Category Microsoft Entra ID

ASP.NET Core authorization using Entra External ID CIAM and Azure AD security groups

June 5, 2023 · by · in ASP.NET Core, Azure, Entra CIAM, Microsoft Entra ID · 3 Comments

This article looks at implementing authorization in Microsoft Entra External ID for customers (CIAM) using Azure AD delegated roles. The roles can be assigned to users or groups in an Azure Enterprise application. Code: https://github.com/damienbod/EntraExternalIdCiam Blogs in this series In Azure AD it has been possible to use roles with users and groups to implement […]

ASP.NET Core authentication using Microsoft Entra External ID for customers (CIAM)

May 30, 2023 · by · in ASP.NET Core, Azure, Entra CIAM, Microsoft Entra ID · 4 Comments

This article looks at implementing an ASP.NET Core application which authenticates using Microsoft Entra External ID for customers (CIAM). The ASP.NET Core authentication is implemented using the Microsoft.Identity.Web Nuget package. The client implements the OpenID Connect code flow with PKCE and a confidential client. Code: https://github.com/damienbod/EntraExternalIdCiam Posts in this series Microsoft Entra External ID for […]

Blazor and CSP

May 22, 2023 · by · in .NET, .NET Core, ASP.NET Core, Azure, Microsoft Entra ID · 6 Comments

This post looks at the a recent fix for Blazor which I think is of massive importance. You can now develop with Blazor in Visual Studio using a strong CSP. Code: https://github.com/damienbod/Hostedblazor8Aad History When developing applications, the development environment should be as close as possible to the target production deployment. As a rule, the more […]

Use Azure PIM with groups in ASP.NET Core

May 15, 2023 · by · in .NET, .NET Core, ASP.NET Core, Azure, Microsoft Entra ID · 3 Comments

This article shows how to implement Azure Privileged Identity Management access in an ASP.NET Core application using an Azure security group. An Azure Conditional Access Authentication context is used for the Azure administrator giving access to the group for Azure AD users. The Authentication context is setup to require a phishing resistant authentication. An Enterprise application […]

Provision Azure IoT Hub devices using DPS and X.509 certificates in ASP.NET Core

April 17, 2023 · by · in .NET, .NET Core, ASP.NET Core, Azure, dotnet, Microsoft Entra ID, OAuth2 · 2 Comments

This article shows how to provision Azure IoT hub devices using Azure IoT hub device provisioning services (DPS) and ASP.NET Core. The devices are setup using chained certificates created using .NET Core and managed in the web application. The data is persisted in a database using EF Core and the certificates are generated using the […]

Use Azure AD Access Packages to onboard users in an Azure DevOps project

March 13, 2023 · by · in Azure, Microsoft Entra ID · 2 Comments

This post looks at onboarding users into an Azure DevOps team or project using Azure AD access packages. The Azure AD access packages are part of the Microsoft Entra Identity Governance and provide a good solution for onboarding internal or external users into your tenant with access to the defined resources. Flow for onboarding Azure […]

Onboarding users in ASP.NET Core using Microsoft Entra ID Temporary Access Pass and Microsoft Graph

February 27, 2023 · by · in .NET, .NET Core, ASP.NET Core, Azure, Microsoft Entra ID · 3 Comments

The article looks at onboarding different Microsoft Entra ID users with a temporary access pass (TAP) and some type of passwordless authentication. An ASP.NET Core application is used to create the Microsoft Entra ID member users which can then use a TAP to setup the account. This is a great way to onboard users in […]

Using multi-tenant AAD delegated APIs from different tenants

January 30, 2023 · by · in .NET, .NET Core, ASP.NET Core, Azure, Microsoft Entra ID · 3 Comments

This post looks at implementing and using Azure AD multiple tenant applications from different tenants. A service principal needs to be created for the tenant using the multi-tenant API and consent needs to be given for the API scope. The API will accept tokens from different issuers which need to be validated. It is important […]

Implement the OAUTH 2.0 Token Exchange delegated flow between an Microsoft Entra ID API and an API protected using OpenIddict

January 9, 2023 · by · in .NET, .NET Core, ASP.NET Core, Azure, Microsoft Entra ID · 5 Comments

This article shows how to implement the OAUTH 2.0 Token Exchange RFC 8693 delegated flow between two APIs, one using Microsoft Entra ID to authorize the HTTP requests and a second API protected using OpenIddict. The Microsoft Entra ID protected API uses the OAUTH 2.0 Token Exchange RFC 8693 delegated flow to get a new […]

Azure AD Multi tenant Azure App registration consent

January 2, 2023 · by · in ASP.NET Core, Azure, Microsoft Entra External ID, Microsoft Entra ID · 3 Comments

This article looks at Azure Active directory and consent with multi-tenant Azure App registrations. Consent works different depending on the user type, the tenant policies and the required permissions. It is sometimes hard to understand why a user cannot login or where the consent has to be given for a specific Azure App registration which […]

Older posts Newer posts