Goes through methods of storing secrets in a way where they cannot end up in the shared code repository

Some things to watch out for in your multi-tenant Azure AD applications that support a limited number of tenants

What is the OAuth ROPC flow, why it exists, and why you should not use it for most cases

Some points on why using wildcards (asterisks) in Azure AD app reply URLs may be a bad idea, and how to do it better

Compares two approaches to high-level authorization in an application: groups and app roles

A look at how ASP.NET Core's Data Protection can be setup in a good way using Azure services

Since the new Azure Cosmos DB SDK for .NET is available, I thought I'd look into it and see what's changed.

Single Sign-Out enables you to clear the user's session immediately when they sign out from another app

Sending and receiving Azure Service Bus Queue messages with zero credentials utilizing Azure Managed Identities

In the second part we add custom delegated and application permissions to an ASP.NET Core API and also talk about multi-tenancy.