Developing an Azure AD B2C multi-tenant application

The ‘regular’ Azure AD has build-in support for multi-tenant applications. In that case, a user from any Azure AD tenant can sign in to an application registered in another tenant. The application can then use the user’s security context to give the user a view of data that is specific to that tenant. The goal…

5

Claims augmentation with OWIN but outside of Startup code

Claims list included in the ClaimsPrincipal usually originate from the security token received by the application as part of user authentication (SAML, OpenIDConnect id token) or access authorization (OAuth2 bearer access token).  However, sometimes there is a need to modify that list with claims derived from other sources: Attributes retrieved from custom databases Attributes not initially included…

0

Discovering AuthorizeAttribute role names

The AuthorizeAttribute is used in ASP.NET code to decorate controller classes and methods which require authorization, e.g. [Authorize(Roles =”admin”)] public class HomeController : Controller { Meaning that to call any method in this class, the user needs to have a role claim with the value ‘admin’. With many controllers and methods the number of roles used…

0

Multi-tenant WebAPI – simple admin consent

The VS.NET 2015 wizard for adding authentication to ASP.NET WebAPI projects does not support using the multi-tenant option. Here are some notes on how to implement this option yourself and create OAuth2 access tokens to such resources using separate tenants. This is not meant as an attempt to document features – rather as a record…

0

Using Azure AD to authenticate public clients to SQL Azure

Azure AD enables access authorization to SQL Azure as an alternative to providing username/password information in the connection string: https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/. It is somewhat analogous to using Windows Authentication when both the client and the database are on a Windows domain network. It is particularly useful on public (non-confidential) clients where storing secrets is inappropriate and…

3

Using Redis as ADAL token cache

Here is a sample TokenCache class implementation using Redis for use with the Active Directory Access Library (ADAL). The library is used for obtaining tokens from Azure AD or AD FS using the OAuth2 protocol. This implementation is intended for web applications acting as OAuth2 or OpenIDConnect clients. Typical use of this class is in the…

2

Using OAuth2 with SOAP

I started at Microsoft when SOAP was all the rage, before there was such a thing as WCF. So it is with some nostalgia that I tried to combine one of latest technologies: Universal App Platform (UAP) with SOAP using OAuth2 protocol for authentication. One possible application of this approach would be for folks who…

2

ServiceBus, Azure AD, OAuth and Shared Access Signature

Most Service Bus examples use symmetric keys directly in applications needing access to the ServiceBus, usually as part of the connection string. That approach does not work so well with widely distributed applications, e.g. desktop or mobile apps. Another important Azure service becomes very useful here: Azure Active Directory. One of the goals of AAD is to provide role and…

0

ASP.NET WebForms OAuth2 multi-tenant resource and WPF client

Most published WebAPI samples (e.g. http://msdn.microsoft.com/en-us/library/azure/dn646737.aspx) are based on the MVC and OWin infrastructure, which is not available in WebForms applications. Following is a custom implementation of an OAuth2 access token handler presented by a WPF rich client application. The WPF is responsible for managing the OAuth code grant flow to obtain the token and present…

0