Microsoft Identity Platform: which OAuth2 flow should I use? My non-prescriptive one-page guide in choosing the right auth flow for every situation.
We discuss moving legacy backend services that use Windows authentication over to an Azure App Service, with emphasis on web service stack and authentication & authorization considerations.
Premier Dev Consultant Marius Rochon explores OAuth2 questions you need to ask and how the answers lead to the selection of the grant. The OAuth2 specifications define six different grant types (https://tools.ietf.org/html/rfc6749 and https://tools.ietf.org/html/draft-ietf-oauth-device-flow-15). Each provides the most optimal (from the secur...
When we are using Azure Active Directory, we need to add extra information related to the user in the token that we received once that we get an authenticated user in our app. By Default, in our token we only see some user’s information like preferred username, email, name, roles assigned to this user and the unique name.
App Dev Manager Mike Lapierre explores authentication options when moving legacy ASP.NET apps to Azure App Services. When attempting to move legacy ASP.NET apps to Azure App Service, you might encounter a few challenges which are documented here. I want to cover specially the use Windows authentication which is not supported in Azure App Ser...
On November 15, 2018 an update to Microsoft Azure Active Directory was released to bring AAD in line with the OAuth specification. This update prevents an authorization code from being used to obtain access tokens for multiple resources. The full release notes for this change can be found here.
Microservices is an architectural style that structures an application as a collection of loosely coupled services, which implement business capabilities. The microservice architecture enables the continuous delivery/deployment of large, complex applications. It also enables an organization to evolve its technology stack.
In this post, Premier Dev Consultant Marius Rochon considers scenarios where an application needs to be accessed by users from many sources of authentication (Office 365, owned and operated by Microsoft but whose use is managed separately by many independent organizations is an example of such a resource). It proposes a framework for determining an...
In this post from his blog, Premier Developer consultant Marius Rochon provides a demo application that illustrates how to use Azure Active Directory B2C for authentication in a multi-tenant application.The 'regular' Azure AD has build-in support for multi-tenant applications. In that case, a user from any Azure AD tenant can sign in to an applicat...
This post on authentication and authorization is from Premier Developer consultant Marius Rochon.Claims list included in the ClaimsPrincipal usually originate from the security token received by the application as part of user authentication (SAML, OpenIDConnect id token) or access authorization (OAuth2 bearer access token). However, sometime...
