Tag Archives: cloud

ASP.NET Core user delegated access token management

January 15, 2025 · by · in .NET Core, ASP.NET Core, dotnet · 3 Comments

The article looks at managing user delegated access tokens for a downstream API in an ASP.NET Core web application. There are many ways of implementing this, all with advantages and disadvantages. The tokens are requested from an OpenID Connect server using the recommended standards. In this blog, the UI access token from the application authentication […]

Using Entra External ID with an Auth0 OpenID Connect identity provider

December 9, 2024 · by · in ASP.NET Core, Microsoft Entra External ID, Microsoft Entra ID, OAuth2, Security · Leave a comment

This post looks at implementing an Open ID Connect identity provider in Microsoft Entra External ID. Auth0 is used as the identity provider and an ASP.NET Core application is used to test the authentication. Microsoft Entra External ID federates to Auth0. Client code: https://github.com/damienbod/EntraExternalIdCiam Microsoft Entra External ID supports federation using OpenID Connect and was […]

Using ASP.NET Core with Azure Key Vault

December 2, 2024 · by · in Uncategorized · 1 Comment

This article looks at setting up an ASP.NET Core application to use Azure Key Vault. When deployed to Azure, it works like in the Azure documentation but when working on development PCs, some changes are required for a smooth developer experience. Code: https://github.com/damienbod/UsingAzureKeyVaultInDevelopment I develop using Visual Studio and manage multiple accounts and test environments. […]

Microsoft Entra ID App-to-App security architecture

October 7, 2024 · by · in .NET Core, App Service, ASP.NET Core, Azure, Azure Key Vault, Microsoft Entra ID · 4 Comments

This article looks at the different setups when using App-to-App security with Microsoft Entra ID (OAuth client credentials). Microsoft Entra App registrations are used to configure the OAuth clients and resources. For each tenant, an Enterprise application is created for the client App registration when the consent is granted. The claims in the access token […]

Create conditional access base policies for a Microsoft Entra ID tenant

April 2, 2024 · by · in Azure, Logging · 2 Comments

This article shows some of the base conditional access policies which can be implemented for all Microsoft Entra ID tenants. Phishing resistant authentication should be required for all administration flows and some other user policies like sign-in risk MFA or terms of conditions. I recommend these base policies when implementing an Microsoft Entra ID tenant […]

Newer posts