId"			{$client_id_var = $add.value; break}
		"env:ClientSecret" 		{$client_secret_var = $add.value; break}
	}
}
if (!$client_id_var -or !$client_secret_var -or !$authority -or !$svcResourceId) {
	Write-Error "One or more settings are missing from $configFilePath."
	return
}

# and the env vars.
$client_id = [Environment]::GetEnvironmentVariable($client_id_var, 'Machine')
$client_secret = [Environment]::GetEnvironmentVariable($client_secret_var, 'Machine')
if (!$client_id -or !$client_secret) {
	Write-Error "One or more env vars are missing."
	return
}

$scope = $svcResourceId + "/.default"
$secSecret = ConvertTo-SecureString $client_secret -AsPlainText -Force

$msalToken = Get-MsalToken -ClientId $client_id -ClientSecret $secSecret -Scope $scope -Authority $authority
$authHdr = $msalToken.CreateAuthorizationHeader()
$fullAuthHdr = "Authorization: $($authHdr)"
$fullAuthHdr | clip
"auth header has been copied to the clipboard."

For my new project, I needed to create a new version of this script, since the new project is in .NET Core, using an appsettings.json file rather than the old XML format app.config file. I’m also now using the Secret Manager to store the client ID and secret.

# get-auth-hdr-1.ps1
# https://gist.github.com/andyhuey/de85972ec0f6268034e5ce46b0278a07
# Get the auth hdr and send it to the clipboard.
# ajh 2023-04-06: new. 

#Requires -Version 7
#Requires -Modules @{ ModuleName="MSAL.PS"; ModuleVersion="4.0" }

# force TLS 1.2
$TLS12Protocol = [System.Net.SecurityProtocolType] 'Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $TLS12Protocol

echo $null | clip	# clear the clipboard.

$secrets = dotnet user-secrets list --json | ConvertFrom-Json
$clientId = $secrets.'AuthConfig:ClientId'
$clientSecret = $secrets.'AuthConfig:ClientSecret'
$secSecret = ConvertTo-SecureString $clientSecret -AsPlainText -Force

$appSettings = Get-Content appsettings.json | ConvertFrom-Json
$scope = $appSettings.AuthConfig.ResourceId
$authority = $appSettings.AuthConfig.Instance -f $appSettings.AuthConfig.TenantId

$msalToken = Get-MsalToken -ClientId $clientId -ClientSecret $secSecret -Scope $scope -Authority $authority
$authHdr = $msalToken.CreateAuthorizationHeader()
$fullAuthHdr = "Authorization: $($authHdr)"
$fullAuthHdr | clip
"auth header has been copied to the clipboard."

So this one is calling “dotnet user-secrets list” to get the secrets. And it’s using “ConvertFrom-Json” for both that and the appsecrets.json file.

Both scripts are using MSAL.PS for the MSAL call.

One thing that might not be obvious in the second script is that the “Instance” value is formatted like this: “”https://login.microsoftonline.com/{0}” so we’re using the “-f” string format function to pop the tenant ID into that {0} placeholder. (I took that functionality from an online sample I found somewhere, but I may change that around, since I think it just confuses things.) Also, in the first example, I added “/.default” to the $scope variable in the script, while the new version already has that in the config file.

I’m not sure if any of this will ever be useful to anyone but me, but it seems like something that might help someone else out there on the internet somewhere, at some point.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: