Build Web Application using Azure Platform

[reboottime]

Overview

This article discusses the process of building a web application using the Azure platform. The content covered includes:

• Authenticate Users using Azure AD
• Protecting an API using Azure AD
• Host Web application (services) using azure
  • DNS mapping

Authentication Using Azure Directory

Microsoft issues access tokens in the JSON Web Token (JWT) format.

How to Protect APIs Using the Microsoft Identity Platform

In Azure Directory, everything is treated as an application, including your API service and background processes using PowerShell.

Protecting an API with Azure AD

Lecture

1. Register the API as an app in Azure AD.
2. Define the delegated permissions that your API exposes in the App Registration portal.
   • Help developers using your API adhere to the principle of least privilege.
   • Avoid granting overly broad "do-everything" permissions whenever possible.
   • Be cautious and conservative when allowing permissions that users can consent to.
3. Validate received access tokens in your API.
   • Utilize existing libraries and middleware, as they are available for most platforms.
4. Apply and enforce permissions.
   • Delegated permissions should not exceed what the signed-in user is allowed to do.

UI

• Register an application and set API permissions
• Overview of the entire flow
• Where to create the secret passed to IDP

References

• Azure Authentication Solution
  • Authentication Fundamentals: The Basics | Azure Active Directory
  • Authentication Fundamentals: Web Applications | Azure Active Directory
  • Authentication Fundamentals: Web Single Sign-On | Azure Active Directory
  • Azure AD doc
• Protect an API in Azure API management
  • How to Protect APIs Using the Microsoft Identity Platform
  • Protect an API in Azure API Management using OAuth - Step-by-Step Tutorial
  • Azure AD App Registrations, Enterprise Apps and Service Principals