Category OAuth2

Securing an ASP.NET Core API which uses multiple access tokens

December 3, 2020 · by · in .NET Core, ASP.NET Core, ASPNET5, MVC, OAuth2, Security · 11 Comments

This post shows how an ASP.NET Core API can authorize API calls which use different access tokens from different identity providers or different access tokens from the same identity provider but created for different clients and containing different claims. The access tokens are validated using JWT Bearer authentication as well as an authorization policy which […]

Using Microsoft Graph API delegated clients in ASP.NET Core

November 20, 2020 · by · in .NET, .NET Core, ASP.NET Core, Azure, OAuth2, Security · 7 Comments

This post shows how Microsoft Graph API can be used in both ASP.NET Core UI web applications and also ASP.NET Core APIs for delegated identity flows. The ASP.NET Core applications are secured using Microsoft.Identity.Web. In the API project, the Graph API client is used in a delegated flow with user access tokens getting an access […]

Implement a Web APP and an ASP.NET Core Secure API using Microsoft Entra ID which delegates to a second API

November 9, 2020 · by · in .NET Core, App Service, ASP.NET Core, Azure, MVC, OAuth2, Security, Web · 4 Comments

This article shows how an ASP.NET Core Web application can authenticate and access a downstream API using user access tokens and delegate to another API in Microsoft Entra ID also using user access tokens. Microsoft.Identity.Web is used in all three applications to acquire the tokens afor the Web API and the access tokens for the […]

Using Key Vault certificates with Microsoft.Identity.Web and ASP.NET Core applications

October 9, 2020 · by · in .NET Core, App Service, Azure, Azure functions, Azure Key Vault, OAuth2, Security · 5 Comments

This post shows how Azure Key Vault certificates can be used with Microsoft.Identity.Web in an ASP.NET Core application which requires a downstream “access_as_user” API. The Microsoft Entra ID App Registrations requires a certificate instead of a client secret. Code: https://github.com/damienbod/MicrosoftEntraIDAuthMicrosoftIdentityWeb Posts in this series History 2023-11-28 Updated to .NET 8 Creating the Key Vault certificates […]

Securing Azure Functions using ME-ID JWT Bearer token authentication for user access tokens

September 24, 2020 · by · in .NET Core, App Service, ASP.NET Core, Azure, Azure functions, Microsoft Entra ID, OAuth2, Security · 10 Comments

This post shows how to implement OAuth security for an Azure Function using user-access JWT Bearer tokens created using Microsoft Entra ID and App registrations. A client web application implemented in ASP.NET Core is used to authenticate and the access token created for the identity is used to access the API implemented using Azure Functions. […]

Login and use an ASP.NET Core API with Azure AD Auth and user access tokens

May 29, 2020 · by · in .NET Core, Azure, MVC, OAuth2, Security, Web · 25 Comments

In this blog post, Azure AD will be setup and used to authenticate and authorize an ASP.NET core Razor Page application which uses an API from a separate ASP.NET Core MVC project. User access tokens are used to access to API, so that an email can be used in the API. The API is not […]

Securing an Angular application using Azure B2C

May 14, 2020 · by · in angular, Microsoft Entra External ID, OAuth2, Security · 4 Comments

This article shows how to secure an Angular application using Azure B2C with OpenID Connect Code Flow and PKCE. The silent renew is supported using refresh tokens. Code: Angular Azure B2C History 2021-11-22 Updated to Angular OIDC 13.0.0 2021-07-20 Updated to Angular OIDC 12.0.2 Setting up Azure B2C In the Azure portal, create a new […]

Send MFA signin requirement to OpenID Connect server using ASP.NET Core Identity and IdentityServer4

December 18, 2019 · by · in .NET Core, ASP.NET Core, dotnet, MVC, OAuth2, Security, Web · 3 Comments

This post adds the custom ASP.NET Core Identity, IdentityServer4 logic to check for the “acr_values” and react if a client application requests MFA for authentication. The “acr_values” parameter is used to pass the mfa value from the client to the server in the authentication request. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi Blogs in this series Force ASP.NET Core OpenID […]

Force ASP.NET Core OpenID Connect client to require MFA

December 16, 2019 · by · in .NET, .NET Core, ASP.NET Core, Azure, dotnet, MVC, OAuth2, Security, Web · 6 Comments

This article shows how an ASP.NET Core Razor Page application which uses OpenID Connect to sign in, can require that users have authenticated using MFA (multi factor authentication). Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi Blogs in this series Force ASP.NET Core OpenID Connect client to require MFA Send MFA signin requirement to OpenID Connect server using ASP.NET Core Identity […]

WPF Azure AD signin with Sharepoint Online API call using Graph API

November 9, 2019 · by · in .NET, OAuth2, Security · 1 Comment

This article shows how a native WPF application could authenticate and authorize using an Azure Active Directory App Registration and then upload and download files in Sharepoint Online. The Graph API is used to access Sharepoint. Other Sharepoint libraries will NOT work if using an Azure AD signin. Code: https://github.com/damienbod/WpfAzureADSharepointOnlineGraphApi Setup the Azure Active Directory […]

Older posts Newer posts