I forgot my admin pwd to this WordPress blog, hosted on my Azure web App service. At least for my own record, here are the steps to recover: Use Azure portal to find the Azure App service Select MySQL in App option. That opens phpMyadmin view Open localdb->wp_users to view the Users table. Select the […]
Author Archives: mrochon
To B2B or to B2C?
There are a number of articles (see here for a good example) comparing Azure B2B – a feature of Azure AD – and Azure B2C – a special type of Azure AD tenant. Both of these are designed to allow external identities – users who are not employees of the directory owner – to gain […]
Setting up for Azure B2C development
Note: updated to use the newer IEFPolicies PowerShell module (Sep 2021) Mar 2022: Added SAML-related tools The following describes some techniques, tools and approaches I found useful when developing applications with Azure AD B2C. The first part deals with setting up a newly created B2C tenant using the Azure portal only. The second part deals […]
Choosing the OAuth2 grant flow
The OAuth2 specifications define six different grant types (https://tools.ietf.org/html/rfc6749 and https://tools.ietf.org/html/draft-ietf-oauth-device-flow-15). Each provides the most optimal (from the security point of view) way of obtaining access or (for OIDC) id_tokens given the circumstances of the client application. This blog summarizes the questions that the implementer of the OAuth2 client application needs to ask and how […]
Using Groups in Azure AD B2C
Out-of-the-box AAD B2C does not expose any functionality related to Security Groups. They exist as an entity type and can be accessed via the regular Azure AD portal blade but there are no features for including user group membership in a token issued as a result of a user flow. To use groups you will […]
Azure BOTs – getting extra access tokens
Existing docs show how to enable use of OAuth2 in an Azure Bot application to sign-in the user and get an access token to MS Graph for the user. The following describes an approach for getting access tokens to more than one resource, without re-displaying the sign in dialog (using the V2 Azure AD endpoint). […]
Federation patterns using Azure AD
Objectives This post considers scenarios where an application needs to be accessed by users from many sources of authentication. (Office 365, owned and operated by Microsoft but whose use is managed separately by many independent organizations is an example of such a resource). It proposes a framework for determining an optimal solution for the application […]
Multi-tenant apps and Azure AD
MR: Nov 21st, 2019: I have modified my sample to use security groups in B2C to simulate application tenants and moved all functionality from a custom database to IEF policies. The new sample app’s source is available on GitHub. This is a follow up to my previous blog re multi-tenant applications using B2C. Here I […]
Developing an Azure AD B2C multi-tenant application
The ‘regular’ Azure AD has build-in support for multi-tenant applications. In that case, a user from any Azure AD tenant can sign in to an application registered in another tenant. The application can then use the user’s security context to give the user a view of data that is specific to that tenant. The goal […]
Claims augmentation with OWIN but outside of Startup code
Claims list included in the ClaimsPrincipal usually originate from the security token received by the application as part of user authentication (SAML, OpenIDConnect id token) or access authorization (OAuth2 bearer access token). However, sometimes there is a need to modify that list with claims derived from other sources: Attributes retrieved from custom databases Attributes not initially included […]