Presentation is loading. Please wait.

Presentation is loading. Please wait.

4/8/2019 3:56 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.

Published byMaija Seppälä Modified over 5 years ago

Similar presentations

Presentation on theme: "4/8/2019 3:56 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS."— Presentation transcript:

1 4/8/2019 3:56 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 SDK Authentication and Secret Management
4/8/2019 3:56 PM BRK3342 SDK Authentication and Secret Management Josh Gavant, PM, Azure Tools © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Agenda Directory, identity, authentication Authentication and secrets
4/8/2019 3:56 PM Agenda Directory, identity, authentication Authentication and secrets Secret zero and other secrets Authentication and secrets in SDKs and Apps with demo! Recap and resources © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Directory, Identity, Authentication
4/8/2019 3:56 PM Directory, Identity, Authentication Active Directory (AAD) is a central directory of principals in Azure. It also provides protocol endpoints for authentication. Tokens can represent apps (services) and/or users. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Others Authorization Dataplane Accounts
Resource Manager Role-Based Access Control (RBAC) Key Vault Access Policies Dataplane Accounts Storage Service Bus CosmosDB Cognitive

6 Authentication and Secrets
4/8/2019 3:56 PM Authentication and Secrets Authentication proves ownership of an identity. Can this be otherwise proven? Yes, platform can attest to identity – managed identity. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Secret zero and other secrets
4/8/2019 3:56 PM Secret zero and other secrets Secret Zero is the hardest, then it can get easier. Options for secret one (and two, three and four…): Key Vault Resource Manager Or OAuth and no secrets  What about client-side apps? OAuth implicit flow: no secrets, but no app identity Be careful with keys © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Authentication and Secrets in SDKs and Apps
Store secrets in environment Use `dotnet user-secrets` to store outside of code repo for ASP.NET. Environment variables and plaintext files work with SDKs but are discouraged. Get login tokens from CLI `az account get-access-token` Helpers in each SDK Get secrets from Key Vault (or Hashicorp Vault). Still requires local secret zero. Use Managed Identity within Azure. No secret zero needed! Use OAuth/AAD whenever possible.

9 Demo: User Profiles App https://github.com/joshgav/UserProfilesApp
4/8/2019 3:56 PM Demo: User Profiles App © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Recap Resources Avoid secret zero by using Managed Identity
Get other secrets from Key Vault (or Resource Manager) Use OAuth when possible Resources Demo: Managed Identity: Key Vault: Storage with OAuth:

11 Please evaluate this session Your feedback is important to us!
4/8/2019 3:56 PM Please evaluate this session Your feedback is important to us! Please evaluate this session through MyEvaluations on the mobile app or website. Download the app: Go to the website: © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 4/8/2019 3:56 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "4/8/2019 3:56 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS."

Similar presentations

A deep dive into Azure AD B2C

A deep dive into Azure AD B2C
1/27/2018 5:13 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

1/27/2018 5:13 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Enterprise grade security in your Hadoop clusters on Azure

Enterprise grade security in your Hadoop clusters on Azure
4/18/2018 1:15 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

4/18/2018 1:15 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Introduction to Windows Azure AppFabric

Introduction to Windows Azure AppFabric
5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.

5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.
Microsoft Connect /28/ :21 AM

Microsoft Connect /28/ :21 AM
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
Developing Hybrid Apps on Microsoft Azure Stack

Developing Hybrid Apps on Microsoft Azure Stack
6/25/2018 11:13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.

6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
Get Started Developing with Azure IoT Hub

Get Started Developing with Azure IoT Hub
Microsoft 2016 7/1/2018 5:38 PM Send secure email to anyone with the power of Office 365 and  Azure Information Protection Gagan Gulati Ian Hameroff.

Microsoft /1/2018 5:38 PM Send secure to anyone with the power of Office 365 and  Azure Information Protection Gagan Gulati Ian Hameroff.
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
The power of common identity across any cloud

The power of common identity across any cloud
Understand Hybrid Identity with Azure and Azure Stack

Understand Hybrid Identity with Azure and Azure Stack
Secure Remote Access to on-premises Web Apps using Azure AD

Secure Remote Access to on-premises Web Apps using Azure AD
Master Modern PaaS for the Enterprise with Azure App Service

Master Modern PaaS for the Enterprise with Azure App Service
Microsoft 365 Business: Under the Hood

Microsoft 365 Business: Under the Hood
Microsoft Ignite /8/2018 6:39 PM

Microsoft Ignite /8/2018 6:39 PM
SharePoint Online Management and Control

SharePoint Online Management and Control

Similar presentations

Ads by Google