Tag Archives: OAuth

Protecting legacy APIs with an ASP.NET Core Yarp reverse proxy and Azure AD OAuth

January 11, 2021 · by · in .NET, ASP.NET Core, ASPNET5, Azure, OAuth2, Security · 2 Comments

This article shows how a legacy API could be protected using an ASP.NET Core Yarp reverse proxy and Azure AD OAuth. The security is implemented using Azure AD and Microsoft.Identity.Web. Sometimes it is not possible to update an existing or old API within a reasonable price and the financially best way to use it in […]

Using multiple APIs in Angular and ASP.NET Core with Microsoft Entra ID authentication

December 8, 2020 · by · in .NET, .NET Core, angular, App Service, ASP.NET Core, ASPNET5, Azure, MVC, OAuth2, Security · 8 Comments

This article shows how an Angular application could be used to access many APIs in a secure way. An API is created specifically for the Angular UI and the further APIs can only be access from the trusted backend which is under our control. Code: https://github.com/damienbod/MicrosoftEntraIDAuthMicrosoftIdentityWeb Posts in this series History Setup The applications are […]

Securing an ASP.NET Core API which uses multiple access tokens

December 3, 2020 · by · in .NET Core, ASP.NET Core, ASPNET5, MVC, OAuth2, Security · 11 Comments

This post shows how an ASP.NET Core API can authorize API calls which use different access tokens from different identity providers or different access tokens from the same identity provider but created for different clients and containing different claims. The access tokens are validated using JWT Bearer authentication as well as an authorization policy which […]

Using Microsoft Graph API delegated clients in ASP.NET Core

November 20, 2020 · by · in .NET, .NET Core, ASP.NET Core, Azure, OAuth2, Security · 7 Comments

This post shows how Microsoft Graph API can be used in both ASP.NET Core UI web applications and also ASP.NET Core APIs for delegated identity flows. The ASP.NET Core applications are secured using Microsoft.Identity.Web. In the API project, the Graph API client is used in a delegated flow with user access tokens getting an access […]

Implement a Web APP and an ASP.NET Core Secure API using Microsoft Entra ID which delegates to a second API

November 9, 2020 · by · in .NET Core, App Service, ASP.NET Core, Azure, MVC, OAuth2, Security, Web · 4 Comments

This article shows how an ASP.NET Core Web application can authenticate and access a downstream API using user access tokens and delegate to another API in Microsoft Entra ID also using user access tokens. Microsoft.Identity.Web is used in all three applications to acquire the tokens afor the Web API and the access tokens for the […]

Using Key Vault certificates with Microsoft.Identity.Web and ASP.NET Core applications

October 9, 2020 · by · in .NET Core, App Service, Azure, Azure functions, Azure Key Vault, OAuth2, Security · 5 Comments

This post shows how Azure Key Vault certificates can be used with Microsoft.Identity.Web in an ASP.NET Core application which requires a downstream “access_as_user” API. The Microsoft Entra ID App Registrations requires a certificate instead of a client secret. Code: https://github.com/damienbod/MicrosoftEntraIDAuthMicrosoftIdentityWeb Posts in this series History 2023-11-28 Updated to .NET 8 Creating the Key Vault certificates […]

Implement Microsoft Entra ID Client credentials flow using Client Certificates for service APIs

October 1, 2020 · by · in App Service, ASP.NET Core, ASPNET5, Azure Key Vault · 6 Comments

This post shows how to implement an Microsoft Entra ID client credential flows to access an API for a service-to-service connection. No user is involved in this flow. A client certificate (Private Key JWT authentication) is used to get the access token and the token is used to access the API which is then used […]

Restricting access to an Azure AD protected API using Azure AD Groups

June 13, 2020 · by · in .NET Core, ASP.NET Core, Azure · 3 Comments

This post shows how to restrict access to an ASP.NET Core API to only allow users from a defined Azure AD group to use a protected API. The API uses an Azure App registration for authorization. The user signs in with an ASP.NET Core Razor page application or an Angular App and can access the […]

Angular SPA with an ASP.NET Core API using Azure AD Auth and user access tokens

June 8, 2020 · by · in angular, ASP.NET Core, Azure · 10 Comments

This post shows how to authenticate an Angular SPA application using Azure AD and consume secure data from an ASP.NET Core API which is protected by Azure AD. Azure AD App registrations are used to configure and setup the authentication and authorization. The Angular application uses the OpenID Connect Code flow with PKCE and the […]

Securing an Angular application using Azure B2C

May 14, 2020 · by · in angular, Microsoft Entra External ID, OAuth2, Security · 4 Comments

This article shows how to secure an Angular application using Azure B2C with OpenID Connect Code Flow and PKCE. The silent renew is supported using refresh tokens. Code: Angular Azure B2C History 2021-11-22 Updated to Angular OIDC 13.0.0 2021-07-20 Updated to Angular OIDC 12.0.2 Setting up Azure B2C In the Azure portal, create a new […]

Older posts Newer posts