Security posts

What the heck is Azure Key Vault Managed HSM

Posted on: 26-07-2025

Overview and my experiences with this rarely used service

Good enough security for an Azure PaaS application

Posted on: 26-03-2025

What Azure components I recommend for people building applications on Azure PaaS to have what I'd call "good enough" security.

Using Azure Key Vault for signing and encrypting JSON Web Tokens

Posted on: 20-02-2024

How to offload cryptographic operations to Azure Key Vault such that your application never has to handle the private keys.

Azure AD JWT authentication in .NET isolated process Azure Functions

Posted on: 12-09-2021

The new isolated process model for .NET Azure Functions allows usage of middleware, which we can use to implement authentication and authorization

Get a Managed Identity access token in Azure App Service through Advanced Tools (Kudu)

Posted on: 22-01-2021

Debugging access issues when using Managed Identities can be difficult, so here is a trick to getting an access token to inspect token contents or test access outside the app

Using Azure RBAC with Azure Key Vault

Posted on: 24-09-2020

Exploring the new, standard way of granting access to Key Vault through Azure RBAC instead of access policies

Azure AD v2 and MSAL in 2020

Posted on: 31-08-2020

Updated look at the current state of the Azure Active Directory v2 endpoint and the Microsoft Authentication Library

ASP.NET Core Data Protection with Azure Key Vault and Azure Storage

Posted on: 14-03-2020

How to configure and use the combination of Azure Storage and Azure Key Vault for data protection in ASP.NET Core with the new Azure integration packages

Setting up a free HTTPS certificate in Azure App Service

Posted on: 05-11-2019

Newly announced at Ignite 2019, Microsoft now offers free certificates to secure your Web applications running on Azure App Service

Cross-tenant token attacks are now harder in Azure AD

Posted on: 24-08-2019

Microsoft has improved the security of all APIs using Azure AD authentication and it's awesome, but it doesn't mean you can relax

Hi! My name is Joonas Westlin, I'm a software developer who blogs about ASP.NET Core, Azure, and Web development.

Azure MVP, Azure Solutions Architect Expert, Azure Security Engineer Associate, Azure Developer Associate.