Add free search for your website. Sign up now! https://webveta.alightservices.com/
Categories
.Net A.I Azure C# LLM NLP

Using C# and Azure OpenAI services

If you have access to Azure OpenAI services, the following code snippet shows how to chat with ChatGPT!

Some general tips:

  1. Secure your networks, i.e use private endpoints inside Azure! Stolen keys can be used by other people if the network is not secured.

This code example is C# version of what’s discussed in https://github.com/AzureCosmosDB/Azure-OpenAI-Python-Developer-Guide/blob/main/05_Explore_OpenAI_models/README.md

The above link is for Python developers, this blog post for C# developers.

var chatClient = new OpenAIClient(new Uri(azureEndPoint), 
       new AzureKeyCredential(apiKey));

var chatCompletionOptions = new ChatCompletionsOptions();

chatCompletionOptions.DeploymentName = "gpt35";

chatCompletionOptions.Messages.Add(new
    ChatRequestSystemMessage("You are a helpful, fun and friendly sales assistant for Cosmic Works, a bicycle and bicycle accessories store."));

chatCompletionOptions.Messages.Add(new 
    ChatRequestUserMessage("Do you sell bicycles?"));

chatCompletionOptions.Messages.Add(new
    ChatRequestAssistantMessage("Yes, we do sell bicycles. What kind of bicycle are you looking for?"));

chatCompletionOptions.Messages.Add(new
    ChatRequestUserMessage("I'm not sure what I'm looking for. Could you help me decide?"));

var response = await 
    chatClient.GetChatCompletionsAsync(chatCompletionOptions);

if (response != null && response.Value != null && 
    response.Value.Choices != null && 
    response.Value.Choices.Count > 0)
{

    System.Console.WriteLine(
        response.Value.Choices.ElementAt(0).Message.Content);
}

The above code has 3 configuration variables:

  1. azureEndPoint – This is the endpoint from Azure Portal.
  2. apiKey – One of the API keys from Azure Portal.
  3. The deployment name of the model that has been added through Azure Portal.

If the code was run successful, output looks like this:

If there is network connectivity issues, there might be exceptions, if denied due to network security issues errors might be like the following:

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.

Categories
.Net Azure C# Key Vault

How to add secrets into Azure KeyVault using C#

Azure KeyVault is a Azure service for secrets management. Secrets can be easily added, updated, retrieved etc… This post has small code snippet, code implementation can be found here:

https://github.com/ALightTechnologyAndServicesLimited/LightKeysTransfer/blob/main/LightKeysTransfer/LightKeysTransfer/Implementation/AzureKeyVaultHelper.cs

The above code is from my own open source project – LightKeysTransfer, the code can be found at:

https://github.com/ALightTechnologyAndServicesLimited/LightKeysTransfer

var client = new SecretClient(new Uri("https://VAULT_NAME.vault.azure.net"), new DefaultAzureCredential());

client.SetSecret(new KeyVaultSecret(key, secret));

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.

Categories
AWS Azure Security VPN

WireGuard, OpenVPN, Pro Custodibus, TailScale

In my startup – ALight Technology And Services Limited, I don’t have any employees. I do everything myself. I know .Net web development. These other activities are something new for me.

Most of you know, I have been looking for secure, efficient way of accessing servers hosted in my AWS and Azure accounts. This effort is part of productionizing WebVeta and securing the servers.

I have written some blog articles about OpenVPN in the past and how-to automate changing keys using some C# code at random for higher security.

This blog post is about few other alternatives and some tips.

WireGuard is another free VPN software! But the problem 256-bit key. i.e less secure but high throughput. One possible way is by rotating the key on a timely basis. There is another software known as Pro Custodibus, that helps in rotating keys and managing keys + MFA!

OpenVPN is very highly configurable and can support 2048 bit keys and above.

How to easily install OpenVPN and some easy C# code snippets for Process class

The above blog post talks about how to install and use some C# code for re-generating server and client side keys. The above blog post allows keys + password protection for the ovpn file i.e 2 layers of higher security.

OpenVPN has the following interesting options for further security / monitoring and alerting:

--ipchange cmd
--route-up cmd
--route-pre-down cmd
--ping-exit n
--up cmd
--down cmd
--down-pre
--up-restart
--client-connect
--client-disconnect
--auth-user-pass-verify cmd method
--auth-gen-token [lifetime]
--single-session

Using some of these options and commands, alerts can be generated by either using scripts or programs. I would use C#, but any programming language or even shell scripts can be used.

Using –auth-user-pass-verify 3rd level of security can be added i.e an additional username + password security can be added.

–single-session allows one and only one session, no session re-negotiation – Probably perfect for my scenario.

TailScale is a very nice VPN management software and has a very generous free-tier of upto 100 devices and 3 users. With a little bit of custom programming and using TailScale the security can be increased and can be easily managed. However, one of the biggest problems I saw was registering servers. TailGate displays a URL in plain-text, the URL needs to be entered in browser and authenticated for registering a server in TailGate. If anyone knows the URL and if they authenticate before you, they can try to take-over the server and of-course you can immediately terminate server etc…

I think re-gistering servers should be 2 way i.e

  1. In the website allow copying some random GUID (don’t show the GUID in plain text).
  2. In the server after tailscale up, prompt for the GUID, treat the GUID like password, allow pasting but don’t echo the GUID.
  3. Generate another unique GUID on the server and display.
  4. User copies the server-side GUID and pastes in the website.
  5. Now pair the servers

Even if someone somehow steals the first GUID and pastes in their server, the second GUID generated by their server would be different and can’t be paired.

If someone steals the second guid, their browser-side first guid associated with their account would be different and can’t be paired.

Meanwhile TailScale pairing can be done little securely using my opensource tool – https://github.com/ALightTechnologyAndServicesLimited/LightKeysTransfer – This feature to be implemented, I would make an announcement when the feature gets implemented.

The feature would be very simple, instead of displaying the URL, the URL would be encrypted, use the client-mode part of tool for decrypting, copy and paste in small-sized browser window and approve.

This feature request has been submitted – https://github.com/tailscale/tailscale/issues/8823

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.

Categories
.Net Azure Key Vault Security

How to use Azure Key Vault for Secrets!

Azure Key Vault is a service for storing sensitive information such as passwords etc…

The following nuget packages are:

Azure.Security.KeyVault.Secrets
Azure.Identity

The following code snippet is for accessing Azure Key Vault programatically.

var kvClient = new Azure.Security.KeyVault.Secrets.SecretClient(new Uri([URL]), new DefaultAzureCredential());

    var result = await kvClient.SetSecretAsync("Hello", "Hello1");

    var secret = await kvClient.GetSecretAsync("Hello");
    Console.Write(secret.Value.Value);

The above code snippet assumes RBAC based authentication.

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.

Categories
Azure CosmosDB Security

Some very important security tip for using CosmosDB on Azure!

CosmosDB is a very fast and efficient database in Azure, offers single digit millisecond latency.

The usual way of connecting to CosmosDB is using keys. But I would strongly suggest using RBAC roles.

Limit the network access to private networks within Azure and create private endpoints for access.

I would strongly even suggest turning off key based access completely.

Using Azure CLI

az cosmosdb update  --name [CosmosDBAccountName] --resource-group [ResourceGroupName]  --disable-key-based-metadata-write-access true

Using Powershell

Update-AzCosmosDBAccount -ResourceGroupName [ResourceGroupName] -Name [CosmosDBAccountName] -DisableKeyBasedMetadataWriteAccess true

Reference:

https://learn.microsoft.com/en-us/azure/cosmos-db/role-based-access-control

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.