🔒 Azure AD & Security
← Back to Portfolio
🔒
Azure AD & Security
Azure AD — Identity & Access Management
AZURE AD FUNDAMENTALS
Tenants · Directories
App Registrations
Service Principals
Managed Identities
Conditional Access
Entra ID · Microsoft Graph
OAUTH 2.0 & OPENID CONNECT
Authorization Code Flow
Client → Auth → Code → Token
PKCE · Redirect URIs · State
Client Credentials
Daemon · Service-to-service
Client Secret · Certificate
OpenID Connect
id_token · userinfo endpoint
Scopes · Claims mapping
OBO Flow
Token exchange
Downstream API
Device Code
Headless devices
Browser-less auth
JWT DEEP DIVE
Header: alg · typ · kid
Payload: sub · iss · aud · exp · iat · scp
Signature: RS256 / HS256
Validation: JWKS · Certs
Security: Replay · Nonce · Rotation
RBAC & AUTHORIZATION
Role-based access · [Authorize(Roles="Admin")]
Custom policies · Claims-based · Resource-based
Requirements · Handlers · Policy composition
Application Roles · Scope validation
INTEGRATION PATTERNS
Securing ASP.NET Core APIs · JWT Bearer
Multi-tenant architecture · Common/User tenant
Microsoft.Identity.Web · MSAL.js / MSAL.NET
Graph API · Azure SDK integration
TOKEN FLOW: Client → Azure AD → API
Client App
SPA / Mobile / Server
Azure AD STS
/authorize · /token
API Resource
Bearer token validation
Auth Request
Access Token
Protected Data