I'm trying to get a connection from VSCode on macOS to a SQL Server database that uses always encrypted mechanism to protect some of the columns. The master key is stored in an Azure Key Vault.
Using the always encrypted guide provided by Microsoft is was able to connect successfully to the database.
The same is true for a simple connection using VSCode on my mac without turning on the encryption/decryption. I used the mssql-extension plugin and providing the necessary information within the settings I was able to query the data
Settings
"mssql.connections": [
{
"server": "XXXXXXXX.database.windows.net",
"database": "AlwaysEncrypted",
"authenticationType": "SqlLogin",
"user": "XXXXX",
"password": "",
"emptyPasswordInput": false,
"savePassword": true,
"profileName": "AlwaysEncrypted"
}
]
Query
SELECT * FROM EmployeeDetails
Result
[
{
"EmployeeDetailsId": "1",
"EmployeeNo": "FE00000001",
"FirstName": "0x013EC8AB61767E1C3D934AB061BCA658B6948637812450C8245DCE4C447F59FD1D6252069A36A67E3477E1C5FB24D860E72FBCC65F98C92B92AB873CE55349672A",
"MiddleName": "0x015354526EC17EB1151AE918514E565507EDCB5691B4215C45798CA86EB11C47EECA579242926EDFE9F6543006177CBFC03E0F95CD0D8CAE6C941AE173AAF2B925",
"LastName": "0x0170B3FD2B0416E0607312FB2A67B0F42798EC1871FEAB90AB81235ADACDE1C4F5614099FA3B61E59FEB2D6AD599CB3A9FD031FE56F327F0C80F4BA963EE7E155A",
"DateOfBirth": "1985-08-12 00:00:00.000"
}
]
Following the two guides
https://learn.microsoft.com/en-us/sql/connect/odbc/using-always-encrypted-with-the-odbc-driver?view=sql-server-2017
https://github.com/Microsoft/vscode-mssql/wiki/manage-connection-profiles
I did try to create another connection using the mssql-extension and providing a ODBC Connection String but ultimately failed to get decrypted data when querying (the connection was established just fine). The result was the same as posted above
Settings with Connection String
"mssql.connections": [
{
"server": "XXXXXXXX.database.windows.net",
"database": "AlwaysEncrypted",
"authenticationType": "SqlLogin",
"user": "XXXXX",
"password": "",
"emptyPasswordInput": false,
"savePassword": true,
"profileName": "AlwaysEncrypted_WithKeyVault",
"connectionString": "SERVER=XXXXXX.database.windows.net;Trusted_Connection=Yes;DATABASE=AlwaysEncrypted;ColumnEncryption=Enabled;KeyStoreAuthentication=KeyVaultPassword;KeyStorePrincipalId=USER.NAME#DOMAIN.com;KeyStoreSecret=PASSWORD"
}
]
Can anyone help me to figure out how to setup the connections right, so that the encryption/decryption will he done transparently when using VSCode?
Bit of a stale question, but for anyone who also ends up finding this:
I managed to get a successfully connection on VS Code SQL Server by having the following settings in my settings.json mssql.connections array:
{
"server": "XXXX.serverhost.domain",
"database": "XXXX",
"authenticationType": "SqlLogin",
"user": "XXXX",
"password": "",
"savePassword": true,
"profileName": "XXXX",
// specifically the settings below were the important ones
"encrypt": true,
"trustServerCertificate": true,
"persistSecurityInfo": true
}
Related
I am making a TikTok bot for fun. It does not automate posts/follows, it only scrapes information off the site. The issue I am finding is that after about 10-15 requests to the TikTok API it requires verification, spouting the following JSON:
{
"code":"10000",
"from":"",
"type":"verify",
"version":"",
"region":"sg",
"subtype":"slide",
"detail":"Hj4wDrDKZhDyu*bE94NlMgd3uQfAXw2eZJGOyoJXO-X9iLbeynU-spQiwbxyOkhJkGKbHNCyGHKuZ4jnJaJfnGedLadLrz8UMPAV*sriWIzRIEwj0PdWEmtZ25SbcEoytp4G631fwjn7y0498dMxisxkA8QnSTTGfswOFlkQBfyyMFYf5TlvDkfxmkjG7qKRHdCOhsnmSLbTCOd6MLcNFJA9WhlmcnhBrJnnVCs-HvoRzOdbpGbOmZ55HjpWIRz0JrQp2EdEjr8-qtQd5jpdpzuXxcfzrLbGFZTjWkyMHPf4vMb3J*q8hIs0zX2gP6IyCsa2et5BQPsB1KU2YyRA5VEvd*8*lZyRR60ZVs46UwtEXAu0l41Y2q0agUrayqnPnj8zpq7H7aK2VS46RZO0W3N7nZ-Jjq4QbAs.",
"verify_event":"",
"fp":"verify_kxe9l4xj_3jaJngfM_UEUu_47yj_Au6M_Kp0jwEVrqCJb",
"scene":"",
"verify_ticket":"",
"channel_mobile":"",
"sms_content":"",
"mobile":"",
"email":""
}
I am aware of sneaker bots using proxies to avoid these sorts of issues, however TikTok requires cookies authentication from a signed in account so I'm not sure if it will work. Some responses talk about using headless requests, etc., but I've had no luck thus far in preventing this verification process.
Does anyone with experience scraping TikTok have a resolution for this issue?
Thanks.
{
"code": "10000",
"from": "",
"type": "verify",
"version": "",
"region": "sg",
"subtype": "slide",
"detail": "Hj4wDrDKZhDyubE94NlMgd3uQfAXw2eZJGOyoJXO-X9iLbeynU-spQiwbxyOkhJkGKbHNCyGHKuZ4jnJaJfnGedLadLrz8UMPAVsriWIzRIEwj0PdWEmtZ25SbcEoytp4G631fwjn7y0498dMxisxkA8QnSTTGfswOFlkQBfyyMFYf5TlvDkfxmkjG7qKRHdCOhsnmSLbTCOd6MLcNFJA9WhlmcnhBrJnnVCs-HvoRzOdbpGbOmZ55HjpWIRz0JrQp2EdEjr8-qtQd5jpdpzuXxcfzrLbGFZTjWkyMHPf4vMb3Jq8hIs0zX2gP6IyCsa2et5BQPsB1KU2YyRA5VEvd8*lZyRR60ZVs46UwtEXAu0l41Y2q0agUrayqnPnj8zpq7H7aK2VS46RZO0W3N7nZ-Jjq4QbAs.",
"verify_event": "",
"fp": "verify_kxe9l4xj_3jaJngfM_UEUu_47yj_Au6M_Kp0jwEVrqCJb",
"scene": "",
"verify_ticket": "",
"channel_mobile": "",
"sms_content": "",
"mobile": ""
}
I've run into an issue using the Coinbase Pro sandbox API to test my software.
When placing orders, I POST a client_oid field along with the rest of the body to the REST API, the order gets filled properly but when the received message arrives through the websocket stream, the client_oid is always an empty string.
Anyone knows why is that and how to fix this?
Example data POSTed when placing the order:
{
"type": "market",
"side": "buy",
"product_id": "BTC-EUR",
"funds": "1000",
"client_oid": "dev_node-order-1"
}
And here's the matching websocket message of type received:
{
"type": "received",
"side": "buy",
"product_id": "BTC-EUR",
"time": "2021-08-15T16:57:29.079657Z",
"sequence": 52030416,
"profile_id": "[MY-PROFILE-ID]",
"user_id": "[USER-ID]",
"order_id": "d1f60730-8960-495e-a7eb-cd37baa46768",
"order_type": "market",
"funds": "995.0245866076",
"client_oid": ""
}
As you can see the received client_oid is empty, any idea why?
So the problem was that the client_oid needs to be of the UUID format, for example 9bffcb70-13ea-11ec-abc7-7dfab310af81, if not of this format the field is ignored.
I created an event through a shared mailbox in Graph API.
https://graph.microsoft.com/v1.0/users/{shared-user-id}/calendars/{shared-calendar-id}/events
{
"subject": "New Event Test",
"body": {
"contentType": "HTML",
"content": "Mail FLow Test"
},
"start": {
"dateTime": "2021-01-29T12:00:00",
"timeZone": "Eastern Standard Time"
},
"end": {
"dateTime": "2021-01-30T14:00:00",
"timeZone": "Eastern Standard Time"
},
"attendees": [
{
"emailAddress": {
"address":"calendar#contoso.com",
"name": "Calendar Organizer"
},
"type": "required"
}
]
}
This creates an event successfully, and after that, I patched this event with extended data using open extension.
https://graph.microsoft.com/v1.0/users/{user-id}/calendars/{calendar-id}/events/{just-created-event-id}
{
"extensions": [
{
"#odata.type": "microsoft.graph.openTypeExtension",
"extensionName": "Com.Contoso.Events",
"courseId": 22,
"materialId": 75,
"courseType": "video"
}
]
}
This seems not to work. This responses Access is denied.
https://graph.microsoft.com/v1.0/users/{shared-user-id}/calendars/{shared-calendar-id}/events?$expand=extensions($filter=id eq 'Microsoft.OutlookServices.OpenTypeExtension.Com.Contoso.Events')
It responses ErrorAccessDenided with error message "Access is denied. Check credentials and try again".
But if I try this without expanding extensions, then it works.
I couldn't even to create an event because it responded with the same error and message "Access is denied. Check credentials and try again", so I added an API permission MailboxSettings.ReadWrite in my Azure AD that made work an event creation through the shared mailbox.
What is the reason why I can create or get events but not add or expand extensions?
Move my comment here so that this issue is treated as answered.
The method you are using is incorrect. Please refer to this sample to create the open extension.
But based on my test, we cannot use an admin (or a delegated user or a shared mailbox member) to create the extension for the shared mailbox (Even if I have added Calendars.Readwrite.Shared permission). It will give 403 error as you have encountered.
When I sign in with the shared mailbox user, it can create the open extension for itself.
So the conclusion is: when we use delegated permissions (user token), we can only create an open extension for the currently logged in user himself.
I have structure below coming via webhook and I'm having trouble understanding if there is built in action in Logic App to get nicely formatted object array of rows which is inside table, where each item will have name and associated value with it.
"SearchResults": {
"tables": [
{
"name": "PrimaryResult",
"columns": [
{
"name": "TimeGenerated",
"type": "datetime"
},
{
"name": "ResourceGroup",
"type": "string"
},
{
"name": "ActivityStatusValue",
"type": "string"
},
{
"name": "d_resource",
"type": "dynamic"
},
{
"name": "c_title",
"type": "dynamic"
},
{
"name": "c_details",
"type": "dynamic"
}
],
"rows": [
[
"2020-06-18T16:30:07.89Z",
"USEASTPROD",
"Updated",
"aueglbwvhypap07",
"Remote disk disconnected",
"We're sorry, your virtual machine is unavailable because of connectivity loss to the remote disk. An unexpected problem is preventing us from automatically recovering your virtual machine."
],
[
"2020-06-18T16:30:07.89Z",
"USEASTPROD",
"Updated1",
"agggggypap07",
"Remote disk disconnected",
"We're sorry, your virtual machine is unavailable because of connectivity loss to the remote disk. An unexpected problem is preventing us from automatically recovering your virtual machine."
]
]
}
]
}
I'd like it to be an array where columns are entity name and each value from rows is it's value like below
"rows": [
[
"timeGenerated" :"2020-06-18T16:30:07.89Z",
"ResourceGroup": "USEASTPROD",
"ActivityStatusValue":"Updated",
"d_resource" : "aueglbwvhypap07",
"c_title" : "Remote disk disconnected",
"c_details": "We're sorry, your virtual machine is unavailable because of connectivity loss to the remote disk. An unexpected problem is preventing us from automatically recovering your virtual machine."
],
[
"timeGenerated" :"2020-06-18T16:30:07.89Z",
"ResourceGroup": "USEASTPROD",
"ActivityStatusValue":"Updated1",
"d_resource" : "agggggypap07",
"c_title" : "Remote disk disconnected",
"c_details": "We're sorry, your virtual machine is unavailable because of connectivity loss to the remote disk. An unexpected problem is preventing us from automatically recovering your virtual machine."
]
]
For this requirement, we can just use liquid with integration account in logic app to implement it. Please refer to the steps below:
1. We need to create an integration account on azure portal first and link it to your logic app. You can refer to this tutorial.
2. In my logic app, I initialize a variable and store your data(add a {} around the data) to simulate your situation.
3. Then use "Parse JSON" action to parse the string above.
4. Create a liquid map in local (I named it as testRow.liquid) with the code below:
{% assign rows = content.SearchResults.tables[0].rows %}
{
"rows": [
{% for item in rows %}
{
"timeGenerated": "{{item[0]}}",
"ResourceGroup": "{{item[1]}}",
"ActivityStatusValue": "{{item[2]}}",
"d_resource": "{{item[3]}}",
"c_title": "{{item[4]}}",
"c_details": "{{item[5]}}"
},
{% endfor %}
]
}
Upload the liquid map(testRow.liquid) to your integration account, for this step you can refer to this tutorial.
5. Then use "Transform JSON to JSON" action", choose the Body from "Parse JSON" action above and use the map which you upload.
6. After running the logic app, we can get the result as below:
The whole result json is:
{
"rows": [
{
"timeGenerated": "6/18/2020 4:30:07 PM",
"ResourceGroup": "USEASTPROD",
"ActivityStatusValue": "Updated",
"d_resource": "aueglbwvhypap07",
"c_title": "Remote disk disconnected",
"c_details": "We're sorry, your virtual machine is unavailable because of connectivity loss to the remote disk. An unexpected problem is preventing us from automatically recovering your virtual machine."
},
{
"timeGenerated": "6/18/2020 4:30:07 PM",
"ResourceGroup": "USEASTPROD",
"ActivityStatusValue": "Updated1",
"d_resource": "agggggypap07",
"c_title": "Remote disk disconnected",
"c_details": "We're sorry, your virtual machine is unavailable because of connectivity loss to the remote disk. An unexpected problem is preventing us from automatically recovering your virtual machine."
}
]
}
By the way:
The format of the sample you provided is invalid in json, we must use {} instead of [] in each of the item.
In liquid map, it will convert your datetime to another format automatically.
Hope it helps~
I am trying to create a JSON template to create the Intune (based on Office 365) policies through Graph api. I am able to create policies for some of the URIs like terms and conditions but others. I tried creating for odata
microsoft.graph.iosEasEmailProfileConfiguration
it failed giving error 400.
i would like to know if it is working for anyone and how
If you get 400 errors in MS Graph API you can crete a case with Azure support.
I haven't tried the one you mention. But I have figured out a couple of them, after banging my head in the wall for some weeks with the poor Microsoft Graph API documentation.
Compliance policies:
POST https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies
{
"#odata.type": "microsoft.graph.androidCompliancePolicy",
"displayName": "Android",
"passwordRequired": true,
"passwordMinimumLength": 4,
"passwordRequiredType": "numericComplex",
"passwordMinutesOfInactivityBeforeLock": 15,
"storageRequireEncryption": true,
"scheduledActionsForRule":[{"ruleName":"Mark device noncompliaant","scheduledActionConfigurations":[{"actionType":"block","gracePeriodHours":72,"notificationTemplateId":""}]}]
}
Device Configuration policies:
POST https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations
{
"#odata.type": "#microsoft.graph.androidGeneralDeviceConfiguration",
"description": "",
"displayName": "Device restriction - Android",
"passwordBlockFingerprintUnlock": false,
"passwordBlockTrustAgents": false,
"passwordExpirationDays": null,
"passwordMinimumLength": 4,
"passwordMinutesOfInactivityBeforeScreenTimeout": 15,
"passwordPreviousPasswordBlockCount": null,
"passwordSignInFailureCountBeforeFactoryReset": 11,
"passwordRequiredType": "numericComplex",
"passwordRequired": true,
"storageRequireDeviceEncryption": true
}
I have also figured out branding, groups, setting MDM authority, setting update ring and adding windows hello settings.
But I cannot figure out how to assign compliance policies to groups.
The examples in the MS Graph API documentation just throws an error.
I also cannot find where in Graph API i can do condidtional access in Intune and how I control device settings in Azure AD.
You can do a POST to deviceManagement/deviceConfigurations with following sample payload:
{
"id": "00000000-0000-0000-0000-000000000000",
"displayName": "profile name",
"description": "profile description",
"scopeTags": [],
"#odata.type": "#microsoft.graph.iosEasEmailProfileConfiguration",
"blockMovingMessagesToOtherEmailAccounts": false,
"blockSendingEmailFromThirdPartyApps": false,
"blockSyncingRecentlyUsedEmailAddresses": false,
"durationOfEmailToSync": "userDefined",
"requireSmime": false,
"requireSsl": true,
"hostName": "outlook.microsoft.com",
"accountName": "Account name",
"usernameSource": "userPrincipalName",
"emailAddressSource": "userPrincipalName",
"authenticationMethod": "usernameAndPassword"
}