Discovering AuthorizeAttribute role names
The AuthorizeAttribute is used in ASP.NET code to decorate controller classes and methods which require authorization, e.g. [Authorize(Roles =“admin”)] public class HomeController : Controller {...
View ArticleOWIN and WS-Federation with CA Siteminder
A customer was having a problem integrating an ASP.NET application with CA Siteminder v12.52. Firstly, there was a problem with using SAML2.0 token formats. To get around that, we reconfigured SM to...
View ArticleUsing Azure AD to enable partner access to SharePoint 201x
Introduction The following summarizes my experience with setting Azure AD as authentication provider for Sharepoint 2013 or 2016. This setup enables access to SharePoint for external users (business...
View ArticleClaims augmentation with OWIN but outside of Startup code
Claims list included in the ClaimsPrincipal usually originate from the security token received by the application as part of user authentication (SAML, OpenIDConnect id token) or access authorization...
View ArticleDeveloping an Azure AD B2C multi-tenant application
The 'regular' Azure AD has build-in support for multi-tenant applications. In that case, a user from any Azure AD tenant can sign in to an application registered in another tenant. The application can...
View ArticleMulti-tenant apps and Azure AD
This is a follow up to my previous blog re multi-tenant applications using B2C. Here I am describing some changes to the original demo app and comparing use of the classic Azure AD multi-tenant...
View ArticleFederation patterns using Azure AD
Objectives This post considers scenarios where an application needs to be accessed by users from many sources of authentication. (Office 365, owned and operated by Microsoft but whose use is managed...
View ArticleAzure BOTs – getting extra access tokens
Existing docs show how to enable use of OAuth2 in an Azure Bot application to sign-in the user and get an access token to MS Graph for the user. The following describes an approach for getting access...
View ArticleUsing Groups in Azure AD B2C
Out-of-the-box AAD B2C does not expose any functionality related to Security Groups. They exist as an entity type and can be accessed via the regular Azure AD portal blade but there are no features...
View ArticleChoosing the OAuth2 grant flow
The OAuth2 specifications define six different grant types (https://tools.ietf.org/html/rfc6749 and https://tools.ietf.org/html/draft-ietf-oauth-device-flow-15). Each provides the most optimal (from...
View Article