Tag Archives: AzureAD

Using multi-tenant AAD delegated APIs from different tenants

January 30, 2023 · by · in .NET, .NET Core, ASP.NET Core, Azure, Microsoft Entra ID · 3 Comments

This post looks at implementing and using Azure AD multiple tenant applications from different tenants. A service principal needs to be created for the tenant using the multi-tenant API and consent needs to be given for the API scope. The API will accept tokens from different issuers which need to be validated. It is important […]

Implementing secure Microsoft Graph application clients in ASP.NET Core

January 16, 2023 · by · in .NET, .NET Core, App Service, ASP.NET Core, Azure · 7 Comments

The article looks at the different way a Microsoft Graph application client can be implemented and secured in an ASP.NET Core application or a .NET application. This type of client is intended for applications or application logic where no user is involved. Code: https://github.com/damienbod/MicrosoftGraphAppToAppSecurity Accessing Microsoft Graph can be initialized for app-to-app (application permissions) security […]

Implement the OAUTH 2.0 Token Exchange delegated flow between an Microsoft Entra ID API and an API protected using OpenIddict

January 9, 2023 · by · in .NET, .NET Core, ASP.NET Core, Azure, Microsoft Entra ID · 5 Comments

This article shows how to implement the OAUTH 2.0 Token Exchange RFC 8693 delegated flow between two APIs, one using Microsoft Entra ID to authorize the HTTP requests and a second API protected using OpenIddict. The Microsoft Entra ID protected API uses the OAUTH 2.0 Token Exchange RFC 8693 delegated flow to get a new […]

Azure AD Multi tenant Azure App registration consent

January 2, 2023 · by · in ASP.NET Core, Azure, Microsoft Entra External ID, Microsoft Entra ID · 3 Comments

This article looks at Azure Active directory and consent with multi-tenant Azure App registrations. Consent works different depending on the user type, the tenant policies and the required permissions. It is sometimes hard to understand why a user cannot login or where the consent has to be given for a specific Azure App registration which […]

Implement Feature Management in Blazor ASP.NET Core

December 6, 2022 · by · in .NET, .NET Core, ASP.NET Core · 6 Comments

The post shows how features toggles or feature switches can be implemented in an ASP.NET Core application using Blazor. The Microsoft.FeatureManagement Nuget package is used to add the feature toggles. Code: https://github.com/damienbod/AspNetCoreFeatures.Toggles Setup The Blazor application is a simple ASP.NET core hosted application using Azure AD for the identity provider. Both the Server and the […]

Sharing Microsoft Graph permissions and solution Azure App Registrations

November 28, 2022 · by · in App Service, ASP.NET Core, Azure, Microsoft Entra ID · 2 Comments

This article looks at using Microsoft Graph permissions in Azure App registrations and whether you should use Graph in specific Azure App registrations types and if it is ok to expose these with other scopes and roles. Is it ok to expose Graph permissions in public Azure App registrations? Using Graph with public applications As […]

Use multiple Azure AD access tokens in an ASP.NET Core API

November 21, 2022 · by · in .NET, .NET Core, ASP.NET Core, Microsoft Entra External ID, Microsoft Entra ID, OAuth2 · 4 Comments

This article shows how to setup an ASP.NET Core application to authorize multiple access tokens from different Azure AD App registrations. Each endpoint can only accept a single AAD access token and it is important that the other access tokens do not work on the incorrect API. ASP.NET Core Schemes and Policies are used to […]

Create Azure App Registration for API using Powershell

November 15, 2022 · by · in App Service, Azure · 4 Comments

This post shows how to setup an Azure App registration using Powershell for an application access token using an application role. In Azure roles are used for App only, scopes are used for delegated flows (Or roles for users). The Azure App registration uses OAuth2 with the client credentials flow. A secret and a client_id […]

Switch tenants in an ASP.NET Core app using Azure AD with multi tenants

October 31, 2022 · by · in .NET, .NET Core, App Service, ASP.NET Core, Azure, dotnet, Microsoft Entra ID, OAuth2 · 5 Comments

This article shows how to switch between tenants in an ASP.NET Core multi-tenant application using a multi-tenant Azure App registration to implement the identity provider. Azure roles are added to the Azure App registration and this can be used in the separate enterprise applications created from the multi-tenant Azure App registration to assign users and […]

Implement the On Behalf Of flow between an Azure AD protected API and an API protected using OpenIddict

October 3, 2022 · by · in .NET, .NET Core, ASP.NET Core, Azure, Microsoft Entra ID · 7 Comments

This article shows how to implement the On Behalf Of flow between two APIs, one using Azure AD to authorize the HTTP requests and a second API protected using OpenIddict. The Azure AD protected API uses the On Behalf Of flow (OBO) to get a new OpenIddict delegated access token using the AAD delegated access […]

Older posts Newer posts