Adventures with Azure Functions: Secure a Function App with Azure Active Directory

While authorization keys make it easy to work with Azure Functions, they are not recommend as the way to secure an Azure Function in production. There are three recommend ways to secure an Azure Function in production: Turn on App Service Authentication/Authorization Use Azure API Management (APIM) to authenticate requests. Deploy your function app to…

Auth0 to Azure AD B2C Migration – Part 3

This is the last article of three part series that started with Auth0 to Azure AD B2C Migration – Part 1 and Auth0 to Azure AD B2C Migration Part 2. The repository for this article is located at https://github.com/mattruma/Auth0AzureADB2CMigrationDemo, where for the sake of this article, we will be working with the AzureADB2CWebApp project. Now…

Auth0 to Azure AD B2C Migration – Part 2

We have already looked at an ASP.NET Core 2.2 application that leveraged Auth0 for authentication, we will now direct our attention to developing a similar application that leverages Azure Active Directory B2C (Azure AD B2C) for authentication. First we will need to create our Azure AD B2C tenant in the Azure portal. Login to the…

Auth0 to Azure AD B2C Migration – Part 1

In this series of articles we will look at converting an existing ASP.NET Core 2 Web Application from using Auth0 to using Azure AD B2C. This series of articles assumes you have some familiarity with Auth0 and Azure AD B2C, but just in case you don’t, below are several links that should get you caught…

Azure AD B2C … Almost

I have been using Auth0 now for a couple of years, but for a new project, I wanted to try leveraging Azure AD B2C.  At first things went smoothly, as long as I stayed on the “happy path” I was able to do what I wanted to do. As soon as I started to stray…

Passing Scope to Azure AD B2C

I have been playing a lot lately with Azure AD B2C, trying to look at replacing Auth0 with Azure AD B2C. Auth0 is definitely the easier of the two to implement, for now. Anyway, I have been using Postman to authenticate to Azure AD B2C when I began struggling with how to pass multiple scopes. …

JSON Web Tokens

This site https://jwt.io is a great resource to view the contents of a JSON Web Token. I was having problems with a token complaining that it was not valid, only to discover that, for some reason, I was receiving an outdated or expired token. So I took the expiration value and converted it to a…