Category Azure
Azure AD cross-tenant synchronization
The article looks at and explores the new Azure AD cross-tenant synchronization. The feature makes it really easy to implement the technical part of synchronization between different Azure AD tenants. Code: https://github.com/damienbod/Aad-cross-tenant-synchronization Requirements To use this feature, both the source tenant and the target tenant require at least a P1 Azure AD license. The administrator […]
Use Azure AD Access Packages to onboard users in an Azure DevOps project
This post looks at onboarding users into an Azure DevOps team or project using Azure AD access packages. The Azure AD access packages are part of the Microsoft Entra Identity Governance and provide a good solution for onboarding internal or external users into your tenant with access to the defined resources. Flow for onboarding Azure […]
Auto sign-out using ASP.NET Core Razor Pages with Azure AD B2C
This article shows how an ASP.NET Core Razor Page application could implement an automatic sign-out when a user does not use the application for n-minutes. The application is secured using Azure AD B2C. To remove the session, the client must sign-out both on the ASP.NET Core application and the Azure AD B2C identity provider or […]
Onboarding users in ASP.NET Core using Microsoft Entra ID Temporary Access Pass and Microsoft Graph
The article looks at onboarding different Microsoft Entra ID users with a temporary access pass (TAP) and some type of passwordless authentication. An ASP.NET Core application is used to create the Microsoft Entra ID member users which can then use a TAP to setup the account. This is a great way to onboard users in […]
Using multi-tenant AAD delegated APIs from different tenants
This post looks at implementing and using Azure AD multiple tenant applications from different tenants. A service principal needs to be created for the tenant using the multi-tenant API and consent needs to be given for the API scope. The API will accept tokens from different issuers which need to be validated. It is important […]
Implementing secure Microsoft Graph application clients in ASP.NET Core
The article looks at the different way a Microsoft Graph application client can be implemented and secured in an ASP.NET Core application or a .NET application. This type of client is intended for applications or application logic where no user is involved. Code: https://github.com/damienbod/MicrosoftGraphAppToAppSecurity Accessing Microsoft Graph can be initialized for app-to-app (application permissions) security […]
Implement the OAUTH 2.0 Token Exchange delegated flow between an Microsoft Entra ID API and an API protected using OpenIddict
This article shows how to implement the OAUTH 2.0 Token Exchange RFC 8693 delegated flow between two APIs, one using Microsoft Entra ID to authorize the HTTP requests and a second API protected using OpenIddict. The Microsoft Entra ID protected API uses the OAUTH 2.0 Token Exchange RFC 8693 delegated flow to get a new […]
Azure AD Multi tenant Azure App registration consent
This article looks at Azure Active directory and consent with multi-tenant Azure App registrations. Consent works different depending on the user type, the tenant policies and the required permissions. It is sometimes hard to understand why a user cannot login or where the consent has to be given for a specific Azure App registration which […]
Sharing Microsoft Graph permissions and solution Azure App Registrations
This article looks at using Microsoft Graph permissions in Azure App registrations and whether you should use Graph in specific Azure App registrations types and if it is ok to expose these with other scopes and roles. Is it ok to expose Graph permissions in public Azure App registrations? Using Graph with public applications As […]
Use multiple Azure AD access tokens in an ASP.NET Core API
This article shows how to setup an ASP.NET Core application to authorize multiple access tokens from different Azure AD App registrations. Each endpoint can only accept a single AAD access token and it is important that the other access tokens do not work on the incorrect API. ASP.NET Core Schemes and Policies are used to […]
Software Engineering 