Azure AD, Scope-based authorization

“Hello World!” Continuing the customization of the basic two tiers scenario introduced in my previous posts, I would like to talk about scopes. OAuth2 defines the concept of scope as a “list of space-delimited, case-sensitive strings” that specifies the scope of the access request. These scopes can be used by a target application to allow…

2

Azure AD and Group-based authorization

“Hello World!” In my previous post I talked about how to use Azure AD to secure an Asp.Net Core web API project. If we want to go further than just protect our web API, we can use groups to further customize the access. A typical example is to restrict the access only for users belonging…

0

Access an Azure AD secured Api with Asp.Net Core 2.0

Basic AzureAD scenario
Basic AzureAD scenario

tl;dr Register a new Web App in AAD for the Api Register a new Web App in AAD for the FronEnd Add the permissions to access the Api app Configure the Web apps code with the authentication details as usual (ClientID, Client Secret, Audience Uri..etc..). In Azure portal edit the FrontEnd manifest enabling the implicit…

0

Azure AD Delegation scenario

tl;dr Register a new Web App in AAD for the Api Add the required “delegated” permissions to the external resource (i.e: Microsoft Graph) Register a new Web App in AAD for the FrontEnd Add the permissions to access the Api app Configure the Web apps code with the authentication details as usual (ClientID, Client Secret,…

0