Introducing Experimental Tools

Recently I've started working on a new pet project called Experimental Tools (ET). The idea is to build a Visual Studio extension that provides a number of useful refactorings, code analyzers and fixes that make our everyday work more enjoyable by removing common chores when writing code. There are plenty of options already available, some paid ones and some free. »

Setting up your ASP.NET Core apps and services for Azure AD B2C

So far we've been looking at corporate or organizational accounts in context of working with Azure AD. But for customer facing applications it's important to provide a way for users to register themselves and use their existing accounts in various well-known services to authenticate with your applications. Today we're going to look at Azure AD B2C, the service designed specifically »

June, 2016 meet-up of Belarus Azure User Group

Last week on June'21 we've had another meet-up event of our local Azure User Group where people interested in learning how Azure can help them build great solutions of tomorrow share their experience and adventures. This time around we talked about Azure Active Directory and efficient file storage. I labeled my talk "Azure AD for developers" as I was trying »

Accessing Azure AD protected resources using OpenID Connect

Last time we had a look at the canonical OAuth2 Authorization Grant and tested it with ASP.NET Cored based API and web applications. We had identified key characteristics of the flow and emphasized authorization nature of it and the OAuth2 protocol in general. This time let's have a look at the user identity side of the story and the »

Accessing Azure AD protected resources using OAuth2 Authorization Code Grant

OAuth2 Authorization Code Grant is an interactive authorization flow that enables users to give their consent for client applications to access their resources. It's meant to be used with confidential clients which are the clients that are able to keep their credentials safe. A traditional server-side web application is a confidential client. The flow requires a user agent (a browser »

Application and user permissions in Azure AD

Last time we had a tour over the experience of having your APIs protected by Azure AD. In this post I'd like to dive a little deeper into how you can better control access with roles that you can assigned to users and applications. I'm still using my BookFast API playground app and there are 2 activities that we're going »

Protecting your APIs with Azure Active Directory

When building web APIs you inevitably have to decide on your security strategy. When making this important decision you want to go with a solution that is rock solid, scales well and enables modern work flows for users accessing your APIs from variety of devices as well as for other systems and components that may take advantage of integrating with »

Generating clients for your APIs with AutoRest

When building Web APIs it's often required to provide client adapters between various programming stacks and raw HTTP REST APIs. These 'clients' can be built manually but it's often a rather tedious task and it adds to your development efforts as you need to keep the clients in sync with your services as you evolve them. There had to be »