Tag Archives: aad
Implement a secure web application using nx Standalone Angular and an ASP.NET Core server
This article shows how to implement a secure web application using Angular and ASP.NET Core. The web application implements the backend for frontend security architecture (BFF) and deploys both technical stack distributions as one web application. HTTP only secure cookies are used to persist the session. Microsoft Entra ID is used as the identity provider […]
Use a Microsoft Entra Verified ID Employee credential to view paycheck data
This post shows how a Microsoft Entra Verified ID employee credential can be used to access user specific data. This demo shows possible paycheck data from Switzerland. A payment ID can be the printed on the pay slip or the payment document could have a QR Code to scan. The user specific data can then […]
Issue Employee verifiable credentials using Entra Verified ID and ASP.NET Core
This article shows how to implement verifiable credentials using Microsoft Entra Verified ID and ASP.NET Core to issue the employee credentials. This solution uses a self sovereign identity (SSI) based technical stack built using open standards and some of the SSI concepts. The credential can be loaded into a wallet belonging to a holder and […]
Use Azure PIM with groups in ASP.NET Core
This article shows how to implement Azure Privileged Identity Management access in an ASP.NET Core application using an Azure security group. An Azure Conditional Access Authentication context is used for the Azure administrator giving access to the group for Azure AD users. The Authentication context is setup to require a phishing resistant authentication. An Enterprise application […]
Azure AD cross-tenant synchronization
The article looks at and explores the new Azure AD cross-tenant synchronization. The feature makes it really easy to implement the technical part of synchronization between different Azure AD tenants. Code: https://github.com/damienbod/Aad-cross-tenant-synchronization Requirements To use this feature, both the source tenant and the target tenant require at least a P1 Azure AD license. The administrator […]
Using multi-tenant AAD delegated APIs from different tenants
This post looks at implementing and using Azure AD multiple tenant applications from different tenants. A service principal needs to be created for the tenant using the multi-tenant API and consent needs to be given for the API scope. The API will accept tokens from different issuers which need to be validated. It is important […]
Use multiple Azure AD access tokens in an ASP.NET Core API
This article shows how to setup an ASP.NET Core application to authorize multiple access tokens from different Azure AD App registrations. Each endpoint can only accept a single AAD access token and it is important that the other access tokens do not work on the incorrect API. ASP.NET Core Schemes and Policies are used to […]
Disable Azure AD user account using Microsoft Graph and an application client
This post shows how to enable, disable or remove Azure AD user accounts using Microsoft Graph and a client credentials client. The Microsoft Graph client uses an application scope and application client. This is also possible using a delegated client. If using an application which has no user, an application scope is used to authorize […]
Create Azure B2C users with Microsoft Graph and ASP.NET Core
This article shows how to create different types of Azure B2C users using Microsoft Graph and ASP.NET Core. The users are created using application permissions in an Azure App registration. Code: https://github.com/damienbod/azureb2c-fed-microsoft-entra-id History 2024-01-02 Updated to .NET 8, Graph SDK 5 The Microsoft.Identity.Web Nuget package is used to authenticate the administrator user that can create […]
Implementing authorization in Blazor ASP.NET Core applications using Azure AD security groups
This article shows how to implement authorization in an ASP.NET Core Blazor application using Azure AD security groups as the data source for the authorization definitions. Policies and claims are used in the application which decouples the descriptions from the Azure AD security groups and the application specific authorization requirements. With this setup, it is […]
Software Engineering 