book

Azure Active Directory for Secure Application Development

by Sjoukje Zaal

May 2022

Intermediate to advanced

268 pages

5h 24m

English

Packt Publishing

Read now

Unlock full access

ContributorsAbout the authorAbout the reviewers
What this book coversTo get the most out of this bookDownload the color imagesDownload the example code filesConventions usedGet in touchShare Your Thoughts
Learning about the Microsoft identity platformUnderstanding the evolution of the Microsoft identity platformIntroducing Azure ADIntroducing Azure AD B2BIntroducing Azure AD B2CSetting up an Azure AD tenantAdding a user to Azure ADCleaning up the resourcesSummaryFurther reading
Technical requirementsIntroducing the Azure AD application modelLearning about application and service principal objects in Azure ADApplication objectService principal objectRegistering an application with the Microsoft identity platformRegistering an application using the Azure portalSetting redirect URIsConfiguring the redirect URIUnderstanding permissions and consentScopes and permissionsPermission typesConfiguring permissions in the Azure portalUnderstanding certificates and secretsConfiguring an app secret in the Azure portalRestricting your Azure AD app to a set of usersUpdating the app to require user assignmentAssigning the app to users and groupsRegistering an application using PowerShell and the CLIRegistering an application using PowerShellRegistering an application using the CLISummaryFurther reading
Technical requirementsPublic client and confidential client applicationsConfidential client applicationsPublic client applicationsUnderstanding the authorization code flowAuthorization code flow Understanding the different application typesSingle-page applicationsWeb apps and web APIsDesktop appsDeamon appsMobile appsBuilding a web app that authenticates users using Azure ADConfiguring redirect URIs and setting the right permissionsBuilding the applicationUnderstanding the Azure AD application consent experienceUnderstanding how end users consent to applicationsConfiguring how end users consent to applicationsPublisher verificationSummaryFurther reading
Evolution of identity protocolsAuthentication versus authorizationAuthenticationAuthorizationAuthentication and authorization using the Microsoft identity platformPre-claims authentication techniquesPassword-based authenticationIntegrated authenticationClaims-based identityWhat are claims?How claims-based identity worksBenefits of claims-based identityFirst-generation protocolsSingle sign-onCookiesSAMLWS-FederationModern protocolsOAuthSummaryFurther reading
Technical requirementsThe OAuth 2.0 framework and its specificationsRolesThe OAuth 2.0 abstract flowTokensThe OpenID Connect protocol and its specificationsThe OAuth 2.0 and OpenID Connect flowsOpenID Connect using the implicit flowThe authorization code flowThe OBO flowThe client credentials flowThe ROPC flowThe device code flowAn overview of the Microsoft Identity Web authentication libraryAn overview of MSALSecuring your application using OAuth 2.0, OpenID Connect, and MSALRegistering the application with your Azure AD tenantBuilding the applicationSummaryFurther reading
Technical requirementsAn overview of Microsoft GraphAccessing data and methodsThe Microsoft Graph API metadataRequesting data using Graph ExplorerQueries, batching, throttling, and pagingQueriesBatchingThrottling The Microsoft Graph SDKBuilding a web application that uses the Microsoft Graph APISummaryFurther reading

Technical requirementsIntroducing Azure AD B2CCreating an Azure AD B2C tenant and adding a userRegistering an application in Azure AD B2CEnabling the ID token implicit grantUnderstanding user flows Creating sign-up and sign-in flowsTesting the sign-up and sign-in flowsSetting up the custom web applicationSummaryFurther reading
Technical requirementsIdentity providers in Azure AD B2CConfiguring the identity provider in Azure AD B2CAdding the LinkedIn identity provider to the user flowCustomizing the UILocalization and language customizationAzure AD B2C and Microsoft GraphCustom domains for Azure AD B2CSummaryFurther reading
Technical requirementsUnderstanding custom policiesIntroducing the Identity Experience FrameworkCreating a custom policyCreating the signing and encryption keyRegistering the Identity Experience Framework applicationsCreating the Azure storage accountCreating the Azure functionCreating the custom policyDeploying the custom policyTesting the custom policySummaryFurther reading
Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts

Content preview from Azure Active Directory for Secure Application Development

Chapter 4: The Basics and Evolution of Authentication

In the previous chapter, we covered the different application types that can use Azure AD for authentication and looked at user consent. We covered public client and confidential client applications, how application sign-in flows work and the different application types, such as web apps and APIs, deamon apps, and more. Next, we built a web app that authenticates users using Azure AD. Finally, we covered how users consent to applications and looked at publisher verification.

In this chapter, we are going to take a step back and look at the basics and evolution of authentication. This chapter will not contain code samples; instead, it will look at how authentication has evolved into the modern ...