Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Azure Active Directory for Secure Application Development

You're reading from   Azure Active Directory for Secure Application Development Use modern authentication techniques to secure applications in Azure

Arrow left icon
Product type Paperback
Published in May 2022
Publisher Packt
ISBN-13 9781838646509
Length 268 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Sjoukje Zaal Sjoukje Zaal
Author Profile Icon Sjoukje Zaal
Sjoukje Zaal
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Part 1: Getting Started with the Microsoft Identity Platform
2. Chapter 1: Microsoft Identity Platform Overview FREE CHAPTER 3. Chapter 2: Azure AD Application Model 4. Chapter 3: Application Types and User Consent 5. Part 2: Authentication and Protocols
6. Chapter 4: The Basics and Evolution of Authentication 7. Chapter 5: Securing Applications with OAuth 2.0, OpenID Connect, and MSAL 8. Chapter 6:Building Secure Services Using the Microsoft Graph API 9. Part 3: Azure AD B2C
10. Chapter 7: Introducing Azure Active Directory B2C 11. Chapter 8: Advanced Features of Azure AD B2C 12. Chapter 9: Azure AD B2C Custom Policies 13. Other Books You May Enjoy

Understanding the evolution of the Microsoft identity platform

The Microsoft identity platform is the evolution of the Azure AD developer platform. Many developers have worked with the Azure AD platform previously to authenticate against Azure AD. For this, they have used the Azure AD v1.0 endpoint to authenticate using only work or school accounts. Work and school accounts are accounts that are all provisioned in Azure AD.

By using the Azure portal, the Microsoft Graph API, and the Azure AD Authentication Library (ADAL), developers can request access tokens from the Azure AD v1.0 endpoint. This can be done for both single-tenant apps as well as for multi-tenant apps.

By using the unified Microsoft identity platform (v2.0), you can authenticate using multiple types of accounts. It supports both organizational and consumer accounts to authenticate users. Unlike the v1.0 endpoint, the v2.0 endpoint is capable of authenticating using work or school accounts (that are provisioned in Azure AD), personal accounts, (Outlook, Xbox, Skype, or Live accounts), and social media accounts (for Azure AD B2C). Now you only have to write code once and you can authenticate with any Microsoft identity in your application.

You can add the open source MSAL, which is supported for several platforms, such as .NET, JavaScript, Java, and Python. Microsoft highly recommends using MSAL to connect to the identity platform endpoints. MSAL is highly reliable and has great performance, is easy to use, has support for single sign-on (SSO), and is developed using the Microsoft Secure Development Lifecycle (SDL). SDL is a topic of its own and way beyond the scope of this book, but in short, it is a software development process proposed and used by Microsoft internally that helps to reduce maintenance costs and increases the reliability of software related to software security.

The v2.0 endpoint also provides support for dynamic and incremental consent. This means that instead of specifying all the permissions upfront when you register your app in Azure AD, you can request the permissions incrementally. You only request consent for a basic set of permissions upfront that an ordinary user can consent to themselves. For instance, the ability to read their own profile data. Then, when a user tries to access different data in the application, such as a list of groups in the user's organization, the application will ask for the user or administrator's consent, depending on the permissions and how the tenant is configured. This will be covered in more detail later in this chapter.

MSAL also supports Azure AD Business to Consumer (Azure AD B2C). Customers that are using your applications and APIs can also use their social accounts to log in to the application.

In the next diagram, you will see an overview of the Microsoft identity experience at a high level, compared to the Azure AD developer platform:

Figure 1.2 – Microsoft identity platform experience

Figure 1.2 – Microsoft identity platform experience

Important Note

MSAL.NET can now directly connect to an ADFS authority. It does not need to go through Azure AD. This is only supported from AD FS 2019 and above. For more information, you can refer to https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/ADFS-support.

Now that we have some background information about the Microsoft identity platform and its predecessor, the Azure AD for Developers platform, we can now dive into Azure AD, which is the backbone for all applications and permissions in Azure.

You have been reading a chapter from
Azure Active Directory for Secure Application Development
Published in: May 2022
Publisher: Packt
ISBN-13: 9781838646509
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image