Category Security

Implement app roles authorization with Azure AD and ASP.NET Core

February 1, 2021 · by · in .NET, .NET Core, ASP.NET Core, Azure, OAuth2, Security · 10 Comments

This post shows how to implement Azure AD App roles and applied to users or groups in Azure AD. The roles are used in an ASP.NET Core Razor page application as well as a ASP.NET Core API. The roles from the access token and the id token are used to authorize the identity which is […]

Implement OAUTH Device Code Flow with Azure AD and ASP.NET Core

January 28, 2021 · by · in .NET, ASP.NET Core, Azure, MVC, OAuth2, Security, Web · 2 Comments

The post shows how the Device Code flow (RFC 8628) could be implemented in an ASP.NET Core web application which uses Azure AD as an identity provider. An Azure App registration is used to setup the client. This solution would be useful for input constrained devices which have a browser and need to authenticate identities. […]

Protecting legacy APIs with an ASP.NET Core Yarp reverse proxy and Azure AD OAuth

January 11, 2021 · by · in .NET, ASP.NET Core, ASPNET5, Azure, OAuth2, Security · 2 Comments

This article shows how a legacy API could be protected using an ASP.NET Core Yarp reverse proxy and Azure AD OAuth. The security is implemented using Azure AD and Microsoft.Identity.Web. Sometimes it is not possible to update an existing or old API within a reasonable price and the financially best way to use it in […]

Using multiple APIs in Blazor with Microsoft Entra ID authentication

December 14, 2020 · by · in .NET, .NET Core, ASP.NET Core, ASPNET5, Azure, OAuth2, Security, Web · 11 Comments

The post shows how to create a Blazor application which is hosted in an ASP.NET Core application and provides a public API which uses multiple downstream APIs. Both the Blazor client and the Blazor API are protected by Azure AD authentication. The Blazor UI Client is protected like any single page application. This is a […]

Using multiple APIs in Angular and ASP.NET Core with Microsoft Entra ID authentication

December 8, 2020 · by · in .NET, .NET Core, angular, App Service, ASP.NET Core, ASPNET5, Azure, MVC, OAuth2, Security · 8 Comments

This article shows how an Angular application could be used to access many APIs in a secure way. An API is created specifically for the Angular UI and the further APIs can only be access from the trusted backend which is under our control. Code: https://github.com/damienbod/MicrosoftEntraIDAuthMicrosoftIdentityWeb Posts in this series History Setup The applications are […]

Securing an ASP.NET Core API which uses multiple access tokens

December 3, 2020 · by · in .NET Core, ASP.NET Core, ASPNET5, MVC, OAuth2, Security · 11 Comments

This post shows how an ASP.NET Core API can authorize API calls which use different access tokens from different identity providers or different access tokens from the same identity provider but created for different clients and containing different claims. The access tokens are validated using JWT Bearer authentication as well as an authorization policy which […]

Using Microsoft Graph API delegated clients in ASP.NET Core

November 20, 2020 · by · in .NET, .NET Core, ASP.NET Core, Azure, OAuth2, Security · 7 Comments

This post shows how Microsoft Graph API can be used in both ASP.NET Core UI web applications and also ASP.NET Core APIs for delegated identity flows. The ASP.NET Core applications are secured using Microsoft.Identity.Web. In the API project, the Graph API client is used in a delegated flow with user access tokens getting an access […]

Implement a Web APP and an ASP.NET Core Secure API using Microsoft Entra ID which delegates to a second API

November 9, 2020 · by · in .NET Core, App Service, ASP.NET Core, Azure, MVC, OAuth2, Security, Web · 4 Comments

This article shows how an ASP.NET Core Web application can authenticate and access a downstream API using user access tokens and delegate to another API in Microsoft Entra ID also using user access tokens. Microsoft.Identity.Web is used in all three applications to acquire the tokens afor the Web API and the access tokens for the […]

Using Key Vault certificates with Microsoft.Identity.Web and ASP.NET Core applications

October 9, 2020 · by · in .NET Core, App Service, Azure, Azure functions, Azure Key Vault, OAuth2, Security · 5 Comments

This post shows how Azure Key Vault certificates can be used with Microsoft.Identity.Web in an ASP.NET Core application which requires a downstream “access_as_user” API. The Microsoft Entra ID App Registrations requires a certificate instead of a client secret. Code: https://github.com/damienbod/MicrosoftEntraIDAuthMicrosoftIdentityWeb Posts in this series History 2023-11-28 Updated to .NET 8 Creating the Key Vault certificates […]

Securing Azure Functions using ME-ID JWT Bearer token authentication for user access tokens

September 24, 2020 · by · in .NET Core, App Service, ASP.NET Core, Azure, Azure functions, Microsoft Entra ID, OAuth2, Security · 10 Comments

This post shows how to implement OAuth security for an Azure Function using user-access JWT Bearer tokens created using Microsoft Entra ID and App registrations. A client web application implemented in ASP.NET Core is used to authenticate and the access token created for the identity is used to access the API implemented using Azure Functions. […]

Older posts Newer posts