Book Image

Azure Active Directory for Secure Application Development

By : Sjoukje Zaal
Book Image

Azure Active Directory for Secure Application Development

By: Sjoukje Zaal

Overview of this book

Azure Active Directory for Secure Application Development is your one-stop shop for learning how to develop secure applications using modern authentication techniques with Microsoft Azure AD. Whether you’re working with single-tenant, multi-tenant, or line-of-business applications, this book contains everything you need to secure them. The book wastes no time in diving into the practicalities of Azure AD. Right from the start, you’ll be setting up tenants, adding users, and registering your first application in Azure AD. The balance between grasping and applying theory is maintained as you move from the intermediate to the advanced: from the basics of OAuth to getting your hands dirty with building applications and registering them in Azure AD. Want to pin down the Microsoft Graph, Azure AD B2C, or authentication protocol best practices? We’ve got you covered. The full range of Azure AD functionality from a developer perspective is here for you to explore with confidence. By the end of this secure app development book, you’ll have developed the skill set that so many organizations are clamoring for. Security is mission-critical, and after reading this book, you will be too.

Related Content you might be interested in

Current Title:

Small book image
Azure Active Directory for Secure Application Development
Sjoukje Zaal
May, 2022 | 268 pages
Small book image
Cloud Identity Patterns and Strategies
Giuseppe Di Federico | Fabrizio Barcaroli
Dec, 2022 | 258 pages
Small book image
Mastering Identity and Access Management with Microsoft Azure.
Jochen Nickel
Feb, 2019 | 698 pages
Small book image
Architecting Microsoft Azure Solutions - Exam Guide 70-535
Sjoukje Zaal
Apr, 2018 | 418 pages
Table of Contents (14 chapters)
Preface
Preface
What this book covers
To get the most out of this book
Download the color images
Download the example code files
Conventions used
Get in touch
Share Your Thoughts
1
Part 1: Getting Started with the Microsoft Identity Platform
Part 1: Getting Started with the Microsoft Identity Platform
Free Chapter
2
Chapter 1: Microsoft Identity Platform Overview
Chapter 1: Microsoft Identity Platform Overview
Learning about the Microsoft identity platform
Understanding the evolution of the Microsoft identity platform
Introducing Azure AD
Introducing Azure AD B2B
Introducing Azure AD B2C
Setting up an Azure AD tenant
Adding a user to Azure AD
Cleaning up the resources
Summary
Further reading
3
Chapter 2: Azure AD Application Model
Chapter 2: Azure AD Application Model
Technical requirements
Introducing the Azure AD application model
Learning about application and service principal objects in Azure AD
Registering an application with the Microsoft identity platform
Setting redirect URIs
Understanding permissions and consent
Understanding certificates and secrets
Restricting your Azure AD app to a set of users
Registering an application using PowerShell and the CLI
Summary
Further reading
4
Chapter 3: Application Types and User Consent
Chapter 3: Application Types and User Consent
Technical requirements
Public client and confidential client applications
Understanding the authorization code flow
Understanding the different application types
Building a web app that authenticates users using Azure AD
Understanding the Azure AD application consent experience
Understanding how end users consent to applications
Publisher verification
Summary
Further reading
5
Part 2: Authentication and Protocols
Part 2: Authentication and Protocols
6
Chapter 4: The Basics and Evolution of Authentication
Chapter 4: The Basics and Evolution of Authentication
Evolution of identity protocols
Authentication versus authorization
Pre-claims authentication techniques
Claims-based identity
First-generation protocols
Modern protocols
Summary
Further reading
7
Chapter 5: Securing Applications with OAuth 2.0, OpenID Connect, and MSAL
Chapter 5: Securing Applications with OAuth 2.0, OpenID Connect, and MSAL
Technical requirements
The OAuth 2.0 framework and its specifications
The OpenID Connect protocol and its specifications
The OAuth 2.0 and OpenID Connect flows
An overview of the Microsoft Identity Web authentication library
An overview of MSAL
Securing your application using OAuth 2.0, OpenID Connect, and MSAL
Summary
Further reading
8
Chapter 6:Building Secure Services Using the Microsoft Graph API
Chapter 6:Building Secure Services Using the Microsoft Graph API
Technical requirements
An overview of Microsoft Graph
Accessing data and methods
Queries, batching, throttling, and paging
The Microsoft Graph SDK
Building a web application that uses the Microsoft Graph API
Summary
Further reading
9
Part 3: Azure AD B2C
Part 3: Azure AD B2C
10
Chapter 7: Introducing Azure Active Directory B2C
Chapter 7: Introducing Azure Active Directory B2C
Technical requirements
Introducing Azure AD B2C
Creating an Azure AD B2C tenant and adding a user
Registering an application in Azure AD B2C
Understanding user flows
Setting up the custom web application
Summary
Further reading
11
Chapter 8: Advanced Features of Azure AD B2C
Chapter 8: Advanced Features of Azure AD B2C
Technical requirements
Identity providers in Azure AD B2C
Customizing the UI
Localization and language customization
Azure AD B2C and Microsoft Graph
Custom domains for Azure AD B2C
Summary
Further reading
12
Chapter 9: Azure AD B2C Custom Policies
Chapter 9: Azure AD B2C Custom Policies
Technical requirements
Understanding custom policies
Introducing the Identity Experience Framework
Creating a custom policy
Summary
Further reading
Why subscribe?
13
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Setting up an Azure AD tenant

In this section, we are going to set up a new Azure AD tenant inside an Azure subscription.

Important Note

If you are new to Azure and don't have a subscription already, you can sign up for a free account here: https://azure.microsoft.com/en-us/free/.

Microsoft also offers the Microsoft 365 Developer Program. Here you can sign up for an E5 licensed tenant with no need to sign up for a subscription, no credit card needed, and you get access to sample data packs. The tenant is live by default for 90 days and it will automatically renew if it is actively used. If you want to use an environment that includes a fully functional E5 license including all the features and sample data, this is the way to go. You can sign up for this program here: https://developer.microsoft.com/en-us/microsoft-365/dev-program.

To create a new Azure AD tenant, you have to take the following steps:

  1. Open a web browser and navigate to https://portal.azure.com.
  2. In the overview page of Azure AD, in the top menu, select + Create a resource:
Figure 1.3 – Azure portal overview

Figure 1.3 – Azure portal overview

  1. Search for Azure Active Directory in the search box and select it.
  2. Click the Create button to start creating a new Azure AD tenant.
  3. Next, in the Basic tab, you need to select the type of tenant that you want to create, an Azure Active Directory or Azure Active Directory (B2C) tenant. Azure Active Directory will be selected by default. Make sure that it is selected and click Next: Configuration:
Figure 1.4 – Selecting the type of tenant to create

Figure 1.4 – Selecting the type of tenant to create

  1. In the next screen, you need to specify the values for the Azure AD tenant. I've used the following values, but you have to fill in a unique name here:
    • Organization name: PacktPubDev.
    • Initial domain name: PacktPubDev. This will result in the following domain name: PacktPubDev.onmicrosoft.com.
    • Country/Region: Here, select your current country or region.

Your settings will look like the following screenshot:

Figure 1.5 – Specifying Azure AD tenant details

Figure 1.5 – Specifying Azure AD tenant details

  1. Click Review + create and Create. If needed, prove that you are not a robot and then click Submit to create the Azure AD tenant.

It will take a couple of minutes before the Azure AD tenant is created. After it is created, we can start adding our first user to it. Let's cover this in the next section.

Previous Section
End of Section 7
Next Section