Azure AD, Scope-based authorization

“Hello World!” Continuing the customization of the basic two tiers scenario introduced in my previous posts, I would like to talk about scopes. OAuth2 defines the concept of scope as a “list of space-delimited, case-sensitive strings” that specifies the scope of the access request. These scopes can be used by a target application to allow…


Access an Azure AD secured Api with Asp.Net Core 2.0

Basic AzureAD scenario
Basic AzureAD scenario

tl;dr Register a new Web App in AAD for the Api Register a new Web App in AAD for the FronEnd Add the permissions to access the Api app Configure the Web apps code with the authentication details as usual (ClientID, Client Secret, Audience Uri..etc..). In Azure portal edit the FrontEnd manifest enabling the implicit…