The .NET Stacks #42: 🔌 When Active Directory isn't so active

This week, we discuss the Azure AD outage and also talk about a variety of other topics.

Dave Brock
Dave Brock

Happy Monday to you all. Here’s what we have on tap this week.

  • One big thing: When Active Directory isn’t so active
  • The little things: A bunch of odds and ends
  • Last week in the .NET world

One big thing: When Active Directory isn’t so active

Mondays are typically long days. Tell that to Microsoft, who last Monday suffered another Azure Active Directory outage that took down most apps consuming AD, including the Azure Portal, Teams, Exchange, Azure Key Vault, Azure Storage, and more. The outage lasted a few hours (2 pm until 7 pm, in these parts), but lingering effects lasted much longer. The timing was unfortunate—isn’t it always?—as they’re rolling out 99.99% availability in April to customers with Premium licenses.

What happened? Azure AD runs an automated system that removes keys no longer in use. To support a “complex cross-cloud migration,” a specific key was marked to retain for longer than usual. Due to a bug, the system ignored the flag, the key was removed, and Azure AD stopped trusting the tokens from the removed key. When you pair this with the outage from September 2020—the culprit there was a code defect—you have a right to be concerned about Azure AD if you aren’t already.

Meanwhile, updates were quicker on Twitter than on their status pages. Microsoft has owned up to this, saying: “We identified some differences in detail and timing across Azure, Microsoft 365 and Dynamics 365 which caused confusion for customers … We have a repair item to provide greater consistency and transparency across our services.”

For Microsoft’s part, the notice says they are engaged in a two-stage process to improve Azure AD, including an effort to avoid what happened last Monday. This effort includes instituting a backend Safe Deployment Process (SDP) system to prevent these types of problems. The first stage is complete, and the second stage is planned for completion later this year.

Let’s hope so. It’s hard to swallow that such a critical service has a single point of failure. While there are many reasons for and against this design, we can all agree that Microsoft needs to improve resiliency for Azure AD. Instead of the time-honored tradition of Azure executives at Build or Ignite showing off a global map of all their new regions, I think we’d much rather have a slide showing off improvements to their flagship identity service.

The little things: A bunch of odds and ends

In the ASP.NET standup this week, James Newton-King joined Jon Galloway to talk about gRPC improvements for .NET 5. It gets low-level at times, but I enjoyed it and learned a lot.

For the improvements, benchmarks show the .NET gRPC implementation just behind Rust (which isn’t a framework, so that’s saying something). Server performance is 60% faster than .NET Core 3.1, and client performance is 230% faster.

To answer your next question: since IIS and HTTP.sys now support gRPC, does Azure App Service support it too? Not yet, but keep an eye on this issue for the latest updates.

Adam Sitnik, an engineer on the .NET team and the person behind BenchmarkDotNet, has a new repository full of valuable resources for learning about .NET performance.

Steve Sanderson, the creator of Blazor (and a recent interview subject), has created an excruciatingly detailed Blazor issue in GitHub to catch and handle exceptions thrown within a particular UI subtree. This capability accomplishes an idea of “global exception handling” in Blazor.

This week, Nick Craver noted why Stack Overflow likely isn’t migrating to .NET 5. (You’ll want to read the entire thread for context.)

Shay Rojansky notes that EF Core is now fully annotated for C# reference nullability. As a whole, fully annotating nullability across .NET should be complete in .NET 6.

I’ve been intrigued this week by Daniel Terhorst-North writing about why he feels “every single element of SOLID is wrong.” It’s quite the statement, but the more you read, the less revolutionary it sounds. Things change and evolve. Whether it’s SOLID or any other prescribed “best practice,” I’ve learned to take things with a grain of salt and consider the tradeoffs.

I’ve been working with many scheduled GitHub Actions to automate much of how I put together this newsletter every week (like adding links to a persistent store and generating my Markdown file). With scheduling tasks, as in timed Azure Functions triggers, CRON is still king. It’s nice that GitHub Actions translates CRON syntax for you on hover, but I’m still going to mess it up.

What saves me every time is the site. (I’m not being asked to say this. I’m just a fan.) You can edit a CRON expression and easily see how it looks for a CRON amateur. You can also hit quick links with examples ready to go, like

🌎 Last week in the .NET world

🔥 The Top 4

📢 Announcements

📅 Community and events

🌎 Web development

⛅ The cloud

📔 Languages

🔧 Tools

📱 Xamarin

🏗 Design, testing, and best practices

🎤 Podcasts

🎥 Videos

.NET Stacks