Using Azure AD to authenticate public clients to SQL Azure

Azure AD enables access authorization to SQL Azure as an alternative to providing username/password information in the connection string: https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/. It is somewhat analogous to using Windows Authentication when both the client and the database are on a Windows domain network. It is particularly useful on public (non-confidential) clients where storing secrets is inappropriate and…

3

Passive is good!

Some time back I wrote about avoiding handling of credentials (creation/maintenance/verification of user names, passwords, pins, etc.) in your own application code, but rather delegating that functionality to a specialized, external identity provider (IdP; http://blogs.msdn.com/b/mrochon/archive/2014/12/02/should-an-application-handle-user-credentials.aspx). This aversion should apply to even collection of credentials (e.g. asking the user for user name/password). Even that role should be delegated…

0

Using OAuth2 with SOAP

I started at Microsoft when SOAP was all the rage, before there was such a thing as WCF. So it is with some nostalgia that I tried to combine one of latest technologies: Universal App Platform (UAP) with SOAP using OAuth2 protocol for authentication. One possible application of this approach would be for folks who…

2

Using WS-Federation with Windows Store and .NET rich clients

In general, rich client apps use OAuth flow to obtain authorization tokens to a web service. However, that flow may not be available from the authentication servers. In the following I am using an alternative approach: WS-Federation, well supported by ASP.NET web services. The solution consists of a web service, often used to provide REST…

0

Silverlight and basic authentication

Silverlight client does not support TransportCredentialOnly to enable Basic authentication. Here is some code to add the basic authentication http header to a standard Silverlight WCF proxy:                 ServiceReference1.ServiceClient svc = new ServiceReference1.ServiceClient(); // binding, new EndpointAddress(“any.txt://deadend.com”));            svc.GetDataUsingDataContractCompleted += (s, a) =>     …

0