Developing applications using security best practices doesn't have to be hard. And yet, many organizations and developers struggle with this since the space is so vast and it's hard to know where to start. However, if you are developing that leverage Azure, then there are some powerful features in place to ensure that you and your team can develop secure code end to end. And for me, it's this end-to-end scenario that is done so beautifully, elegantly and effortlessly using the tools and services that you most likely already use on a daily basis. This scenario gets even stronger if …[read more]
Showing all posts tagged: 'Azure AD'
A 4-post collection
WinForms? In 2020? Why, yes I say. Because not everyone is fortunate enough to work on cutting edge technology or frameworks. But this shouldn't stop us, developers, from finding ways to modernize our solutions and adopt best practices. I know what you're gonna say: 'WinForms suck'. And I will agree to an extend. WinForms do come with a lot of bad rep and bad code by design - event handlers anyone? - but it also makes for a great, robust solution that can get you off the ground and with a fully running app in 2 days. Can you do …[read more]
In this blog post (series) I'll be looking at Microsoft Identity from a developer perspective. In other words, I'll cover how to set up authentication and authorization for your solution using Azure Active Directory (AAD). If you haven't worked with AAD before, don't worry. I'll make sure to cover the basics as we go through this journey together. AAD allows developers to register an app that can then be used to authenticate AD users and provide the appropriate roles and permissions to users to execute certain actions. As one of my colleagues says (Kyle), what developers care about in the …[read more]
I love delegated authentication. I strongly feel that this is one of the priorities that the ASP.NET Core team got right by "forcing" or better coercing developers and companies to use an external service to manage user authentication and authorisation. The right route. Why? Only a couple of days T-Mobile Austria made the news (and Twitter news) for claiming that they have "Amazingly Good Security" while storing users' passwords in clear text! You can read all about it here. However, we're not here to lament on other peoples' bad security. There are too many things wrong with this example …[read more]