book

Modern Authentication with Azure Active Directory for Web Applications

by Vittorio Bertocci

December 2015

Intermediate to advanced

336 pages

11h 42m

English

Microsoft Press

Read now

Unlock full access

The sample applicationPrerequisitesMicrosoft Azure subscriptionVisual Studio 2015Creating the applicationRunning the applicationClaimsPrincipal: How .NET represents the callerSummary
Pre-claims authentication techniquesPasswords, profile stores, and individual applicationsDomains, integrated authentication, and applications on an intranetClaims-based identityIdentity providers: DCs for the InternetTokensTrust and claimsClaims-oriented protocolsRound-trip web apps, first-generation protocolsThe problem of cross-domain single sign-onSAMLWS-FederationModern apps, modern protocolsThe rise of the programmable web and the problem of access delegationOAuth2 and web applicationsLayering web sign-in on OAuthOpenID ConnectMore API consumption scenariosSingle-page applicationsLeveraging web investments in native clientsSummary
Active Directory Federation ServicesADFS and developmentGetting ADFSProtocols supportAzure Active Directory: Identity as a serviceAzure AD and developmentGetting Azure Active DirectoryAzure AD for developers: ComponentsNotable nondeveloper featuresSummary

Token requestors and resource protectorsToken requestorsResource protectorsHybridsThe Azure AD libraries landscapeToken requestorsResource protectorsHybridsVisual Studio integrationAD integration features in Visual Studio 2013AD integration features in Visual Studio 2015Summary
The web app you build in this chapterPrerequisitesStepsThe starting projectNuGet packages referencesRegistering the app in Azure ADOpenID Connect initialization codeHost the OWIN pipelineInitialize the cookie and OpenID Connect middlewares[Authorize], claims, and first runAdding a trigger for authenticationShowing some claimsRunning the appQuick recapSign-in and sign-outSign-in logicSign-out logicThe sign-in and sign-out UIRunning the appUsing ADFS as an identity providerSummary
The protocol and its specificationsOpenID Connect Core 1.0OpenID Connect DiscoveryOAuth 2.0 Multiple Response Type, OAuth2 Form Post Response ModeOpenID Connection Session ManagementOther OpenID Connect specificationsSupporting specificationsOpenID Connect exchanges signing in with Azure ADCapturing a traceAuthentication requestDiscoveryAuthenticationResponseSign-in sequence diagramThe ID token and the JWT formatOpenID Connect exchanges for signing out from the app and Azure ADSummary
OWIN and KatanaWhat is OWIN?KatanaOpenID Connect middlewareOpenIdConnectAuthenticationOptionsNotificationsTokenValidationParametersValid valuesValidation flagsValidatorsMiscellanyMore on sessionsSummary
The building blocks: Application and ServicePrincipalThe ApplicationThe ServicePrincipal objectConsent and delegated permissionsApplication created by a nonadmin userInterlude: Delegated permissions to access the directoryApplication requesting admin-level permissionsAdmin consentApplication created by an admin userMultitenancyApp user assignment, app permissions, and app rolesApp user assignmentApp rolesApplication permissionsGroupsSummary
Consuming a web API from a web applicationRedeeming an authorization code in the OpenID Connect hybrid flowUsing the access token for invoking a web APIOther ways of getting access tokensExposing a protected web APISetting up a web API projectHandling web API callsExposing both a web UX and a web API from the same Visual Studio projectA web API calling another API: Flowing the identity of the caller and using “on behalf of”Protecting a web API with ADFS “3”Summary
Setup (for developers)The new management UXWeb sign-on with OpenID Connect and ADFSOpenID Connect middleware and ADFSSetting up a web app in ADFSTesting the web sign-on featureProtecting a web API with ADFS and invoking it from a web appSetting up a web API in ADFSCode for obtaining an access token from ADFS and invoking a web APITesting the web API invocation featureAdditional settingsSummary

Overview

Build advanced authentication solutions for any cloud or web environment

Active Directory has been transformed to reflect the cloud revolution, modern protocols, and today’s newest SaaS paradigms. This is an authoritative, deep-dive guide to building Active Directory authentication solutions for these new environments. Author Vittorio Bertocci drove these technologies from initial concept to general availability, playing key roles in everything from technical design to documentation. In this book, he delivers comprehensive guidance for building complete solutions. For each app type, Bertocci presents high-level scenarios and quick implementation steps, illuminates key concepts in greater depth, and helps you refine your solution to improve performance and reliability. He helps you make sense of highly abstract architectural diagrams and nitty-gritty protocol and implementation details. This is the book for people motivated to become experts.

Active Directory Program Manager Vittorio Bertocci shows you how to:

Address authentication challenges in the cloud or on-premises

Systematically protect apps with Azure AD and AD Federation Services

Power sign-in flows with OpenID Connect, Azure AD, and AD libraries

Make the most of OpenID Connect’s middleware and supporting classes

Work with the Azure AD representation of apps and their relationships

Provide fine-grained app access control via roles, groups, and permissions

Consume and expose Web APIs protected by Azure AD

Understand new authentication protocols without reading complex spec documents

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Azure Active Directory for Secure Application Development

Publisher Resources

ISBN: 9780735698475Purchase book

Modern Authentication with Azure Active Directory for Web Applications

by Vittorio Bertocci

Overview

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Azure Active Directory for Secure Application Development

Mastering Identity and Access Management with Microsoft Azure - Second Edition

Microsoft Azure Networking: The Definitive Guide

Identity Federation using Microsoft ADFS and Azure AD

Publisher Resources

Overview

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Azure Active Directory for Secure Application Development

Mastering Identity and Access Management with Microsoft Azure - Second Edition

Microsoft Azure Networking: The Definitive Guide

Identity Federation using Microsoft ADFS and Azure AD

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.