Security posts

Resource Owner Password Credentials grant flow in Azure AD

Posted on: 05-05-2019

What is the OAuth ROPC flow, why it exists, and why you should not use it for most cases

Tags

AzureAzure ADSecurity

Using groups vs using application roles for authorization in Azure AD apps

Posted on: 21-04-2019

Compares two approaches to high-level authorization in an application: groups and app roles

Tags

AzureAzure ADSecurity

Using Azure Key Vault and Azure Storage to store Data Protection keys with ASP.NET Core

Posted on: 07-04-2019

A look at how ASP.NET Core's Data Protection can be setup in a good way using Azure services

Tags

ASP.NET CoreAzureAzure Key VaultAzure StorageAzure Web AppSecurity

Implementing Azure AD Single Sign-Out in ASP.NET Core

Posted on: 23-11-2018

Single Sign-Out enables you to clear the user's session immediately when they sign out from another app

Tags

Azure ADAzureSecurityASP.NET Core

Accessing Azure Service Bus with Managed Identities

Posted on: 03-11-2018

Sending and receiving Azure Service Bus Queue messages with zero credentials utilizing Azure Managed Identities

Tags

AzureAzure ADSecurityAzure Service Bus

Azure AD Authentication in ASP.NET Core APIs part 2: Custom permissions, multi-tenant APIs

Posted on: 02-08-2018

In the second part we add custom delegated and application permissions to an ASP.NET Core API and also talk about multi-tenancy.

Tags

Azure ADAzureASP.NET CoreAPISecurity

Azure AD Authentication in ASP.NET Core APIs part 1: Basic setup, checking scopes, creating a test client

Posted on: 12-06-2018

This first part looks at the basic setup for Azure AD authentication in an ASP.NET Core API as well as creating a test client app

Tags

AzureAzure ADASP.NET CoreAPISecurity

Azure AD Authentication with Azure Storage + Managed Service Identity

Posted on: 24-05-2018

Getting rid of access keys and instead using Azure AD with Managed Service Identity to access Azure Storage

Tags

AzureAzure ADSecurityAzure Storage

ASP.NET Core + Azure Key Vault + Azure AD MSI = Awesome way to do config

Posted on: 06-03-2018

Looks at an example for storing sensitive configuration in Azure Key Vault, and connecting it to the ASP.NET Core configuration pipeline.

Tags

AzureAzure ADASP.NET CoreAzure Key VaultAzure App ServiceConfigurationSecurity

Creating an authentication scheme in ASP.NET Core 2.0

Posted on: 02-02-2018

How to make authentication handlers in ASP.NET Core 2.0, and walks through a naive implementation for HTTP Basic authentication.

Tags

ASP.NET CoreSecurity

Hi! My name is Joonas Westlin, I'm a software developer who blogs about ASP.NET, Azure, and Web development.

Azure MVP, Azure Solutions Architect Expert, Azure Developer Associate, MCSE: Cloud Platform and Infrastructure, MCSD: App Builder.

Article tags

ASP.NET Core (30)

Azure (26)

Azure AD (22)

Security (16)

ASP.NET MVC (8)

API (7)

Azure App Service (6)

Configuration (3)

Deep dive (3)

Azure Key Vault (3)