Category App Service

Sharing Microsoft Graph permissions and solution Azure App Registrations

This article looks at using Microsoft Graph permissions in Azure App registrations and whether you should use Graph in specific Azure App registrations types and if it is ok to expose these with other scopes and roles. Is it ok to expose Graph permissions in public Azure App registrations? Using Graph with public applications As […]

Create Azure App Registration for API using Powershell

This post shows how to setup an Azure App registration using Powershell for an application access token using an application role. In Azure roles are used for App only, scopes are used for delegated flows (Or roles for users). The Azure App registration uses OAuth2 with the client credentials flow. A secret and a client_id […]

Switch tenants in an ASP.NET Core app using Azure AD with multi tenants

This article shows how to switch between tenants in an ASP.NET Core multi-tenant application using a multi-tenant Azure App registration to implement the identity provider. Azure roles are added to the Azure App registration and this can be used in the separate enterprise applications created from the multi-tenant Azure App registration to assign users and […]

Setup application client in Azure App Registration with App roles to use a web API

In Azure AD, a client application with no user (daemon client) which uses an access token to access an API protected with Microsoft Identity needs to use an Azure API Registration with App Roles. Scopes are used for delegated flows (with a User and a UI login). This is Azure AD specific not OAuth2. This […]

Secure ASP.NET Core GRPC API hosted in a Linux kestrel Azure App Service

This article shows how to implement a secure GRPC API service implemented in ASP.NET Core and hosted on an Azure App Service using Linux and kestrel. An application Azure App registration is used to implement the security together with Microsoft.Identity.Web. A client credentials flow is used to acquire an application access token and the GRPC […]

Invite external users to Azure AD using Microsoft Graph and ASP.NET Core

This post shows how to invite new Azure AD external guest users and assign the users to Azure AD groups using an ASP.NET Core APP Connector to import or update existing users from an external IAM and synchronize the users in Azure AD. The authorization can be implemented using Azure AD groups and can be […]

Using Blazor with a YARP downstream API protected using certificate authentication

This article shows how to use a downstream API protected with certificate authentication using Microsoft YARP reverse proxy from a Blazor application. The Blazor WASM HTTP requests are sent to a secured backend which uses YARP to forward the requests to the API protected with the certificate authentication. The Blazor application authenticates using the OpenIddict […]

Implement a PWA using Blazor with BFF security and Azure B2C

The article shows how to implement a progressive web application (PWA) using Blazor which is secured using the backend for frontend architecture and Azure B2C as the identity provider. Code https://github.com/damienbod/PwaBlazorBffAzureB2C Setup and challenges with PWAs The application is setup to implement all security in the trusted backend and reduce the security risks of the […]

Blazor WASM hosted in ASP.NET Core templates with Azure B2C and Azure AD authentication using Backend for Frontend (BFF)

I have implemented many Blazor WASM ASP.NET Core hosted applications now for both Azure AD and Azure B2C authentication. I always implement security for this type of application now using the Backend for Frontend (BFF) security architecture and can remove the tokens from the client. This is also what I recommend. At present, no Microsoft […]

Implement certificate authentication in ASP.NET Core for an Azure B2C API connector

This article shows how an ASP.NET Core API can be setup to require certificates for authentication. The API is used to implement an Azure B2C API connector service. The API connector client uses a certificate to request profile data from the Azure App Service API implementation, which is validated using the certificate thumbprint. Code: https://github.com/damienbod/AspNetCoreB2cExtraClaims […]