API SECURITY FOR DUMMIES | Authentication vs authorization
API Security with ASP.NET Core 5.0 and Azure AD for Dummies This blog is part of a complete blog series. Part 1: Authentication vs authorization (this blog) Part 2: The different actors Part 3: Authentication with Azure AD Part 4: Authorization with Access Control...
Securely distributing client secrets within the organization
The weakest link in security is the human element. This statement gets regularly confirmed, when we are setting up OAuth2 or Open ID Connect at a customer. This blog explains the security issue and how you can overcome it with some very little effort. The problem In...
Role-based access control in Logic Apps
Since recently, Logic Apps has the ability to configure OAuth2 authorization on the HTTP trigger. You can define authorization policies, that perform basic validations on the claims inside the incoming Bearer token. Role-based access control When securing API...
Scripting Azure AD application role assignments
