Blogging about my adventures, straight from the Azure trenches. Sharing is caring!

Enforce basic authentication in Azure API Management

Enforce basic authentication in Azure API Management

When connecting with legacy systems, Basic Authentication is often the only supported security scheme that is available.  Azure API Management has an out-of-the-box policy that implements Basic Authentication between API Management and the backend API (backdoor). ...

Subscribe to the blog

Latest Posts

Enforce basic authentication in Azure API Management

Enforce basic authentication in Azure API Management

When connecting with legacy systems, Basic Authentication is often the only supported security scheme that is available.  Azure API Management has an out-of-the-box policy that implements Basic Authentication between API Management and the backend API (backdoor). ...

New workflow expressions for Logic Apps triggers!

New workflow expressions for Logic Apps triggers!

Today, Mötz Jensen, informed me on Twitter about the ability to access the Logic Apps correlation id (client-tracking-id) at runtime.  After some investigation, it turns out that there are some new (but undocumented?) properties available on the trigger() object:...

Role-based access control in Logic Apps

Role-based access control in Logic Apps

Since recently, Logic Apps has the ability to configure OAuth2 authorization on the HTTP trigger.  You can define authorization policies, that perform basic validations on the claims inside the incoming Bearer token. Role-based access control When securing API...

Scripting Azure AD application role assignments

Scripting Azure AD application role assignments

When using Azure Active Directory for adding role-based access control to your web applications and APIs, it is highly recommended to use application roles.  This allows you to define custom application roles and these can be assigned to users and applications.  A...

Azure API Management integration with Dapr

Azure API Management integration with Dapr

I had the privilege to participate in a private preview for Azure API Management integration with Dapr.  This functionality is now in public preview for Azure API Management's self-hosted gateway.  You can hear about my experiences in this video:...

Azure API Management policy expressions cheat-sheet!

Azure API Management policy expressions cheat-sheet!

The problem When authoring Azure API Management policies, I often ask myself "How can I get the value of an HTTP header, without throwing null reference exception if it does not exist?" or "What's the best way to verify an incoming client certificate?".  To find the...