Failing to check for permissions in Azure AD access tokens leads to your API being vulnerable
In the second part we add custom delegated and application permissions to an ASP.NET Core API and also talk about multi-tenancy.
This first part looks at the basic setup for Azure AD authentication in an ASP.NET Core API as well as creating a test client app
Checking out the new ActionResult<T> class coming in ASP.NET Core 2.1.
How to call another Azure AD protected API from an API as the user calling it.
How authentication can be required globally, as well as how to apply a different authorization policy on different parts of the app automatically.
Using IActionDescriptorCollectionProvider to find what controller actions and Razor Pages are available in an ASP.NET MVC Core application.
Part 1 of a series, in this one we look at how a basic Web API is built on ASP.NET Core.