Identity

The following posts are part of this series: Part 1: Creating your App Registration Part 2: Configuring your code Part 3: Securing your API endpoints Defining protected First of all, let’s look at what we mean by protected. Much like in ASP.NET, in ASP.NET Core, you can use the [Authorize] attribute to define that your controller must be called with an authorised identity. We pass what is known as a bearer token as a Authorization header in our API requests, this holds information about the identity as well as user information unless the web app accepts calls from a daemon....

The following posts are part of this series: Part 1: Creating your App Registration Part 2: Configuring your code Part 3: Securing your API endpoints Let’s begin I’m not going to cover the steps involved in creating an app registration. This is covered, in detail, in the Microsoft documentation. In this article though, I want to point out some important things. Token versions The platform enables the generation of two token verions, v1....

The Microsoft Identity Platform provides developers with the opportunity to make use of v2.0 endpoints to develop their applications. In .NET Core this is the Microsoft.Identity.Web package. This library is specifically written for applications fulfilling either of the two scenarios below: Web applications which sign in users and call web APIs Protected web APIs which call downstream web APIs A simple way of explaining this would be saying that you have a web application which is responsible for connecting to the Microsoft Graph API to authenticate and authorise users and make subsequent calls to the Graph API....

As I begin work on the cloud management platform at Transparity, I’ve been very clear that wherever possible, we need to make use of built-in features in the .NET Core framework as well as the Azure platform. Identity is one of the areas where this falls firmly into line, and you actually have a number of great options available to you. I’ve opted for Azure AD in this rather than Azure AD B2C, the reason for that is that I don’t have a need for people to login with identity providers other than Azure AD, and setting up B2C for multi-tenant Azure AD support is troublesome....