Tag Archives: OAuth2

Using multiple APIs in Angular and ASP.NET Core with Azure AD authentication

This article shows how an Angular application could be used to access many APIs in a secure way. An API is created specifically for the Angular UI and the further APIs can only be access from the trusted backend which is under our control. Code: https://github.com/damienbod/AzureADAuthRazorUiServiceApiCertificate Posts in this series Implement Azure AD Client credentials […]

Securing an ASP.NET Core API which uses multiple access tokens

This post shows how an ASP.NET Core API can authorize API calls which use different access tokens from different identity providers or different access tokens from the same identity provider but created for different clients and containing different claims. The access tokens are validated using JWT Bearer authentication as well as an authorization policy which […]

Implement a Web APP and an ASP.NET Core Secure API using Azure AD which delegates to a second API

This article shows how an ASP.NET Core Web application can authenticate and access a downstream API using user access tokens and delegate to another API in Azure AD also using user access tokens. Microsoft.Identity.Web is used in all three applications to acquire the tokens for the Web API and the access tokens for the two […]

Implement Azure AD Client credentials flow using Client Certificates for service APIs

This post shows how to implement an Azure client credential flows to access an API for a service-to-service connection. No user is involved in this flow. A client certificate (Private Key JWT authentication) is used to get the access token and the token is used to access the API which is then used and validated […]

Restricting access to an Azure AD protected API using Azure AD Groups

This post shows how to restrict access to an ASP.NET Core API to only allow users from a defined Azure AD group to use a protected API. The API uses an Azure App registration for authorization. The user signs in with an ASP.NET Core Razor page application or an Angular App and can access the […]

Angular SPA with an ASP.NET Core API using Azure AD Auth and user access tokens

This post shows how to authenticate an Angular SPA application using Azure AD and consume secure data from an ASP.NET Core API which is protected by Azure AD. Azure AD App registrations are used to configure and setup the authentication and authorization. The Angular application uses the OpenID Connect Code flow with PKCE and the […]

Login and use an ASP.NET Core API with Azure AD Auth and user access tokens

In this blog post, Azure AD will be setup and used to authenticate and authorize an ASP.NET core Razor Page application which uses an API from a separate ASP.NET Core MVC project. User access tokens are used to access to API, so that an email can be used in the API. The API is not […]

Securing an Angular application using Azure B2C

This article shows how to secure an Angular application using Azure B2C with OpenID Connect Code Flow and PKCE. The silent renew is supported using refresh tokens. Code: Angular Azure B2C History 2021-07-20 Updated to Angular OIDC 12.0.2 Setting up Azure B2C In the Azure portal, create a new App registration in your B2C tenant. […]

User claims in ASP.NET Core using OpenID Connect Authentication

This article shows two possible ways of getting user claims in an ASP.NET Core application which uses an IdentityServer4 service. Both ways have advantages and require setting different code configurations in both applications. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi To use OpenID Connect in an ASP.NET Core application, the Microsoft.AspNetCore.Authentication.OpenIdConnect package can be used. This needs to be added […]

Securing a Web API using multiple token servers

This article shows how a single secure Web API could be used together with multiple secure token servers. The API uses JWT Bearer token authentication, but because the access token come from different token servers, the tokens validation need to be changed. Code: https://github.com/damienbod/ApiJwtWithTwoSts Using multiple Authorities with shared certitficate The first way this can […]