Azure AD posts

Azure AD JWT authentication in .NET isolated process Azure Functions

Posted on: 12-09-2021

The new isolated process model for .NET Azure Functions allows usage of middleware, which we can use to implement authentication and authorization

Access data in Cosmos DB with Managed Identities

Posted on: 15-04-2021

Azure AD authentication for Cosmos DB data plane is now in preview, so let's see how we can access it with no keys

Azure AD v2 and MSAL in 2020

Posted on: 31-08-2020

Updated look at the current state of the Azure Active Directory v2 endpoint and the Microsoft Authentication Library

Testing Azure AD-protected APIs, part 5: Pipelines in Azure DevOps

Posted on: 25-01-2020

In this part we look at how the integration tests made in third part can be run in Azure DevOps

Testing Azure AD-protected APIs, part 3: Automated integration tests

Posted on: 29-12-2019

In the third part we look at how we might build automated integration tests against an Azure AD-protected API

Testing Azure AD-protected APIs, part 2: Postman

Posted on: 20-11-2019

In the second part, we setup application permissions on the API, and see how to test the API using Postman (as a user and as an app)

Testing Azure AD-protected APIs, part 1: Swagger UI

Posted on: 11-11-2019

In the first part in this series, we will look at how to setup Swagger UI so it can be used to test an Azure AD-protected API.

Cross-tenant token attacks are now harder in Azure AD

Posted on: 24-08-2019

Microsoft has improved the security of all APIs using Azure AD authentication and it's awesome, but it doesn't mean you can relax

Always check permissions in tokens in an Azure AD protected API

Posted on: 05-08-2019

Failing to check for permissions in Azure AD access tokens leads to your API being vulnerable

Why you should not put secrets in native applications

Posted on: 29-05-2019

The dangers of embedding secrets in native applications, and how to implement Azure AD authentication there without secrets

Hi! My name is Joonas Westlin, I'm a software developer who blogs about ASP.NET Core, Azure, and Web development.

Azure MVP, Azure Solutions Architect Expert, Azure Security Engineer Associate, Azure Developer Associate.