Book Image

Azure Active Directory for Secure Application Development

By : Sjoukje Zaal
Book Image

Azure Active Directory for Secure Application Development

By: Sjoukje Zaal

Overview of this book

Azure Active Directory for Secure Application Development is your one-stop shop for learning how to develop secure applications using modern authentication techniques with Microsoft Azure AD. Whether you’re working with single-tenant, multi-tenant, or line-of-business applications, this book contains everything you need to secure them. The book wastes no time in diving into the practicalities of Azure AD. Right from the start, you’ll be setting up tenants, adding users, and registering your first application in Azure AD. The balance between grasping and applying theory is maintained as you move from the intermediate to the advanced: from the basics of OAuth to getting your hands dirty with building applications and registering them in Azure AD. Want to pin down the Microsoft Graph, Azure AD B2C, or authentication protocol best practices? We’ve got you covered. The full range of Azure AD functionality from a developer perspective is here for you to explore with confidence. By the end of this secure app development book, you’ll have developed the skill set that so many organizations are clamoring for. Security is mission-critical, and after reading this book, you will be too.
Table of Contents (14 chapters)
1
Part 1: Getting Started with the Microsoft Identity Platform
5
Part 2: Authentication and Protocols
9
Part 3: Azure AD B2C

Pre-claims authentication techniques

Pre-claims authentication techniques are the basics of authentication. Although these techniques are still heavily used in the identity landscape nowadays, they are old techniques, and frankly not secure enough anymore. In this section, we are going to cover password-based authentication and integrated authentication and look at the flaws of these authentication methods.

Password-based authentication

Throughout history, passwords have been used to verify someone's identity. In ancient Rome, watchwords were required for soldiers to enter certain areas. These watchwords were changed every day, engraved into tablets, and shared among the soldier units.

Passwords have also been used with computers since the earliest days of computing. The first computer system that implemented password login was the Compatible Time-Sharing System (CTSS), an operating system that was introduced at MIT in 1961. CTSS had a login command that requested a...