API Security with ASP.NET Core 5.0 and Azure AD for Dummies

Despite the overload of online material on this subject, I still see many people struggling to secure their ASP.NET Core APIs with Azure AD. For this, I see several causes:

The difference between authentication and authorization is still not clear for many
Azure AD is not the most user-friendly identity and access management system
ASP.NET Core is rapidly changing, each version with its respective security implementation
Microsoft’s migration from Azure AD Graph (ADAL) towards Microsoft Graph (MSAL)

The aim of this blog series is to explain the most common security patterns and needs.

Part 1: Authentication vs authorization
Part 2: The different actors
Part 3: Authentication with Azure AD
Part 4: Authorization with Access Control List
Part 5: Authorization with Application Roles
Part 6: Authorization with Delegated Permissions
Part 7: Retrieve more user information
Part 8: Access APIs on behalf of a user (coming soon)
Part 9: Automate the Azure AD configuration (coming soon)

I hope you like it! Sharing is caring!
Toon

← Previous post Next post →

UPCOMING TRAININGS

CHECK OUT OUR TRAININGS

Azure Integration Services

Azure Migration

Azure Governance

Azure Security

Azure Foundations

Recent Posts

Categories

Toon Vanhoutte

Azure Integration Services & Serverless

Wim Matthyssen

Azure Infra, Security & Governance

Alan Smith

Azure Development and AI/ML

Tim Hermie

Azure Identity and Security

Stéphane Eyskens

Cloud-native Azure architecture

Geert Baeke

Azure Kubernetes Service & Containerization

Maik van der Gaag

Azure Infrastructure as Code & DevOps

Bart Verboven

Azure Infra, Security & Governance

Sammy Deprez

Azure AI, ML & Cognitive Services

Sander van de Velde

Azure IoT

Any question?
Don’t hesitate to get in touch!