Monthly Archives: September 2020

Securing Azure Functions using Azure AD JWT Bearer token authentication for user access tokens

September 24, 2020 · by · in App Service, ASP.NET Core, Azure, Azure functions · 7 Comments

This post shows how to implement OAuth security for an Azure Function using user-access JWT Bearer tokens created using Azure AD and App registrations. A client web application implemented in ASP.NET Core is used to authenticate and the access token created for the identity is used to access the API implemented using Azure Functions. Microsoft.Identity.Web […]

Securing Azure Key Vault inside a VNET and using from an Azure Function

September 16, 2020 · by · in App Service, ASP.NET Core, Azure, Azure functions, Azure Key Vault · 2 Comments

This post shows how an Azure Key Vault can be protected inside an Azure virtual network. The deployment is setup so that only applications in the same VNET can access the Key Vault. To implement this, the access to the Key Vault is restricted to the VNET and secondly, the applications accessing the Key Vault […]

Securing Azure Functions using an Azure Virtual Network

September 10, 2020 · by · in App Service, Azure, Azure functions, Azure Key Vault · 3 Comments

In this post, an Azure Function is deployed in a Azure Virtual Network and the access to the Azure Function is restricted so that it cannot be reach from the Internet. Only Applications deployed in the same VNET can access the Azure Functions. Code: https://github.com/damienbod/AzureFunctionsSecurity Blogs in the series Securing Azure Functions using API Keys […]

Securing Azure Functions using certificate authentication

September 4, 2020 · by · in App Service, Azure, Azure functions · 10 Comments

This article shows how to secure Azure Functions using X509 certificates. The client is required to send a specific certificate to access the Azure Function. Code: https://github.com/damienbod/AzureFunctionsSecurity Blogs in the series Securing Azure Functions using API Keys Securing Azure Functions using Certificate authentication Securing Azure Functions using an Azure Virtual Network Securing Azure Key Vault […]

Using Digital Signatures to check integrity of cipher texts in ASP.NET Core Razor Pages

September 1, 2020 · by · in Uncategorized · 2 Comments

This post shows how digital signatures can be implemented to check the integrity of cipher texts in ASP.NET Core Razor Pages. The cipher texts are encrypted with AES symmetric encryption and the key and the IV required to decrypt the texts are encrypted with asymmetric encryption using RSA certificates with a key size of 3072. […]