Stories with Tag .NET

• (Reasonably) secure Azure Pipelines on-prem deployments

  permalink

  Posted: 2025-03-04 16:25:54

  Verbose tl;dr

  This blog post details a method for securely deploying applications to on-premises IIS servers from Azure Pipelines without exposing credentials. The author leverages a self-hosted agent running on the target server, combined with a pre-configured deployment group. Instead of storing sensitive information directly in the pipeline, the approach uses Azure Key Vault to securely store the application pool password. The pipeline then retrieves this password during the deployment process and utilizes it with the powershell task in Azure Pipelines to update the application pool, ensuring credentials are not exposed in plain text within the pipeline or agent's environment. This setup enables automated deployments while mitigating the security risks associated with managing credentials for on-premises deployments.

  This blog post details a method for implementing reasonably secure deployments from Azure Pipelines to on-premises IIS servers, focusing on minimizing the attack surface and adhering to the principle of least privilege. The author outlines a process that avoids storing sensitive credentials like passwords directly within the pipeline definition, leveraging Azure Key Vault for secure secret management and Managed Identities for authentication.

  The core strategy revolves around establishing a dedicated deployment user account on the target IIS server. This account is granted only the necessary permissions to deploy and manage the specific application, adhering to the principle of least privilege. It explicitly does not have administrative privileges. This minimizes the potential damage if the account is compromised.

  The deployment process utilizes a self-hosted agent running on the on-premises server, which is registered with the Azure DevOps project. Critically, the agent itself doesn't hold any secrets. Instead, it leverages a Managed Identity assigned to the Azure DevOps project. This Managed Identity has permissions to access the necessary secrets stored in Azure Key Vault. During the deployment process, the pipeline instructs the agent to retrieve the deployment user's credentials from Key Vault using its Managed Identity. These credentials are then used to authenticate with the IIS server and perform the deployment tasks.

  The actual deployment steps involve using the msdeploy.exe utility. The retrieved credentials are passed securely to msdeploy.exe to authenticate with the target IIS server. The pipeline script then uses msdeploy.exe to sync the application files from the build artifact to the IIS server and configure the application within IIS. The author emphasizes the importance of using the -declareParamFile option with msdeploy.exe to avoid exposing sensitive information in the pipeline logs. This approach stores the sensitive deployment parameters in a separate file that is accessed securely during the deployment process.

  The author also touches on securing the web.config file. They recommend excluding the web.config from the initial deployment and instead using a separate, dedicated step to deploy a transformed web.config file. This transformed configuration file contains environment-specific settings retrieved securely from Azure Key Vault, ensuring sensitive information like connection strings isn't embedded in the application's source code. This approach separates configuration from code and allows for environment-specific configurations without compromising security.

  Finally, the post briefly discusses the option of using deployment groups as an alternative to individual self-hosted agents. However, the core principles of using Managed Identities, Azure Key Vault, and least privilege remain the same regardless of the chosen deployment method. The author advocates for this approach as a more secure and manageable way to handle deployments to on-premises IIS servers compared to traditional methods relying on stored credentials.

  • Azure DevOps
  • Azure Pipelines
  • On-Premises
  • deployment
  • Security
  • IIS
  • Self-Hosted Agents
  • DevOps
  • CI/CD
  • Continuous Integration
  • Continuous Deployment
  • Infrastructure as Code
  • Windows Server
  • .NET

  Summary of Comments ( 32 )
  https://news.ycombinator.com/item?id=43256802

  Verbose tl;dr

  The Hacker News comments generally praise the article for its practical approach to a complex problem (deploying to on-premise IIS from Azure DevOps). Several commenters appreciate the focus on simplicity and avoiding over-engineering, highlighting the use of built-in Azure DevOps features and PowerShell over more complex solutions. One commenter suggests using deployment groups instead of self-hosted agents for better security and manageability. Another emphasizes the importance of robust rollback procedures, which the article acknowledges but doesn't delve into deeply. A few commenters discuss alternative approaches, like using containers or configuration management tools, but acknowledge the validity of the author's simpler method for specific scenarios. Overall, the comments agree that the article provides a useful, real-world example of secure-enough deployments.

  The Hacker News post titled "(Reasonably) secure Azure Pipelines on-prem deployments" discussing the linked blog post about secure deployments to IIS using Azure DevOps has generated a small but focused discussion thread. Several commenters engage with the specific technical details and offer alternative approaches or raise potential concerns.

  One commenter points out a potential vulnerability if the deployment agent's machine account, which has write access to the web application directory, is compromised. They suggest an alternative where the build agent packages the application, and a separate deployment process, running under a more restricted account, handles the extraction and deployment to IIS. This separation of duties limits the potential damage from a compromised build agent.

  Another commenter discusses the complexity and challenges associated with using tools like Ansible for deployments, particularly in Windows environments. They acknowledge the benefits of such tools but highlight the effort required to learn and maintain them, contrasting it with the relative simplicity of the approach presented in the blog post. This commenter suggests that while more sophisticated tools exist, the author's method might be a pragmatic solution for those prioritizing simplicity and ease of implementation.

  A third commenter questions the security of storing deployment credentials within Azure DevOps, even if encrypted. They propose using a dedicated secrets management solution like Azure Key Vault for storing sensitive information and retrieving it during the deployment process. This approach enhances security by decoupling the secrets from the deployment pipeline itself.

  The overall sentiment in the comments is one of cautious appreciation for the author's approach. Commenters acknowledge the practicality of the solution while also highlighting potential security concerns and suggesting alternative, more secure, albeit potentially more complex, methods. The discussion revolves around the trade-off between simplicity and security in real-world deployment scenarios. No one outright criticizes the author's method but instead offer constructive feedback and alternative perspectives for achieving secure deployments.

• Why Tracebit is written in C#

  permalink

  Posted: 2025-01-31 23:22:55

  Verbose tl;dr

  Tracebit, a system monitoring tool, is built with C# primarily due to its performance characteristics, especially with regards to garbage collection. While other languages like Go and Rust offer memory management advantages, C#'s generational garbage collector and allocation patterns align well with Tracebit's workload, which involves short-lived objects. This allows for efficient memory management without the complexities of manual control. Additionally, the mature .NET ecosystem, cross-platform compatibility offered by .NET, and the team's existing C# expertise contributed to the decision. Ultimately, C# provided a balance of performance, productivity, and platform support suitable for Tracebit's needs.

  The blog post "Why Tracebit is Written in C#" by Dominik Reichl, the creator of Tracebit, meticulously details the rationale behind choosing C# as the primary programming language for developing the Tracebit system, a client-server application designed for efficient remote desktop control and monitoring, particularly targeting embedded devices.

  Reichl begins by acknowledging that selecting a programming language for a project of this magnitude is a multifaceted decision influenced by various factors beyond just technical capabilities. He then proceeds to systematically justify his choice of C# by evaluating it against several key criteria pertinent to Tracebit's specific requirements.

  Performance is paramount for remote desktop software, and while C# might not be the absolute pinnacle of performance compared to languages like C or C++, Reichl argues that C#'s performance is more than adequate for Tracebit's needs, especially considering the optimizations offered by the .NET runtime environment. He emphasizes the negligible performance difference in the context of the overall system latency, dominated by network communication rather than raw processing power.

  Cross-platform compatibility is another crucial factor, enabling Tracebit to run on various operating systems. Reichl highlights .NET's increasing cross-platform capabilities, facilitated by .NET Core (later renamed .NET), as a significant advantage, although he acknowledges some limitations and platform-specific nuances that require careful consideration. The desire to support both Windows and Linux is explicitly stated as a motivating factor for adopting C#.

  Developer productivity is a critical aspect, especially for a solo developer. Reichl asserts that C#'s clear syntax, robust tooling within the .NET ecosystem, and extensive libraries significantly boost developer productivity. This increased efficiency allows for quicker iteration and feature implementation, contributing to faster development cycles. He specifically mentions features like memory management and type safety as productivity enhancers.

  Familiarity with the language is also a crucial factor. Reichl admits his extensive experience with C# and the .NET platform played a significant role in the decision. This existing proficiency reduces development time and lowers the learning curve, allowing him to focus on core functionalities rather than grappling with a new language.

  Finally, the blog post touches upon the licensing aspect. Reichl explains that C# and .NET's open-source nature and permissive licensing align well with Tracebit's goals. This open-source approach fosters community involvement and ensures flexibility in deployment and distribution.

  In conclusion, the blog post presents a reasoned and comprehensive explanation for the selection of C# as the foundation of Tracebit. Reichl's arguments emphasize the balance between performance, cross-platform compatibility, developer productivity, familiarity, and licensing considerations, ultimately leading to the conclusion that C# offers the optimal blend of features to meet the specific demands of the Tracebit project.

  • C#
  • Tracebit
  • programming language
  • performance
  • .NET
  • Software Development
  • Cross-Platform
  • Windows Development
  • Backend Development
  • Microservices

  Summary of Comments ( 211 )
  https://news.ycombinator.com/item?id=42893622

  Verbose tl;dr

  Hacker News users discussed the surprising choice of C# for Tracebit, a performance-sensitive tracing tool. Several commenters questioned the rationale, citing potential performance drawbacks compared to C/C++. The author defended the choice, highlighting C#'s developer productivity, rich ecosystem (especially concerning UI development), and the performance benefits of using native libraries for the performance-critical parts. Some users agreed, pointing out the maturity of the .NET ecosystem and the relative ease of finding C# developers. Others remained skeptical, emphasizing the overhead of the .NET runtime and garbage collection. The discussion also touched upon cross-platform compatibility, with commenters acknowledging .NET's improvements in this area but still noting some limitations, particularly regarding native dependencies. A few users shared their positive experiences with C# in performance-sensitive contexts, further fueling the debate.

  The Hacker News post "Why Tracebit is written in C#" (https://news.ycombinator.com/item?id=42893622) has generated several comments discussing the author's choice of C# for their performance-sensitive tracing tool.

  Several commenters express surprise at the choice of C# for a performance-critical application, traditionally associated with languages like C/C++. One commenter questions why not Rust, Go, or C++ were considered, given their reputation for speed and efficiency. This sentiment is echoed by another who specifically mentions the garbage collection overhead as a potential performance bottleneck in a tracing tool.

  However, many commenters offer counterpoints, highlighting the strengths of C# and the .NET ecosystem. One points out that the .NET runtime is highly optimized and the garbage collector is sophisticated enough to minimize performance impact in many cases. Another commenter emphasizes the rich libraries and tooling available in .NET, which can significantly speed up development and potentially outweigh any performance disadvantages compared to lower-level languages. The maturity and stability of the .NET platform are also mentioned as factors contributing to developer productivity and application reliability.

  The discussion delves into specific performance aspects, with one commenter suggesting that C#'s allocation patterns might be advantageous in certain scenarios. Another highlights the performance benefits of using Span<T> and Memory<T> in modern C#, suggesting these features address some of the historical concerns about C#'s performance in managing memory. The availability of native interop is also brought up as a way to incorporate performance-critical components written in other languages if necessary.

  Some comments focus on the broader context of language choices. One argues that choosing the language that allows the fastest development and iteration is often the most pragmatic approach, even if it involves some performance trade-offs. Another commenter suggests that premature optimization is a common pitfall and that C#'s productivity benefits might outweigh any perceived performance disadvantages.

  Finally, several commenters share their own positive experiences with using C# for performance-sensitive applications, providing anecdotal evidence that the language is capable of delivering good performance in practice. One commenter specifically mentions using C# for a high-throughput trading system, demonstrating the language's capability in a demanding environment.

  Overall, the comments section reflects a nuanced discussion about the trade-offs between performance and developer productivity. While acknowledging the traditional association of C/C++ with high performance, commenters highlight the strengths of C# and the .NET ecosystem, suggesting that it can be a viable option for performance-sensitive applications, particularly when developer productivity and time-to-market are important considerations.