I am going to retire the current stack of technologies used in this blog in favor of more recent technologies, mainly because I currently author this blog using Windows Live Writer which is outdated and has lost the love of community.
Securing OAuth Bearer tokens from multiple Identity Providers in an ASP.NET Core API. This article shows how to secure and use different APIs in an ASP.NET Core API which support OAuth access tokens from multiple identity providers.
Protecting legacy APIs with an ASP.NET Core Yarp reverse proxy and Azure AD OAuth. This article shows how a legacy API could be protected using an ASP.NET Core Yarp reverse proxy and Azure AD OAuth. The security is implemented using Azure AD and Microsoft.Identity.Web.
Implement app roles authorization with Azure AD and ASP.NET Core. This post shows how to implement Azure AD App roles and applied to users or groups in Azure AD. The roles are used in an ASP.NET Core Razor page application as well as a ASP.NET Core API.
Using multiple APIs in Angular and ASP.NET Core with Azure AD authentication. This article shows how an Angular application could be used to access many APIs in a secure way. An API is created specifically for the Angular UI and the further APIs can only be access from the trusted backend.
This post show how Azure AD groups could be used to implement authorization for an Azure Blob storage and used in an ASP.NET Core Razor page application to authorize the identities. The groups are assigned the roles in the Azure Storage. Azure AD users are added to the Azure AD groups and inherit the group roles. The group ID is added to the claims of the tokens which can be used for authorization in the client application.
This post shows how to use encrypted access tokens with Azure AD App registrations using Microsoft.Identity.Web. By using encrypted access tokens, only applications with access to the private key c…
The present and future of software development is based on cloud computing. Microsoft Graph is a platform for integrating different applications and services with Microsoft’s cloud services, such as Azure Active Directory (AD), by providing access to the data in them. For example, we can easily cr
This post shows how to restrict access to an ASP.NET Core API to only allow users from a defined Azure AD group to use a protected API. The API uses an Azure App registration for authorization. The…