Clik here to view.
Using WS-Federation with Windows Store and .NET rich clients
In general, rich client apps use OAuth flow to obtain authorization tokens to a web service. However, that flow may not be available from the authentication servers. In the following I am using an...
View ArticleClik here to view.
ASP.NET WebForms OAuth2 multi-tenant resource and WPF client
Most published WebAPI samples (e.g. http://msdn.microsoft.com/en-us/library/azure/dn646737.aspx) are based on the MVC and OWin infrastructure, which is not available in WebForms applications. Following...
View ArticleClik here to view.
Using Owin to authenticate with Microsoft Account (Live Id)
I have recently battled my way through creating an Owin-based web UI application using Microsoft Account (MSA, formerly Live Id) as my authentication provider. Here are a summary of my experience and...
View ArticleOAuth2 with ADFS and WAAD using C#
Overview The following summarizes the process of creating an end-to-end OAuth2 sample using ADFS 2.1 (or Windows Azure Active Directory). Web site setup Use the VS.NET 2012 ASP.NET MVC 4 WebAPI project...
View ArticleUsing Azure Queues to schedule work items
Attached sample shows how to use Azure Storage Queues to schedule processing of an item for a later point in time. It solves a common problem of scaling out a process based on iterating over a...
View ArticleUsing WS-Federation with Windows Store and .NET rich clients
In general, rich client apps use OAuth flow to obtain authorization tokens to a web service. However, that flow may not be available from the authentication servers. In the following I am using an...
View ArticleASP.NET WebForms OAuth2 multi-tenant resource and WPF client
Most published WebAPI samples (e.g. http://msdn.microsoft.com/en-us/library/azure/dn646737.aspx) are based on the MVC and OWin infrastructure, which is not available in WebForms applications. Following...
View ArticleUsing Owin to authenticate with Microsoft Account (Live Id)
I have recently battled my way through creating an Owin-based web UI application using Microsoft Account (MSA, formerly Live Id) as my authentication provider. Here are a summary of my experience and...
View ArticleShould an application handle user credentials?
I think the answer is ‘no’ or ‘only under special circumstances’ (see Exceptions below) but would be interested in your comments. By ‘own credential management’ I mean have own store of user names AND...
View ArticleClik here to view.
ServiceBus, Azure AD, OAuth and Shared Access Signature
Most Service Bus examples use symmetric keys directly in applications needing access to the ServiceBus, usually as part of the connection string. That approach does not work so well with widely...
View ArticleUsing OAuth2 with SOAP
I started at Microsoft when SOAP was all the rage, before there was such a thing as WCF. So it is with some nostalgia that I tried to combine one of latest technologies: Universal App Platform (UAP)...
View ArticlePassive is good!
Some time back I wrote about avoiding handling of credentials (creation/maintenance/verification of user names, passwords, pins, etc.) in your own application code, but rather delegating that...
View ArticleChanging user password in Azure AD using GraphAPI
The following pertains to a very specific scenario: You use Azure AD for some applications (e.g. Office365), but… …one of your applications does NOT use Azure AD (yet). It has its own authentication...
View ArticleAzure AD client certificate rollover
This Azure AD sample shows how to use OAuth2 Client Credential flow with an X509 certificate for authentication. Here is a procedure I use to periodically rollover the certificates. In order to...
View ArticleSingle SignOn is easy, Single Signout is not
Single Sign In relies on the token issuer holding on to a cookie, which tells it about the user identity after the first signin. The issuer can then respond to a new signin request in whatever protocol...
View ArticleUsing Redis as ADAL token cache
Here is a sample TokenCache class implementation using Redis for use with the Active Directory Access Library (ADAL). The library is used for obtaining tokens from Azure AD or AD FS using the OAuth2...
View ArticleUsing Azure AD to authenticate public clients to SQL Azure
Azure AD enables access authorization to SQL Azure as an alternative to providing username/password information in the connection string:...
View ArticleMulti-tenant WebAPI – simple admin consent
The VS.NET 2015 wizard for adding authentication to ASP.NET WebAPI projects does not support using the multi-tenant option. Here are some notes on how to implement this option yourself and create...
View ArticleDiscovering AuthorizeAttribute role names
The AuthorizeAttribute is used in ASP.NET code to decorate controller classes and methods which require authorization, e.g. [Authorize(Roles =“admin”)] public class HomeController : Controller {...
View ArticleOWIN and WS-Federation with CA Siteminder
A customer was having a problem integrating an ASP.NET application with CA Siteminder v12.52. Firstly, there was a problem with using SAML2.0 token formats. To get around that, we reconfigured SM to...
View Article