When connecting with legacy systems, Basic Authentication is often the only supported security scheme that is available. Azure API Management has an out-of-the-box policy that implements Basic Authentication between API Management and the backend API (backdoor). ...
When connecting with legacy systems, Basic Authentication is often the only supported security scheme that is available. Azure API Management has an out-of-the-box policy that implements Basic Authentication between API Management and the backend API (backdoor). ...
Today, Mötz Jensen, informed me on Twitter about the ability to access the Logic Apps correlation id (client-tracking-id) at runtime. After some investigation, it turns out that there are some new (but undocumented?) properties available on the trigger() object:...
Since recently, Logic Apps has the ability to configure OAuth2 authorization on the HTTP trigger. You can define authorization policies, that perform basic validations on the claims inside the incoming Bearer token. Role-based access control When securing API...
When using Azure Active Directory for adding role-based access control to your web applications and APIs, it is highly recommended to use application roles. This allows you to define custom application roles and these can be assigned to users and applications. A...
I had the privilege to participate in a private preview for Azure API Management integration with Dapr. This functionality is now in public preview for Azure API Management's self-hosted gateway. You can hear about my experiences in this video:...
The problem When authoring Azure API Management policies, I often ask myself "How can I get the value of an HTTP header, without throwing null reference exception if it does not exist?" or "What's the best way to verify an incoming client certificate?". To find the...