Security posts

Using Azure RBAC with Azure Key Vault

Posted on: 24-09-2020

Exploring the new, standard way of granting access to Key Vault through Azure RBAC instead of access policies

Azure AD v2 and MSAL in 2020

Posted on: 31-08-2020

Updated look at the current state of the Azure Active Directory v2 endpoint and the Microsoft Authentication Library

ASP.NET Core Data Protection with Azure Key Vault and Azure Storage

Posted on: 14-03-2020

How to configure and use the combination of Azure Storage and Azure Key Vault for data protection in ASP.NET Core with the new Azure integration packages

Setting up a free HTTPS certificate in Azure App Service

Posted on: 05-11-2019

Newly announced at Ignite 2019, Microsoft now offers free certificates to secure your Web applications running on Azure App Service

Cross-tenant token attacks are now harder in Azure AD

Posted on: 24-08-2019

Microsoft has improved the security of all APIs using Azure AD authentication and it's awesome, but it doesn't mean you can relax

Always check permissions in tokens in an Azure AD protected API

Posted on: 05-08-2019

Failing to check for permissions in Azure AD access tokens leads to your API being vulnerable

Why you should not put secrets in native applications

Posted on: 29-05-2019

The dangers of embedding secrets in native applications, and how to implement Azure AD authentication there without secrets

Keeping secrets out of version control in .NET applications

Posted on: 26-05-2019

Goes through methods of storing secrets in a way where they cannot end up in the shared code repository

Best practices for N-tenant Azure AD applications

Posted on: 21-05-2019

Some things to watch out for in your multi-tenant Azure AD applications that support a limited number of tenants

Resource Owner Password Credentials grant flow in Azure AD

Posted on: 05-05-2019

What is the OAuth ROPC flow, why it exists, and why you should not use it for most cases

Hi! My name is Joonas Westlin, I'm a software developer who blogs about ASP.NET Core, Azure, and Web development.

Azure MVP, Azure Solutions Architect Expert, Azure Developer Associate, MCSE: Cloud Platform and Infrastructure, MCSD: App Builder.