🔒

Azure AD & Security

Azure AD — Identity & Access Management AZURE AD FUNDAMENTALS Tenants · Directories App Registrations Service Principals Managed Identities Conditional Access Entra ID · Microsoft Graph OAUTH 2.0 & OPENID CONNECT Authorization Code Flow Client → Auth → Code → Token PKCE · Redirect URIs · State Client Credentials Daemon · Service-to-service Client Secret · Certificate OpenID Connect id_token · userinfo endpoint Scopes · Claims mapping OBO Flow Token exchange Downstream API Device Code Headless devices Browser-less auth JWT DEEP DIVE Header: alg · typ · kid Payload: sub · iss · aud · exp · iat · scp Signature: RS256 / HS256 Validation: JWKS · Certs Security: Replay · Nonce · Rotation RBAC & AUTHORIZATION Role-based access · [Authorize(Roles="Admin")] Custom policies · Claims-based · Resource-based Requirements · Handlers · Policy composition Application Roles · Scope validation INTEGRATION PATTERNS Securing ASP.NET Core APIs · JWT Bearer Multi-tenant architecture · Common/User tenant Microsoft.Identity.Web · MSAL.js / MSAL.NET Graph API · Azure SDK integration TOKEN FLOW: Client → Azure AD → API Client App SPA / Mobile / Server Azure AD STS /authorize · /token API Resource Bearer token validation Auth Request Access Token Protected Data