Quote of the Day

more Quotes

Categories

Get notified of new posts

Buy me coffee

All posts in "Azure"

Build and deploy a WebJob alongside web app using azure pipelines

Published December 13, 2021 in .NET , .NET core , ASP.NET core , Azure , Devops - 1 Comment

In this post, I’m going to share some of the issues, misunderstandings I ran into when trying to setup and deploy a WebJob alongside a web application using azure pipelines. The WebJob is a console application, and the web app is an ASP.NET core. Both the WebJob and web app target .NET 5.

Continue reading

Authenticate against azure ad using certificate in a client credentials flow

I have an API which needs to authenticate against azure ad to obtain an access token for calling another downstream API. When registering an application in azure AD for the caller API, I could either setup a shared secret or a certificate for the API to use as part of its credentials in a client credentials flow . In the past, I had always used a shared secret as it was more convenient and easier to setup. However, using certificate provides stronger security. After spending a few hours of googling and hacking, I was able to setup and use a certificate instead of a shared secret as credentials for the caller API to authenticate against azure AD.

Continue reading

Migrating from Microsoft.AspNetCore.Authentication.AzureAD to Microsoft Identity Web authentication library to integrate with Azure AD.

I recently had a chance to clean up some of the deprecated libraries I used for validating a JWT access token or obtain one via the client-credentials flow or the on-behalf-of flow. The libraries I used were under the Microsoft.AspNetCore.Authentication.AzureAD packages. Per the document, since ASP.NET core 5.0, users should use the Microsoft.Identity.Web package to integrate with Azure AD and Azure ADB2C.

Continue reading

Caching node modules and Cypress installation in an azure devops pipeline.

Published March 20, 2021 in Azure , Devops - 0 Comments

I have a back-end-for-front-end application which I scaffolded using Visual Studio. The backend is an ASP.NET core web API, and the front end is Angular. In the angular application, I have Cypress end-to-end tests that I want to run as part of a build pipeline. Accomplishing the objective requires a few things. For instance, I need to install Cypress binaries on the build agent. I also need to start the angular app to which the tests can run again. Installing Cypress binaries is a lengthy process, and with other steps, the entire build can take a long time to finish. After a few trial and error, I finally got the build to run Cypress tests and cache the binaries. Keep in mind that caching makes sense if the time it takes to save and restore the cache data is considerably less than the time it takes to download and install the data directly.

Continue reading

Using Azure AD Entitlement Management to onboard and manage users.

Published March 13, 2021 in Azure , Azure Active Directory - 0 Comments

In the previous post, I talked about using self-service sign-up via user flows to onboard an external user. With self-service sign-up, you can integrate with custom REST endpoints to implement approval workflows and other business logic. I’ve learned of another way to onboard and manage a user’s access by using Entitlement Management, which has built-in rich approval workflow and access lifecycle so you don’t have to build additional APIs to implement an approval workflow.

Continue reading

Getting started with Azure AD Self-Service Sign-Up via user flows

Published February 26, 2021 in Azure , Azure Active Directory , security - 0 Comments

Microsoft has added several great features to help with managing identity and access of an external user in B2B collaboration. One such feature is the Azure AD Self-Service Sign-Up via user flows for an external user to sign up as a guest user in the host Azure AD tenant. I found the feature to be promising, but at the time of writing, it’s still in preview and have limitations.

Continue reading

Integrate Azure AD B2C reset password user flow in angular using oidc-client-js.

This post continues from previous posts which I go over using oidc-client-js to interact with azure adb2c:

In this post, I’m going to share how to handle resetting password.

You can find the sample project here.

Continue reading

Notes on using Microsoft Graph SDK to manage users in an Azure AD B2C tenant.

Published November 14, 2020 in Azure , Azure Active Directory , Azure ADB2C - 2 Comments

I recently worked on migration users’ accounts in an existing SQL database to azure AD B2C. I found some helpful articles from Microsoft that document different migration approaches and offer example codes on using Microsoft Graph SDK to manage the users. You can find the links to these articles and sample projects in the References section.

For the most part, I did not have much troubles with the basic CRUD operations. However, I had a bit of difficulties working with custom attributes and retrieving a user by email. In this post, I’m going to share some tips and caveats I learned. In particular, I’ll discuss:

  • The Microsoft Graph API permissions you need to manage the users.
  • Caveat on UserPrincipalName attribute and retrieving a user by email.
  • Setting and retrieving custom attributes in Azure ADB2C.
Continue reading

Integrate Azure AD B2C profile editing user flow in angular using oidc-client-js.

This post is a continuation of the blog post I wrote a couple months ago on how to authenticate user against Azure ADB2C from angular app using oidc-client-js. In that post, I discussed how to integrate AD B2C sign up and sign in flows to allow the user to authenticate against AD B2C. In this post, I’m going to show an example of integrating the editing profile user flow. You can find the accompanying sample project here.

I assume you have some basic understanding of angular and Rxjs and focus primarily on the aspects relating to integrating the edit user flow. If you have questions about the codes, feel free to reach out.

Also, check out the next post relating to oidc-client-js in which I go over handling password reset.

Continue reading

Using OAuth2 Client Credentials grant type in Azure ADB2C

Published September 6, 2020 in Azure , Azure ADB2C , OAuth2 , security - 2 Comments

In the past, I worked on a project in which we had had to registered applications in both regular azure AD and azure ADB2C tenants just because OAuth2 Client Credentials grant type was not supported in Azure ADB2C. However, I recently learned that it is now possible to use the grant type to obtain an access token for an app in azure ADB2C.

Continue reading