Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.

Published byMoses Mills Modified over 9 years ago

Similar presentations

Presentation on theme: "IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps."— Presentation transcript:

1 IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps

2 Using Azure AD To Secure Your Apps Part 1: Introduction to Azure AD http://itunity.com/go/azure1 Part 2: Integrating Azure AD Now Part 3: Advanced Azure AD Topics September 30 th

3 About Me SharePoint Solution Architect / Developer Speaker / Trainer / Mentor Microsoft MVP – Office 365 (Previously SharePoint Server)

4 Part 2: Integrating Azure Active Directory Using Azure AD to Secure Your Apps

5 Agenda Using Azure AD to secure a web application Using Azure AD to secure a service Consuming a service secured by Azure AD Question and Answer

6 Application Types and Scenarios

7 Using Azure AD to secure a Web Application

8 Application Types and Scenarios

9 Secure a Web Application? Allow access only to certain users Authorization Restrict functionality to members of a role. Authentication

10 Security Principals Users Groups “Service Accounts” Application

11 Authentication & Authorization What is Authentication (AuthN)? The process of verifying a principal’s identity. What is Authorization (AuthZ)? Determines which resources the principal can access.

12 AuthN/AuthZ Roles

13 Common Authentication methods Integrated Windows NT Authentication Forms-Based Authentication.NET Membership ASP.NET Identity Claims-based Authentication Anonymous

14 Authenticating Users in the cloud Integrated NT not usually possible Unless running a managed cloud FBA requires management interface creation Is your code secure? Your password storage container? Claims-based is current standard Multiple formats, but same concepts Anonymous Well…

15 Claims in real life Form I-9 Purchasing Alcohol Login with Facebook

16 Auth Protocols & Code Libraries

17 Authenticating Users Externalize authentication No more ASP.NET Membership Authentication delegated to an Identity Provider (IdP) IdP issues a token that contains claims Claims are used in Authorization decisions

18 Authenticating Users - Protocols WS-FED SAML format (Security Assertion Markup Language) Providers Azure Access Control Services Active Directory Federation Services (AD FS) OpenID Connect JWT format Providers Azure Active Directory (Azure AD) Social Networks

19 Authenticating Users – Libraries WF-FED / SAML Windows Identity Foundation (WIF) System.IdentityModel & System.Security.Claims namespaces (4.5) Identity & Access Control in VS2012 Change Authentication button on New Project Dialog (VS2013 & VS2015) OpenID Connect ADAL (Active Directory Authentication Library) Builds on top of WIF Both managed and javascript libraries Project templates in VS2015

20 Authentication in Azure AD

21

22 Web Browser to Web Application

23 Demo Configuring an ASP.NET application to authenticate to Azure AD

24 OpenIDConnect using OWIN (VS2015) public void ConfigureAuth(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = authority, PostLogoutRedirectUri = postLogoutRedirectUri, Notifications = new OpenIdConnectAuthenticationNotifications() { AuthenticationFailed = (context) => { return System.Threading.Tasks.Task.FromResult(0); } ); // This makes any middleware defined above this line run before the // Authorization rule is applied in web.config app.UseStageMarker(PipelineStage.Authenticate); }

25 WS-FED using WIF (VS2013) public static void ConfigureIdentity() { RefreshValidationSettings(); Realm = ConfigurationManager.AppSettings["ida:realm"]; AudienceUri = ConfigurationManager.AppSettings["ida:AudienceUri"]; if (!String.IsNullOrEmpty(AudienceUri)) { UpdateAudienceUri(); } } public static void RefreshValidationSettings() { string metadataLocation = ConfigurationManager.AppSettings["ida:FederationMetadataLocation"]; public static void UpdateAudienceUri() { int count = FederatedAuthentication.FederationConfiguration

26 Using Azure AD to Secure a Service

27 Application Types and Scenarios

28 Web Application to WebAPI

29 Demo Configuring a WebAPI project to authenticate to Azure AD

30 Azure AD issued Bearer Tokens public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = ConfigurationManager.AppSettings["ida:Audience"], Tenant = ConfigurationManager.AppSettings["ida:Tenant"] }); }

31 Consuming a Service Secured by Azure AD

32 OAuth2 - AppIdentity private static AuthenticationContext authContext = new AuthenticationContext(authority); private static ClientCredential clientCredential = new ClientCredential(clientId, appKey); // ADAL includes an in memory cache, so this call will only send // a message to the server if the cached token is expired. AuthenticationResult result = authContext.AcquireToken(todoListResourceId, clientCredential); HttpClient client = new HttpClient(); HttpRequestMessage request = new HttpRequestMessage( HttpMethod.Get, todoListBaseAddress + "/api/todolist?ownerid=" + ownerId); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); HttpResponseMessage response = await client.SendAsync(request);

33 Resources

34 Resources – Notables Cloud Identity Blog – Vittorio Bertocci http://www.cloudidentity.com/blog/ Dominick Baier http://leastprivilege.com/ Brock Allen http://brockallen.com/

35 Resources – Azure AD Azure Active Directory developer's guide http://aka.ms/aaddev Authentication Scenarios for Azure AD https://azure.microsoft.com/en-us/documentation/articles/active-directory- authentication-scenarios/ Azure Active Directory Authentication Libraries https://azure.microsoft.com/en-us/documentation/articles/active-directory- authentication-libraries/ Azure Active Directory Code Samples https://azure.microsoft.com/en-us/documentation/articles/active-directory- code-samples/

36 Resources – updates to app model Now in public preview: The Converged Microsoft Account and Azure Active Directory Programming Model http://blogs.technet.com/b/ad/archive/2015/08/12/azure-ad-microsoft- account-preview-sign-in-personal-and-work-accounts-using-a-single-stack.aspx Working with the converged Azure AD v2 app model Rich DiZerega http://blogs.msdn.com/b/richard_dizeregas_blog/archive/2015/09/04/ working-with-the-converged-azure-ad-v2-app-model.aspx

37 Using Azure AD To Secure Your Apps Part 1: Introduction to Azure AD http://itunity.com/go/azure1 Part 2: Integrating Azure AD http://itunity.com/go/azure2 Part 3: Advanced Azure AD Topics September 30 th http://itunity.com/go/azure3

Download ppt "IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps."

Similar presentations

Active Directory Federation Services How does it really work?

Active Directory Federation Services How does it really work?
 Introduction to: Claudio Sanchez | LinkedIn.com/in/ClaudioASanchez Single Sign On Evolved.

 Introduction to: Claudio Sanchez | LinkedIn.com/in/ClaudioASanchez Single Sign On Evolved.
TF-EMC2 | Lyon - France | February 2011 SAML WORK WITH SHAREPOINT, OWA, … Jean Marie THIA.

TF-EMC2 | Lyon - France | February 2011 SAML WORK WITH SHAREPOINT, OWA, … Jean Marie THIA.
Eric Raff. Usergroup up

Eric Raff. Usergroup up
SharePoint 2010 Business Productivity: What's new for Developers in Microsoft SharePoint 2010 Matthew McDermott, MVP Aptillon, Able Blue

SharePoint 2010 Business Productivity: What's new for Developers in Microsoft SharePoint 2010 Matthew McDermott, MVP Aptillon, Able Blue
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
Build 2015 4/16/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.

Build /16/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.
Jax ArcSig 3/22/2011 Keith Tingle. About Me Keith Tingle Lender Processing Services

Jax ArcSig 3/22/2011 Keith Tingle. About Me Keith Tingle Lender Processing Services
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every day.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every day.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.
Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages Browser Native app Server.

Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages Browser Native app Server.
“We bought Grandma a new TV. This is what my Dad did to her remote.”

“We bought Grandma a new TV. This is what my Dad did to her remote.”
SharePoint Server 2013 Architecture and Identity www.netcomlearning.com.

SharePoint Server 2013 Architecture and Identity
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
SPC204 Security Problems in SharePoint 2010 Authentication and Authorization.

SPC204 Security Problems in SharePoint 2010 Authentication and Authorization.
Authenticate user AuthenticationContext aCtx = new AuthenticationContext(“https://sts.contoso100.com/adfs); AuthenticationResult.

Authenticate user AuthenticationContext aCtx = new AuthenticationContext(“ AuthenticationResult.
Claims Based Authentication

Claims Based Authentication
First Look Clinic: What’s New for IT Professionals in Microsoft® SharePoint® Server 2013 Sayed Ali (MCTS, MCITP, MCT, MCSA, MCSE )

First Look Clinic: What’s New for IT Professionals in Microsoft® SharePoint® Server 2013 Sayed Ali (MCTS, MCITP, MCT, MCSA, MCSE )
Solution SusQtech (Winchester, VA) SharePoint MVP since 2007 Working with SharePoint since 2001 Work on all types of deployments Dream about.

Solution SusQtech (Winchester, VA) SharePoint MVP since 2007 Working with SharePoint since 2001 Work on all types of deployments Dream about.

Similar presentations

Ads by Google