Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DevSum: Azure AD B2C Application security made easy

120 views

Published on

The slides for my session at DevSum at May 23, 2019

Published in: Internet
  • Be the first to comment

  • Be the first to like this

DevSum: Azure AD B2C Application security made easy

  1. 1. Azure AD B2C: Application security made easy Sjoukje Zaal @SjoukjeZaal szaal@outlook.com #DevSum19
  2. 2. About me Sjoukje Zaal Principal Expert Microsoft / Azure MVP T: @SjoukjeZaal W: https://www.sjoukjezaal.com
  3. 3. Agenda What is AzureAD B2C andWhy should I use it? 01 Key Benefits and Capabilities • Demo 02 Flows & Policies • Demo 03 Identity Providers • Demo 04 Customize the UI • Demo 05
  4. 4. What is Azure Active Directory B2C? Azure AD B2C is an identity management service that enables you to customize and control how customers interact with your application.
  5. 5. Why use AzureActive Directory B2C? Highly available World wide scaling Secure Reliable
  6. 6. Key Benefits • Minimal application code • Easy to maintain • Enterprise-grade security features Simple & Secure • Multiple Identity Providers • .NET, iOS, and Android • Open standards Flexible
  7. 7. Capabilities Default Authentication Providers Social Media Identity Providers Custom Identity Providers Single Sign On Multi-factor authentication Enables & customize sign up/sign in Edit profiles
  8. 8. DEMO 1: REGISTERING THE APPLICATION
  9. 9. Sample application Web App MVC App for registering to-do items Calls Web API RequestsAccess tokens fromWeb API Tasks Web API Performs CRUD operations Scoped based access control
  10. 10. Application Code Open Standards • Open ID Connect • OAuth 2.0 MSAL
  11. 11. Demo Summary 7 Added values to web.config files 6 Copied the application Id’s from both apps 5 Generated and copied the client secret 4 Granted the read and write permissions to the demo web app (client) 3 Registered the demo web app 2 Published a read and write permission for theAPI 1 Registered theTasks demoWeb API
  12. 12. Flows & Policies Is triggered by application Predefined Reusable Custom Attributes User flows Configuration files XML Identity Experience Framework Standards- based OAuth 2.0, OIDC, SAML Custom Policies
  13. 13. When to use user flows Sign-up or sign- in with local or social accounts Self-service password reset Profile edit Multi-Factor Authentication
  14. 14. When to use custom policies Send a welcome email using your own email service provider Provision a user account in another system at the time of registration Use a user store outsideAzure AD B2C Validate user provided information with a trusted system by using an API
  15. 15. DEMO 2: CREATING A USER FLOW
  16. 16. Demo Summary 5 Run the application 4 Made changes to the web.config 3 Selected the included fields and returned claims 2 Selected the Identity Provider to enable the flow 1 Created a new user flow
  17. 17. Identity Providers Authentication Service Security tokens Out-of-the-box providers Client Id & Secret
  18. 18. DEMO 3: CONFIGURING AN IDENTITY PROVIDER
  19. 19. Demo Summary 4 Tested the user flow from the Azure B2C tenant 3 Enabled the Identity Provider in the user flow 2 Added the client id and client secret to the identity provider 1 Registered a new Identity Provider in Azure B2C
  20. 20. Page UI customization feature Customize look and feel Visual Consistency CORS Merges UI with HTML
  21. 21. DEMO 4: CUSTOMIZETHE UI
  22. 22. Demo Summary 6 Tested the user flow 5 Updated the user flow 4 Uploaded the HTML/CSS files to the Blob container 3 Created a custom HTML/CSS file 2 Enabled CORS 1 Created a storage account and blob container
  23. 23. Multi-factor authentication User flow level No code required
  24. 24. DEMO 5: ENABLING MFA
  25. 25. Demo Summary 3 Tested the application 2 Enabled Multifactor Authentication (MFA) 1 Openend the user flow settings
  26. 26. Wrap up It’s not Azure B2B App can be hosted everywhere Migrate with Azure AD Graph API Reporting and Monitoring Language customization
  27. 27. QUESTIONS?
  28. 28. And…. Last but not least – don’t forget to evaluate this session in the DevSum app! #DevSum19

×