Developing applications using security best practices doesn't have to be hard. And yet, many organizations and developers struggle with this since the space is so vast and it's hard to know where to start. However, if you are developing that leverage Azure, then there are some powerful features in place to ensure that you and your team can develop secure code end to end. And for me, it's this end-to-end scenario that is done so beautifully, elegantly and effortlessly using the tools and services that you most likely already use on a daily basis. This scenario gets even stronger if …[read more]
Showing all posts tagged: 'security'
A 20-post collection
In this blog post (series) I'll be looking at Microsoft Identity from a developer perspective. In other words, I'll cover how to set up authentication and authorization for your solution using Azure Active Directory (AAD). If you haven't worked with AAD before, don't worry. I'll make sure to cover the basics as we go through this journey together. AAD allows developers to register an app that can then be used to authenticate AD users and provide the appropriate roles and permissions to users to execute certain actions. As one of my colleagues says (Kyle), what developers care about in the …[read more]
It's usually the small things that make a big difference. As I was updating my Function Core tools today (the Functions CLI) I was pleasantly surprised to notice some new functionality which was added to the tooling. The Functions team has added the capability to enforce/use HTTPS when developing and debugging in the local development using the Functions Core tools. If you're new to Azure Functions and never used the Core tools, then you may be surprised to find that we now have 2 versions of the tools. I know, but stay with me because they currently server different …[read more]
In the early days of ASP.NET Core, Kestrel (the lightweight, open source web server) was fairly basic. And this was totally intentional! Kestrel provides a mechanism to spin up and run ASP.NET Core websites and APIs fast and efficiently with as little overhead as possible. This, combined with the other ASP.NET Core improvements (90% smaller HTTP requests etc) have contributed to ASP.NET Core's speed. Kestrel was great at its job but in some cases proved to be very basic. It's important to understand that Kestrel was never intended to run applications in production. Instead, the recommendation …[read more]
I'm a big proponent of delegated authentication. It's no surprise that Broken Authentication is #2 at the OWASP top 10 latest report. It's been #2 for a very long time, which means that developers and enterprises are still getting this wrong. There are so many ways that authentication that can go wrong, that delegated authentication should be the preferred and possibly the default choice for all platforms. There are many different services that can provide this. I've heavily worked with Azure AD and Azure AD B2C but this time I wanted to take Auth0 for a spin. In this post …[read more]