Recent DiscussionsMost RecentNewest TopicsMost LikesSolutionsTagged:TagRe: Authentication API on Azure ADHello - yes, I think this might be exactly what you are looking for: https://learn.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow It takes some getting use (re., a bit of a learning curve), but I highly recommend spending the time exploring the REST APIs using https://developer.microsoft.com/en-us/graph/graph-explorerRe: API Tokens expirationBest practice would be not to have long living tokens. Renewing tokens should be built into your API either proactively by refreshing before the token expires or as a reaction to an unauthorized response. Many frameworks have this capability built in or has guidance on implementing these patterns.Re: How do i test an application which uses OWIN loginHello Gareth, I primarily work in c# and have not touched VB since the early 2000s. I see a good resource of examples at https://www.example-code.com/vbnet/oauth2.asp One thing that is interesting, is the examples use json files for the configuration. This makes me think in your situation the configuration might be coming from a file or database of some kind. Another good example: https://www.gemboxsoftware.com/email/examples/authenticate-using-oauth-c-sharp-vb/109 Unfortunately my only suggestion is keep searching. Keywords like Http, HttpWebRequest. And you might get lucky depending on who wrote the code with words like oauth and redirect. Re: How do i test an application which uses OWIN loginYes, you do. The redirect information is in the URL that your application sends to AAD. In my words, your local application on your pc constructs a URL for AAD. That contains who the application is including what location (url) AAD should send the browser back to once AAD is done authenticating the user. This means your application needs to add the redirect url in the message. Your VB is already doing this and most likely it is in a configuration file. Have a search for the url in your code base. You might get lucky, find the value and simply be able to replace it with your local. Just don't forget to reverse the change before submitting your changes 🙂Re: How do i test an application which uses OWIN loginHello Gareth, You will need to specify the re-direct to your local endpoint. In case you are not aware, the redirect happens at the client (browser) so a local reference (for example, https://localhost:7071/mywebsite) is ok. You will also need to add teh redirect url in your application registration in AAD. Re: Azure WAF - Resources for understanding policiesI have been sent this: https://github.com/libinjection/libinjection/blob/49904c42a6e68dc8f16c022c693e897e4010a06c/src/libinjection_xss.c This is the start of answering my question, but I am hoping to find a better resource for understanding what is triggering the rules.Azure WAF - Resources for understanding policies I am looking for some guidance around setting up the WAF including suitable exclusions. The issue I am running into is the documentation does not identify why something was triggered. For example, I know the http header Referrer contains something that is triggering XSS. I believe it is because in the url there are the two characters "on" in the endpoint "https://mysite.com/onecode?para1=test¶2=fred", but I am just making an educated guess. I would then think I would create an exclusion to say do not trigger if the url contains "onecode". That is not really good enough though as what if the url contains onecode and another occurrence of "on" that should trigger XSS (for example in one of the parameters). I would think everyone would have this issue so I am surprised I did not find anything in docs or Architecture Centre.
Recent Blog ArticlesNewest TopicsMost LikesTagged:TagGetting started with FinOps in Cloud Computing The FinOps Foundation defines FinOps as "operational framework and cultural practice which maximizes the business value of cloud, enables timely data-driven decision making, and creates financial acc...Mastering API Management - Demos and best practices (presentation highlight) I recently had the opportunity to present at the Wellington .NET User Group about Azure API Management (APIM) and common pitfalls I see teams encounter. A key takeaway is that all aspects of a soluti...How To: APIM Asynch to Synch Pattern Just because you can do something, does not mean you should... In this How To post, I will use APIM to turn an asynchronous messaging into a synchronous messaging by publishing a message to Azure Ser...How To: Retrieve from CosmosDB using Azure API Management In this How To, I will show a simple mechanism for reading items from CosmosDB using Azure API Management (APIM). There are many scenarios where you might want to do this in order to leverage the cap...How To: Send requests to Azure Storage from Azure API Management In this How To, I will show a simple mechanism for writing a payload to Azure Blob Storage from Azure API Management. Some examples where this is useful is implementing a Claim-Check pattern for larg...
