Book Image

Azure Active Directory for Secure Application Development

By : Sjoukje Zaal
Book Image

Azure Active Directory for Secure Application Development

By: Sjoukje Zaal

Overview of this book

Azure Active Directory for Secure Application Development is your one-stop shop for learning how to develop secure applications using modern authentication techniques with Microsoft Azure AD. Whether you’re working with single-tenant, multi-tenant, or line-of-business applications, this book contains everything you need to secure them. The book wastes no time in diving into the practicalities of Azure AD. Right from the start, you’ll be setting up tenants, adding users, and registering your first application in Azure AD. The balance between grasping and applying theory is maintained as you move from the intermediate to the advanced: from the basics of OAuth to getting your hands dirty with building applications and registering them in Azure AD. Want to pin down the Microsoft Graph, Azure AD B2C, or authentication protocol best practices? We’ve got you covered. The full range of Azure AD functionality from a developer perspective is here for you to explore with confidence. By the end of this secure app development book, you’ll have developed the skill set that so many organizations are clamoring for. Security is mission-critical, and after reading this book, you will be too.
Table of Contents (14 chapters)
Part 1: Getting Started with the Microsoft Identity Platform
Part 2: Authentication and Protocols
Part 3: Azure AD B2C

Learning about the Microsoft identity platform

The Microsoft identity platform is a comprehensive set of components that help developers to build applications that sign users in with various types of accounts, such as Microsoft identities or social media accounts. The types of applications that can make use of the platform and its components include web applications, web APIs, and mobile apps.

The Microsoft identity platform components consist of authentication services, a set of open source libraries, and various application management tools. These different sorts of tools are specified in more detail as follows:

  • Industry standards: The base platform is completely based on industry standards, such as OAuth 2.0, OpenID Connect, and SAML v2.0.
  • Identities: The platform offers developers the ability to use the OpenID Connect standard-compliant authentication service to authenticate using a variety of identity types:
    • Work or school accounts: These are stored in Azure Active Directory (Azure AD).
    • Personal Microsoft accounts: For example, Xbox, Outlook, Skype, and Hotmail accounts.
    • Social or local accounts: With Azure AD B2C, you can use both social accounts (such as Facebook, Google, and Twitter) or local (external database or partner email) accounts. Azure App Services authentication supports authenticating using Azure AD and a few social accounts, such as Facebook and Google.
  • Open source libraries: The Microsoft identity platform offers the Microsoft Authentication Library (MSAL) and support for other standard-compliant libraries.
  • Application management portal: Applications can be registered and configured in Azure AD by using the Azure portal. From here, applications can also be configured.
  • Application configuration API and PowerShell: The Microsoft identity platform has support for registering and configuring your applications using the Graph API and PowerShell. Using this programmatic approach, these tasks can be automated using your CI/CD pipelines.

The following diagram illustrates the different components of what the Microsoft identity platform is made of:

Figure 1.1 – Microsoft identity platform overview

Figure 1.1 – Microsoft identity platform overview

In the next section, we are going to investigate the evolution of the Microsoft identity platform.