User Profile
chilberto
Iron Contributor
Joined 8 years ago
User Widgets
Recent Discussions
Re: Authentication API on Azure AD
Hello - yes, I think this might be exactly what you are looking for: https://learn.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow It takes some getting use (re., a bit of a learning curve), but I highly recommend spending the time exploring the REST APIs using https://developer.microsoft.com/en-us/graph/graph-explorer1.1KViews0likes0CommentsRe: API Tokens expiration
Best practice would be not to have long living tokens. Renewing tokens should be built into your API either proactively by refreshing before the token expires or as a reaction to an unauthorized response. Many frameworks have this capability built in or has guidance on implementing these patterns.3KViews0likes1CommentRe: How do i test an application which uses OWIN login
Hello Gareth, I primarily work in c# and have not touched VB since the early 2000s. I see a good resource of examples at https://www.example-code.com/vbnet/oauth2.asp One thing that is interesting, is the examples use json files for the configuration. This makes me think in your situation the configuration might be coming from a file or database of some kind. Another good example: https://www.gemboxsoftware.com/email/examples/authenticate-using-oauth-c-sharp-vb/109 Unfortunately my only suggestion is keep searching. Keywords like Http, HttpWebRequest. And you might get lucky depending on who wrote the code with words like oauth and redirect.2.7KViews0likes0CommentsRe: How do i test an application which uses OWIN login
Yes, you do. The redirect information is in the URL that your application sends to AAD. In my words, your local application on your pc constructs a URL for AAD. That contains who the application is including what location (url) AAD should send the browser back to once AAD is done authenticating the user. This means your application needs to add the redirect url in the message. Your VB is already doing this and most likely it is in a configuration file. Have a search for the url in your code base. You might get lucky, find the value and simply be able to replace it with your local. Just don't forget to reverse the change before submitting your changes 🙂2.8KViews0likes2CommentsRe: How do i test an application which uses OWIN login
Hello Gareth, You will need to specify the re-direct to your local endpoint. In case you are not aware, the redirect happens at the client (browser) so a local reference (for example, https://localhost:7071/mywebsite) is ok. You will also need to add teh redirect url in your application registration in AAD.2.8KViews0likes4CommentsRe: Azure WAF - Resources for understanding policies
I have been sent this: https://github.com/libinjection/libinjection/blob/49904c42a6e68dc8f16c022c693e897e4010a06c/src/libinjection_xss.c This is the start of answering my question, but I am hoping to find a better resource for understanding what is triggering the rules.2.1KViews0likes0CommentsAzure WAF - Resources for understanding policies
I am looking for some guidance around setting up the WAF including suitable exclusions. The issue I am running into is the documentation does not identify why something was triggered. For example, I know the http header Referrer contains something that is triggering XSS. I believe it is because in the url there are the two characters "on" in the endpoint "https://mysite.com/onecode?para1=test¶2=fred", but I am just making an educated guess. I would then think I would create an exclusion to say do not trigger if the url contains "onecode". That is not really good enough though as what if the url contains onecode and another occurrence of "on" that should trigger XSS (for example in one of the parameters). I would think everyone would have this issue so I am surprised I did not find anything in docs or Architecture Centre.2.2KViews0likes2Comments
Recent Blog Articles
Mastering API Management - Demos and best practices (presentation highlight)
I recently had the opportunity to present at the Wellington .NET User Group about Azure API Management (APIM) and common pitfalls I see teams encounter. A key takeaway is that all aspects of a soluti...1.1KViews1like0Comments