Wired2Win Azure Webinar: Building Mobile Apps using Azure Mobile Services
IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.
-
Upload
moses-mills -
Category
Documents
-
view
238 -
download
2
Transcript of IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.
![Page 1: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/1.jpg)
IT Unity Webinar SeriesSeptember 2015
Using Azure Active Directory to Secure Your Apps
![Page 2: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/2.jpg)
Using Azure AD To Secure Your AppsPart 1: Introduction to Azure AD
http://itunity.com/go/azure1
Part 2: Integrating Azure ADNow
Part 3: Advanced Azure AD TopicsSeptember 30th
![Page 3: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/3.jpg)
About MeSharePoint Solution Architect / DeveloperSpeaker / Trainer / MentorMicrosoft MVP – Office 365 (Previously SharePoint Server)
![Page 4: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/4.jpg)
Part 2: Integrating Azure Active Directory
Using Azure AD to Secure Your Apps
![Page 5: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/5.jpg)
AgendaUsing Azure AD to secure a web application
Using Azure AD to secure a service
Consuming a service secured by Azure AD
Question and Answer
![Page 6: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/6.jpg)
Application Types and Scenarios
![Page 7: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/7.jpg)
Using Azure AD to secure a Web Application
![Page 8: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/8.jpg)
Application Types and Scenarios
![Page 9: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/9.jpg)
Secure a Web Application?Allow access only to certain users
Authorization
Restrict functionality to members of a role.
Authentication
![Page 10: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/10.jpg)
Security PrincipalsUsers
Groups
“Service Accounts”
Application
![Page 11: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/11.jpg)
Authentication & AuthorizationWhat is Authentication (AuthN)?
The process of verifying a principal’s identity.
What is Authorization (AuthZ)?
Determines which resources the principal can access.
![Page 12: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/12.jpg)
AuthN/AuthZ Roles
Authentication and Authorization roles
Appl
icati
onIn
fras
truc
ture
Phase
Start
Logon Logon Valid?
Allowed to execute
function?
Authentication
Authorization
![Page 13: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/13.jpg)
Common Authentication methods Integrated Windows NT Authentication
Forms-Based Authentication.NET MembershipASP.NET Identity
Claims-based Authentication
Anonymous
![Page 14: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/14.jpg)
Authenticating Users in the cloudIntegrated NT not usually possible
Unless running a managed cloud
FBA requires management interface creationIs your code secure? Your password storage
container?
Claims-based is current standardMultiple formats, but same concepts
AnonymousWell…
![Page 15: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/15.jpg)
Claims in real lifeForm I-9
Purchasing Alcohol
Login with Facebook
![Page 16: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/16.jpg)
Auth Protocols & Code Libraries
![Page 17: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/17.jpg)
Authenticating UsersExternalize authentication
No more ASP.NET Membership
Authentication delegated to an Identity Provider (IdP)IdP issues a token that contains claimsClaims are used in Authorization decisions
![Page 18: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/18.jpg)
Authenticating Users - ProtocolsWS-FED
SAML format (Security Assertion Markup Language)
ProvidersAzure Access Control ServicesActive Directory Federation Services (AD FS)
OpenID ConnectJWT formatProviders
Azure Active Directory (Azure AD)Social Networks
![Page 19: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/19.jpg)
Authenticating Users – LibrariesWF-FED / SAML
Windows Identity Foundation (WIF)System.IdentityModel & System.Security.Claims
namespaces (4.5)Identity & Access Control in VS2012Change Authentication button on New Project Dialog
(VS2013 & VS2015)
OpenID ConnectADAL (Active Directory Authentication
Library)Builds on top of WIFBoth managed and javascript librariesProject templates in VS2015
![Page 20: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/20.jpg)
Authentication in Azure AD
![Page 21: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/21.jpg)
Authentication in Azure AD
![Page 22: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/22.jpg)
Web Browser to Web Application
![Page 23: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/23.jpg)
DemoConfiguring an ASP.NET application to authenticate to Azure AD
![Page 24: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/24.jpg)
OpenIDConnect using OWIN (VS2015)public void ConfigureAuth(IAppBuilder app){ app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = authority, PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications() { AuthenticationFailed = (context) => { return System.Threading.Tasks.Task.FromResult(0); } } } ); // This makes any middleware defined above this line run before the // Authorization rule is applied in web.config app.UseStageMarker(PipelineStage.Authenticate); }
![Page 25: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/25.jpg)
WS-FED using WIF (VS2013)public static void ConfigureIdentity() { RefreshValidationSettings(); Realm = ConfigurationManager.AppSettings["ida:realm"]; AudienceUri = ConfigurationManager.AppSettings["ida:AudienceUri"]; if (!String.IsNullOrEmpty(AudienceUri)) { UpdateAudienceUri(); }}
public static void RefreshValidationSettings() { string metadataLocation = ConfigurationManager.AppSettings["ida:FederationMetadataLocation"];
public static void UpdateAudienceUri() { int count = FederatedAuthentication.FederationConfiguration
![Page 26: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/26.jpg)
Using Azure AD to Secure a Service
![Page 27: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/27.jpg)
Application Types and Scenarios
![Page 28: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/28.jpg)
Web Application to WebAPI
![Page 29: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/29.jpg)
DemoConfiguring a WebAPI project to authenticate to Azure AD
Click icon to add picture
![Page 30: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/30.jpg)
Azure AD issued Bearer Tokens
public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = ConfigurationManager.AppSettings["ida:Audience"], Tenant = ConfigurationManager.AppSettings["ida:Tenant"] });}
![Page 31: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/31.jpg)
Consuming a Service Secured by Azure AD
![Page 32: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/32.jpg)
OAuth2 - AppIdentityprivate static AuthenticationContext authContext = new AuthenticationContext(authority);private static ClientCredential clientCredential = new ClientCredential(clientId, appKey);
// ADAL includes an in memory cache, so this call will only send // a message to the server if the cached token is expired.AuthenticationResult result = authContext.AcquireToken(todoListResourceId, clientCredential);
HttpClient client = new HttpClient();HttpRequestMessage request = new HttpRequestMessage( HttpMethod.Get, todoListBaseAddress + "/api/todolist?ownerid=" + ownerId);request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);HttpResponseMessage response = await client.SendAsync(request);
![Page 33: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/33.jpg)
Resources
![Page 34: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/34.jpg)
Resources – Notables Cloud Identity Blog – Vittorio Bertocci
http://www.cloudidentity.com/blog/
Dominick Baierhttp://leastprivilege.com/
Brock Allenhttp://brockallen.com/
![Page 35: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/35.jpg)
Resources – Azure ADAzure Active Directory developer's guide
http://aka.ms/aaddev
Authentication Scenarios for Azure ADhttps://azure.microsoft.com/en-us/documentation/articles/active-directory-authentication-scenarios/
Azure Active Directory Authentication Librarieshttps://azure.microsoft.com/en-us/documentation/articles/active-directory-authentication-libraries/
Azure Active Directory Code Sampleshttps://azure.microsoft.com/en-us/documentation/articles/active-directory-code-samples/
![Page 36: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/36.jpg)
Resources – updates to app modelNow in public preview: The Converged
Microsoft Account and Azure Active Directory Programming Modelhttp://blogs.technet.com/b/ad/archive/2015/08/12/azure-ad-microsoft-account-preview-sign-in-personal-and-work-accounts-using-a-single-stack.aspx
Working with the converged Azure AD v2 app modelRich DiZerega
http://blogs.msdn.com/b/richard_dizeregas_blog/archive/2015/09/04/working-with-the-converged-azure-ad-v2-app-model.aspx
![Page 37: IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.](https://reader031.fdocuments.in/reader031/viewer/2022031901/56649e885503460f94b8c7b6/html5/thumbnails/37.jpg)
Using Azure AD To Secure Your AppsPart 1: Introduction to Azure AD
http://itunity.com/go/azure1
Part 2: Integrating Azure ADhttp://itunity.com/go/azure2
Part 3: Advanced Azure AD TopicsSeptember 30th
http://itunity.com/go/azure3