Azure posts
Testing Azure AD-protected APIs, part 2: Postman
Posted on: 20-11-2019
In the second part, we setup application permissions on the API, and see how to test the API using Postman (as a user and as an app)
Testing Azure AD-protected APIs, part 1: Swagger UI
Posted on: 11-11-2019
In the first part in this series, we will look at how to setup Swagger UI so it can be used to test an Azure AD-protected API.
Setting up a free HTTPS certificate in Azure App Service
Posted on: 05-11-2019
Newly announced at Ignite 2019, Microsoft now offers free certificates to secure your Web applications running on Azure App Service
Speaking at Techorama NL 2019 about Managed Identities
Posted on: 21-09-2019
Sneak peek of what is to come in my presentation at Techorama NL 2019
Cross-tenant token attacks are now harder in Azure AD
Posted on: 24-08-2019
Microsoft has improved the security of all APIs using Azure AD authentication and it's awesome, but it doesn't mean you can relax
Always check permissions in tokens in an Azure AD protected API
Posted on: 05-08-2019
Failing to check for permissions in Azure AD access tokens leads to your API being vulnerable
Why you should not put secrets in native applications
Posted on: 29-05-2019
The dangers of embedding secrets in native applications, and how to implement Azure AD authentication there without secrets
Keeping secrets out of version control in .NET applications
Posted on: 26-05-2019
Goes through methods of storing secrets in a way where they cannot end up in the shared code repository
Best practices for N-tenant Azure AD applications
Posted on: 21-05-2019
Some things to watch out for in your multi-tenant Azure AD applications that support a limited number of tenants
Resource Owner Password Credentials grant flow in Azure AD
Posted on: 05-05-2019
What is the OAuth ROPC flow, why it exists, and why you should not use it for most cases
