Workshop Spotlight: Modern Authentication and Authorization
App Dev Manager Reed Robison spotlights the Modern Authentication and Authorization workshop offered through Microsoft Premier and Unified Support.
Microsoft Premier and Unified Support provides access to a variety of resources to help our customers get the most value out of our technologies. Among these are instructor-led workshops that help developers build a foundation on key technologies and get hands-on time working through examples and labs. There is an extensive workshop catalog available to our customers and these engagements are really effective to get a team up to speed and avoid some of the difficult learning curves that come with both new and established technology. Reach out to your Technical Account Manager (TAM) or App Dev Manager (ADM) to learn more about workshops that can help you.
Recently, I started seeing several dev teams at one of my customer sites all raising authentication and authorization questions related to how to integrate with Azure. While we can assist with these questions as they come across, a more effective way to work together is to get some foundational training in place. That ensures everyone has a good understanding as they begin these projects, gets some experience with sample code that works, and provides a forum to have meaningful discussions with a trainer about the objectives they are working toward. Investing a little time up front to get oriented with a technology can go a long way to minimize frustration, bad architectural decisions, and project delays that come from learning things the hard way.
Unless you are closely working with your support team at Microsoft, you may not be aware of all the workshops that are available so I wanted to spotlight this one as an example. Whether it’s Auth, Angular, GIT, .NET Core, or whatever the technology may be — we probably have a workshop to help. Workshops can be delivered different ways to accommodate your needs. They can be instructor-led and delivered onsite at your location, instructor-led online (great for distributed teams), and also offered as open enrollment workshops (this is where Microsoft hosts the workshop and we open it up to multiple customers so you don’t have a fill a classroom yourself). Workshops are generally 2-4 days, depending on the content, and can sometimes be customized to emphasize key areas where you want to focus the time.
Let’s take a look at the Modern authentication and authorization workshop.
Building applications operating in the internet requires understanding of options available for performing authentication and authorization. These options include, both a variety of protocols such as OAuth2 and WS-Federation, as well as tools and toolkits such as Azure AD, AD FS and ADAL. The goal of this three-day workshop is to train architects and developers to develop applications requiring cloud-appropriate authentication and authorization technology.
This workshop covers both common architectural patterns, industry standard protocols, and tools used to implement these. The tools and infrastructure aspects of the course are focused on Microsoft technology. This workshop presents level 300 content targeting technical roles involved in building software such as architects and developers to help them understand the new approach based on standard protocols such as OAuth2, OpenID Connect, JWT and SAML.
- You will develop an understanding of how access control, authentication and authorization changes when applications and/or users use the internet.
- You will learn how to use Microsoft infrastructure, Azure AD, AD FS and development tools to secure your applications using industry protocols such as SAML, WS-federation and OAuth2.
Developers who take this course are expected to have some experience with Visual Studio and a basic knowledge of C# to understand the source code shown on demos and to complete the lab.
A typical agenda for this workshop is spread across 3 days of delivery:
- Module 1: Introduction: • An overview of authentication and authorization issues in internet based applications, purpose of various protocols (e.g. OpenIDConnect, OAuth2, SAML) and Microsoft tools used to support them (Azure AD, AD FS, Windows Application Proxy, OWIN and ADAL toolkits).
- Module 2: OAuth2 and OpenID Connect: • This modules delves into the details of these two protocols. It reviews the various flows defined by OAuth2 and how their apply to common application topologies. It also describes their security threat models.
- Module 3: AD FS: • An overview of the Active Directory Federation Services tool. Included is an overview of its architecture, main functions, management console, basic PowerShell commands and typical use to support application authentication requirements.
- Module 4: Azure AD: • Discusses the purpose and main features of the Azure AD, including an overview of its B2E, B2B and B2C functionality, user management, application configuration and use of GraphAPI.
- Module 5: Azure AD B2C: • Introduces the Azure AD tenant type specifically designed for consumer and citizen identities, populations whose identities in the directory are usually self-asserted and self-managed. B2C supports both local user credentials and can easily federate with external providers, particularly social providers like Facebook, Google or MSA.
- Module 6: Developing Applications: • This module focuses on hands-on use of knowledge acquired in the previous modules to implement a set of related applications using OAuth2 protocols, GraphAPI and various other features of Azure AD (e.g. application roles).
- Module 7: ADAL and MSAL: • Review of APIs used to obtain OAuth2 and OIDC tokens from Azure AD or ADFS.
- Module 8: OWIN protocol handlers: • Review of toolkits used to initiate passive protocols in web applications and handle (validate/augment) received security tokens.
- Module 9: Securing REST APIs with API Management: • Looks at features of the Azure API Management gateway that provide additional level of security, particularly in terms of access control to your REST APIs, e.g. token pre-validation, throttling, authentication scheme conversion.
Workshop agenda is subject to change with evolving standards and practices. To learn more about this workshop or to explore other workshops that can help your team build a good foundation and accelerate development efforts, reach out to your TAM or ADM.