Category ASP.NET Core
Implement Feature Management in Blazor ASP.NET Core
The post shows how features toggles or feature switches can be implemented in an ASP.NET Core application using Blazor. The Microsoft.FeatureManagement Nuget package is used to add the feature toggles. Code: https://github.com/damienbod/AspNetCoreFeatures.Toggles Setup The Blazor application is a simple ASP.NET core hosted application using Azure AD for the identity provider. Both the Server and the […]
Sharing Microsoft Graph permissions and solution Azure App Registrations
This article looks at using Microsoft Graph permissions in Azure App registrations and whether you should use Graph in specific Azure App registrations types and if it is ok to expose these with other scopes and roles. Is it ok to expose Graph permissions in public Azure App registrations? Using Graph with public applications As […]
Use multiple Azure AD access tokens in an ASP.NET Core API
This article shows how to setup an ASP.NET Core application to authorize multiple access tokens from different Azure AD App registrations. Each endpoint can only accept a single AAD access token and it is important that the other access tokens do not work on the incorrect API. ASP.NET Core Schemes and Policies are used to […]
Switch tenants in an ASP.NET Core app using Azure AD with multi tenants
This article shows how to switch between tenants in an ASP.NET Core multi-tenant application using a multi-tenant Azure App registration to implement the identity provider. Azure roles are added to the Azure App registration and this can be used in the separate enterprise applications created from the multi-tenant Azure App registration to assign users and […]
Force phishing resistant authentication in an ASP.NET Core application using Azure AD
This article shows how to force a phishing resistant authentication for an ASP.NET Core application using Azure AD and a conditional access policy which forces a phishing resistant authentication using a conditional access authentication context. The ASP.NET Core application forces this by requiring the acrs claim in the id_token with the value of c4 which […]
Implement the On Behalf Of flow between an Azure AD protected API and an API protected using OpenIddict
This article shows how to implement the On Behalf Of flow between two APIs, one using Azure AD to authorize the HTTP requests and a second API protected using OpenIddict. The Azure AD protected API uses the On Behalf Of flow (OBO) to get a new OpenIddict delegated access token using the AAD delegated access […]
ASP.NET Core Api Auth with multiple Identity Providers
This article shows how an ASP.NET Core API can be secured using multiple access tokens from different identity providers. ASP.NET Core schemes and policies can be used to set this up. Code: https://github.com/damienbod/AspNetCoreApiAuthMultiIdentityProvider History 2023-04-29 Updated packages and revert to default JWT authorization packages due to errors on update. The ASP.NET Core API has a […]
Setup application client in Azure App Registration with App roles to use a web API
In Azure AD, a client application with no user (daemon client) which uses an access token to access an API protected with Microsoft Identity needs to use an Azure API Registration with App Roles. Scopes are used for delegated flows (with a User and a UI login). This is Azure AD specific not OAuth2. This […]
Implement a GRPC API with OpenIddict and the OAuth client credentials flow
This post shows how to implement a GRPC service implemented in an ASP.NET Core kestrel hosted service. The GRPC service is protected using an access token. The client application uses the OAuth2 client credentials flow with introspection and the reference token is used to get access to the GRPC service. The GRPC API uses introspection […]
Secure ASP.NET Core GRPC API hosted in a Linux kestrel Azure App Service
This article shows how to implement a secure GRPC API service implemented in ASP.NET Core and hosted on an Azure App Service using Linux and kestrel. An application Azure App registration is used to implement the security together with Microsoft.Identity.Web. A client credentials flow is used to acquire an application access token and the GRPC […]
Software Engineering 