SlideShare une entreprise Scribd logo

Programming Azure Active Directory (DevLink 2014)

Télécharger en tant que PPTX, PDF
Michael Collier
Michael Collier

Session from

Technologie
1  sur  37
Programming Azure Active Directory
17 COLUMBUS, OH OCTOBER 17, 2014 CLOUDDEVELOP.ORG
Opening Keynote Scott Guthrie October 21st, 2014 8:00am – 5:00pm PST http://azureconf.net
Assume you know what Microsoft Azure is and likely have an Azure subscription. This is not a Active Directory design session. Review common scenarios . . . Yours may be different. We’re not going to cover it all today . . . large, complicated topics with many options/scenarios.
Azure Active Directory - What is it?
Multi-tenant “directory-as-a-service” Identity & access for on-premises and cloud applications NOT a cloud version of Windows Server AD Image Source: http://technet.microsoft.com/en-us/library/jj573650.aspx
Extend Windows Server AD to the cloud Directory & identity services w/o need for Windows Server AD Each O365 tenant has instance of AAD Your App AAD Authentication platform Directory store Active Directory
Register an application with Azure AD Permissions Open source Azure AD authentication libraries
Visual Studio 2013 wizard makes it easy Register the application in Azure AD Set a database Set Sign-On URL, App ID and Reply URL Basic set of claims available from AAD
Working with the Graph
Read
Read Write
REST API Endpoints
REST API Endpoints Authentication with Azure AD
REST API Endpoints Authentication with Azure AD Role Based Access Control (RBAC)
REST API Endpoints Authentication with Azure AD Role Based Access Control (RBAC) Differential Queries
REST API Endpoints Authentication with Azure AD Role Based Access Control (RBAC) Differential Queries Directory Extensions
What’s in the directory? REST Graph API
Graph URL Tenant (domain or objectID) https://graph.windows.net/ Entity (user, group, role, etc) ?$filter=givenName eq 'Jon'&api-version=2013-11-08 OData query ($filter, $top) collierdemo.onmicrosoft.com/ API Version users
Active Directory Authentication Library (ADAL) for .NET
Microsoft.Azure.ActiveDirectory.GraphClient GraphConnection
Graph Security
My Application Service-to-Service OAuth 2.0 Grant Type Client Credentials Azure AD Authentication Endpoint (OAuth) (https://graph.windows.net) REST Service (validates token, process, returns data) Authorization Check Azure Active Directory 1) Request JWT token (provide clienID and secret) 2) Return JWT token 3) HTTP Request w/ JWT token 4) Return response
OAuth 2.0 Grant Type = Client Credentials // get OAuth token using Client Credentials string tenantName = "GraphDir1.onMicrosoft.com"; string issuingAuthority = "https://login.windows.net/" + tenantName; AuthenticationContext authenticationContext = new AuthenticationContext(issuingAuthority,false); // Config for OAuth client credentials string clientId = "118473c2-7619-46e3-a8e4-6da8d5f56e12"; string clientSecret = "hOrJ0r0TZ4GQ3obp+vk3FZ7JBVP+TX353kNo6QwNq7Q="; ClientCredential clientCred = new ClientCredential(clientId, clientSecret); string resource = "https://graph.windows.net"; string token; AuthenticationResult authenticationResult = authenticationContext.AcquireToken(resource, clientCred); token = authenticationResult.AccessToken; * Some values removed for readability OAuth 2.0 grant type, client_id, and client_secret configured in Azure portal
OAuth 2.0 Grant Type = Client Credentials POST https://login.windows.net/GraphDir1.onMicrosoft.com/oauth2/token Content-Type: application/x-www-form-urlencoded client-request-id: 1e38c3d3-dca3-42ff-8149-5db607b3488c return-client-request-id: true resource=https%3A%2F%2Fgraph.windows.net& client_id=118473c2-7619-46e3-a8e4-6da8d5f56e12& client_secret=hOrJ0r0TZ4GQ3obp%2Bvk3FZ7JBVP%2BTX353kNo6QwNq7Q%3D& grant_type=client_credentials * Some values removed for readability
OAuth 2.0 Grant Type = Client Credentials Content-Type: application/json; charset=utf-8 client-request-id: 1e38c3d3-dca3-42ff-8149-5db607b3488c Content-Length: 1160 {"token_type":"Bearer","expires_in":"3599","expires_on":"1407640794","not_before":"1407636894","resource":"https: //graph.windows.net","access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImtyaU1QZG1Cdng2OHNrV DgtbVBBQjNCc2VlQSJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLndpbmRvd3MubmV0IiwiaXNzIjoiaHR0cHM6Ly9zdHMud 2luZG93cy5uZXQvNGZkMmIyZjItZWEyNy00ZmU1LWE4ZjMtN2IxYTdjOTc1ZjM0LyIsImlhdCI6MTQwNzYzNjg5NCwib mJmIjoxNDA3NjM2ODk0LCJleHAiOjE0MDc2NDA3OTQsInZlciI6IjEuMCIsInRpZCI6IjRmZDJiMmYyLWVhMjctNGZlNS1 hOGYzLTdiMWE3Yzk3NWYzNCIsIm9pZCI6ImIwZGVhNTFlLWJkMDQtNGI5OS05NmEyLTE0ZDk5YjE5YmM2YSI………… ………….."} * Some values removed for readability
1. Leverage ADAL and Graph Library 2. Obtain authentication token 3. Set GraphSetting with API version of choice 4. Set filter properties (if desired) 5. Get, Create, or Delete User, Group, Application, etc.
Provide means to bring on-premises / custom schema extensions to Azure AD.
1. Obtain authentication token 2. Write against REST API directly 3. Ability to set custom properties on directory objects
Azure AD extends directory authentication to the cloud Enables single sign-on for web applications CRUD objects in the directory
Azure AD Graph API Azure AD Samples Azure AD Graph Team Blog Graph Explorer Building Web Apps and Mobile Apps Using Microsoft Azure Active Directory for Identity Management
Questions?
Programming Azure Active Directory (DevLink 2014)

Recommandé

More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)
Michael Collier
 
Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)
Michael Collier
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Michael Collier
 
More Cache for Less Cash
More Cache for Less CashMore Cache for Less Cash
More Cache for Less Cash
Michael Collier
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect Partner
Michael Collier
 
Inside Azure Diagnostics (DevLink 2014)
Inside Azure Diagnostics (DevLink 2014)Inside Azure Diagnostics (DevLink 2014)
Inside Azure Diagnostics (DevLink 2014)
Michael Collier
 
What's New for the Windows Azure Developer? Lots! (July 2013)
What's New for the Windows Azure Developer? Lots! (July 2013)What's New for the Windows Azure Developer? Lots! (July 2013)
What's New for the Windows Azure Developer? Lots! (July 2013)
Michael Collier
 
Inside Azure Diagnostics
Inside Azure DiagnosticsInside Azure Diagnostics
Inside Azure Diagnostics
Michael Collier
 

Recommandé

More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)
Michael Collier
 
Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)
Michael Collier
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Michael Collier
 
More Cache for Less Cash
More Cache for Less CashMore Cache for Less Cash
More Cache for Less Cash
Michael Collier
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect Partner
Michael Collier
 
Inside Azure Diagnostics (DevLink 2014)
Inside Azure Diagnostics (DevLink 2014)Inside Azure Diagnostics (DevLink 2014)
Inside Azure Diagnostics (DevLink 2014)
Michael Collier
 
What's New for the Windows Azure Developer? Lots! (July 2013)
What's New for the Windows Azure Developer? Lots! (July 2013)What's New for the Windows Azure Developer? Lots! (July 2013)
What's New for the Windows Azure Developer? Lots! (July 2013)
Michael Collier
 
Inside Azure Diagnostics
Inside Azure DiagnosticsInside Azure Diagnostics
Inside Azure Diagnostics
Michael Collier
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management Challenges
Michael Collier
 
Automating Your Azure Environment
Automating Your Azure EnvironmentAutomating Your Azure Environment
Automating Your Azure Environment
Michael Collier
 
10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will Fail10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will Fail
Michael Collier
 
Inside Azure Resource Manager
Inside Azure Resource ManagerInside Azure Resource Manager
Inside Azure Resource Manager
Michael Collier
 
Windows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldWindows Azure: Lessons From the Field
Windows Azure: Lessons From the Field
Michael Collier
 
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...
MUG-Lyon Microsoft User Group
 
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...
MSDEVMTL
 
Introduction to Windows Azure AppFabric Applications
Introduction to Windows Azure AppFabric ApplicationsIntroduction to Windows Azure AppFabric Applications
Introduction to Windows Azure AppFabric Applications
Neil Mackenzie
 
Infrastructure as Code for Beginners
Infrastructure as Code for BeginnersInfrastructure as Code for Beginners
Infrastructure as Code for Beginners
David Völkel
 
Containerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaContainerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS Lambda
Ryan Cuprak
 
What's new in the July 2017 Update for Dynamics 365 - Developer features
What's new in the July 2017 Update for Dynamics 365 - Developer featuresWhat's new in the July 2017 Update for Dynamics 365 - Developer features
What's new in the July 2017 Update for Dynamics 365 - Developer features
Dynamics 365 Customer Engagement Professionals Netherlands (CEProNL)
 
Containers and the Evolution of Computing
Containers and the Evolution of ComputingContainers and the Evolution of Computing
Containers and the Evolution of Computing
Amazon Web Services
 
AWS Infrastructure as Code - September 2016 Webinar Series
AWS Infrastructure as Code - September 2016 Webinar SeriesAWS Infrastructure as Code - September 2016 Webinar Series
AWS Infrastructure as Code - September 2016 Webinar Series
Amazon Web Services
 
Making connected apps with BaaS (Droidcon Bangalore 2014)
Making connected apps with BaaS (Droidcon Bangalore 2014)Making connected apps with BaaS (Droidcon Bangalore 2014)
Making connected apps with BaaS (Droidcon Bangalore 2014)
Varun Torka
 
(SEC302) Delegating Access to Your AWS Environment | AWS re:Invent 2014
(SEC302) Delegating Access to Your AWS Environment | AWS re:Invent 2014(SEC302) Delegating Access to Your AWS Environment | AWS re:Invent 2014
(SEC302) Delegating Access to Your AWS Environment | AWS re:Invent 2014
Amazon Web Services
 
JavaOne LATAM 2015 - Batch Processing: Processamento em Lotes no Mundo Corpor...
JavaOne LATAM 2015 - Batch Processing: Processamento em Lotes no Mundo Corpor...JavaOne LATAM 2015 - Batch Processing: Processamento em Lotes no Mundo Corpor...
JavaOne LATAM 2015 - Batch Processing: Processamento em Lotes no Mundo Corpor...
Rodrigo Cândido da Silva
 
Global Azure Bootcamp 2017 - Why I love S2D for MSSQL on Azure
Global Azure Bootcamp 2017 - Why I love S2D for MSSQL on AzureGlobal Azure Bootcamp 2017 - Why I love S2D for MSSQL on Azure
Global Azure Bootcamp 2017 - Why I love S2D for MSSQL on Azure
Karim Vaes
 
Presentation Tier optimizations
Presentation Tier optimizationsPresentation Tier optimizations
Presentation Tier optimizations
Anup Hariharan Nair
 
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
AWS January 2016 Webinar Series - Managing your Infrastructure as CodeAWS January 2016 Webinar Series - Managing your Infrastructure as Code
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
Amazon Web Services
 
Orchestrating the Cloud
Orchestrating the CloudOrchestrating the Cloud
Orchestrating the Cloud
Amazon Web Services
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
Girish Kalamati
 
(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
Amazon Web Services
 

Contenu connexe

Tendances

Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management Challenges
Michael Collier
 
Automating Your Azure Environment
Automating Your Azure EnvironmentAutomating Your Azure Environment
Automating Your Azure Environment
Michael Collier
 
Inside Azure Resource Manager
Inside Azure Resource ManagerInside Azure Resource Manager
Inside Azure Resource Manager
Michael Collier
 
Windows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldWindows Azure: Lessons From the Field
Windows Azure: Lessons From the Field
Michael Collier
 
Containers and the Evolution of Computing
Containers and the Evolution of ComputingContainers and the Evolution of Computing
Containers and the Evolution of Computing
Amazon Web Services
 
AWS Infrastructure as Code - September 2016 Webinar Series
AWS Infrastructure as Code - September 2016 Webinar SeriesAWS Infrastructure as Code - September 2016 Webinar Series
AWS Infrastructure as Code - September 2016 Webinar Series
Amazon Web Services
 
JavaOne LATAM 2015 - Batch Processing: Processamento em Lotes no Mundo Corpor...
JavaOne LATAM 2015 - Batch Processing: Processamento em Lotes no Mundo Corpor...JavaOne LATAM 2015 - Batch Processing: Processamento em Lotes no Mundo Corpor...
JavaOne LATAM 2015 - Batch Processing: Processamento em Lotes no Mundo Corpor...
Rodrigo Cândido da Silva
 
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
AWS January 2016 Webinar Series - Managing your Infrastructure as CodeAWS January 2016 Webinar Series - Managing your Infrastructure as Code
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
Amazon Web Services
 

Tendances (20)

Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management Challenges
 
Automating Your Azure Environment
Automating Your Azure EnvironmentAutomating Your Azure Environment
Automating Your Azure Environment
 
10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will Fail10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will Fail
 
Inside Azure Resource Manager
Inside Azure Resource ManagerInside Azure Resource Manager
Inside Azure Resource Manager
 
Windows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldWindows Azure: Lessons From the Field
Windows Azure: Lessons From the Field
 
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...
 
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...
Stephane Lapointe, Frank Boucher & Alexandre Brisebois: Les micro-services et...
 
Introduction to Windows Azure AppFabric Applications
Introduction to Windows Azure AppFabric ApplicationsIntroduction to Windows Azure AppFabric Applications
Introduction to Windows Azure AppFabric Applications
 
Infrastructure as Code for Beginners
Infrastructure as Code for BeginnersInfrastructure as Code for Beginners
Infrastructure as Code for Beginners
 
Containerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaContainerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS Lambda
 
What's new in the July 2017 Update for Dynamics 365 - Developer features
What's new in the July 2017 Update for Dynamics 365 - Developer featuresWhat's new in the July 2017 Update for Dynamics 365 - Developer features
What's new in the July 2017 Update for Dynamics 365 - Developer features
 
Containers and the Evolution of Computing
Containers and the Evolution of ComputingContainers and the Evolution of Computing
Containers and the Evolution of Computing
 
AWS Infrastructure as Code - September 2016 Webinar Series
AWS Infrastructure as Code - September 2016 Webinar SeriesAWS Infrastructure as Code - September 2016 Webinar Series
AWS Infrastructure as Code - September 2016 Webinar Series
 
Making connected apps with BaaS (Droidcon Bangalore 2014)
Making connected apps with BaaS (Droidcon Bangalore 2014)Making connected apps with BaaS (Droidcon Bangalore 2014)
Making connected apps with BaaS (Droidcon Bangalore 2014)
 
(SEC302) Delegating Access to Your AWS Environment | AWS re:Invent 2014
(SEC302) Delegating Access to Your AWS Environment | AWS re:Invent 2014(SEC302) Delegating Access to Your AWS Environment | AWS re:Invent 2014
(SEC302) Delegating Access to Your AWS Environment | AWS re:Invent 2014
 
JavaOne LATAM 2015 - Batch Processing: Processamento em Lotes no Mundo Corpor...
JavaOne LATAM 2015 - Batch Processing: Processamento em Lotes no Mundo Corpor...JavaOne LATAM 2015 - Batch Processing: Processamento em Lotes no Mundo Corpor...
JavaOne LATAM 2015 - Batch Processing: Processamento em Lotes no Mundo Corpor...
 
Global Azure Bootcamp 2017 - Why I love S2D for MSSQL on Azure
Global Azure Bootcamp 2017 - Why I love S2D for MSSQL on AzureGlobal Azure Bootcamp 2017 - Why I love S2D for MSSQL on Azure
Global Azure Bootcamp 2017 - Why I love S2D for MSSQL on Azure
 
Presentation Tier optimizations
Presentation Tier optimizationsPresentation Tier optimizations
Presentation Tier optimizations
 
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
AWS January 2016 Webinar Series - Managing your Infrastructure as CodeAWS January 2016 Webinar Series - Managing your Infrastructure as Code
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
 
Orchestrating the Cloud
Orchestrating the CloudOrchestrating the Cloud
Orchestrating the Cloud
 

Similaire à Programming Azure Active Directory (DevLink 2014)

Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
Girish Kalamati
 
(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
Amazon Web Services
 
CTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricCTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App Fabric
Spiffy
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platform
Microsoft 365 Developer
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
Andreas Falk
 
Automating Cloud Operations: Everything You Wanted to Know about cURL and REST
Automating Cloud Operations: Everything You Wanted to Know about cURL and RESTAutomating Cloud Operations: Everything You Wanted to Know about cURL and REST
Automating Cloud Operations: Everything You Wanted to Know about cURL and REST
Revelation Technologies
 
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUGAzure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Roy Kim
 
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
Matt Raible
 

Similaire à Programming Azure Active Directory (DevLink 2014) (20)

Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
 
(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
(BIZ303) Active Directory in the AWS Cloud | AWS re:Invent 2014
 
CTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricCTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App Fabric
 
Deep Dive into Office 365 API for Azure AD
Deep Dive into Office 365 API for Azure ADDeep Dive into Office 365 API for Azure AD
Deep Dive into Office 365 API for Azure AD
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platform
 
Azure Mobile Services Workshop
Azure Mobile Services WorkshopAzure Mobile Services Workshop
Azure Mobile Services Workshop
 
Identity Days 2020 - Quelles sont les méthodes et le niveau de sécurisation/r...
Identity Days 2020 - Quelles sont les méthodes et le niveau de sécurisation/r...Identity Days 2020 - Quelles sont les méthodes et le niveau de sécurisation/r...
Identity Days 2020 - Quelles sont les méthodes et le niveau de sécurisation/r...
 
Azure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersAzure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for Developers
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
 
24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
 
Automating Cloud Operations: Everything You Wanted to Know about cURL and REST
Automating Cloud Operations: Everything You Wanted to Know about cURL and RESTAutomating Cloud Operations: Everything You Wanted to Know about cURL and REST
Automating Cloud Operations: Everything You Wanted to Know about cURL and REST
 
When and Why Would I use Oauth2?
When and Why Would I use Oauth2?When and Why Would I use Oauth2?
When and Why Would I use Oauth2?
 
RBAC in Azure Kubernetes Service AKS
RBAC in Azure Kubernetes Service AKSRBAC in Azure Kubernetes Service AKS
RBAC in Azure Kubernetes Service AKS
 
Going Serverless with Azure Functions
Going Serverless with Azure FunctionsGoing Serverless with Azure Functions
Going Serverless with Azure Functions
 
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
Secure Credential Management with CredHub - DaShaun Carter & Sharath Sahadevan
 
OAuth 2.0 and Library
OAuth 2.0 and LibraryOAuth 2.0 and Library
OAuth 2.0 and Library
 
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUGAzure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
 
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
What the Heck is OAuth and OIDC - Denver Developer Identity Workshop 2020
 
Microsoft graph and power platform champ
Microsoft graph and power platform champMicrosoft graph and power platform champ
Microsoft graph and power platform champ
 

Plus de Michael Collier

Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect Partner
Michael Collier
 
Windows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the CloudWindows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the Cloud
Michael Collier
 
The Hybrid Windows Azure Application
The Hybrid Windows Azure ApplicationThe Hybrid Windows Azure Application
The Hybrid Windows Azure Application
Michael Collier
 

Plus de Michael Collier (6)

Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect Partner
 
What's New for the Windows Azure Developer? Lots!!
What's New for the Windows Azure Developer? Lots!!What's New for the Windows Azure Developer? Lots!!
What's New for the Windows Azure Developer? Lots!!
 
Windows Azure for Developers - Service Management
Windows Azure for Developers - Service ManagementWindows Azure for Developers - Service Management
Windows Azure for Developers - Service Management
 
Windows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the CloudWindows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the Cloud
 
The Hybrid Windows Azure Application
The Hybrid Windows Azure ApplicationThe Hybrid Windows Azure Application
The Hybrid Windows Azure Application
 
Windows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block ServicesWindows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block Services
 

Dernier

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Dernier (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

Programming Azure Active Directory (DevLink 2014)

  • 2.
  • 3. 17 COLUMBUS, OH OCTOBER 17, 2014 CLOUDDEVELOP.ORG
  • 4. Opening Keynote Scott Guthrie October 21st, 2014 8:00am – 5:00pm PST http://azureconf.net
  • 5. Assume you know what Microsoft Azure is and likely have an Azure subscription. This is not a Active Directory design session. Review common scenarios . . . Yours may be different. We’re not going to cover it all today . . . large, complicated topics with many options/scenarios.
  • 6. Azure Active Directory - What is it?
  • 7. Multi-tenant “directory-as-a-service” Identity & access for on-premises and cloud applications NOT a cloud version of Windows Server AD Image Source: http://technet.microsoft.com/en-us/library/jj573650.aspx
  • 8. Extend Windows Server AD to the cloud Directory & identity services w/o need for Windows Server AD Each O365 tenant has instance of AAD Your App AAD Authentication platform Directory store Active Directory
  • 9. Register an application with Azure AD Permissions Open source Azure AD authentication libraries
  • 10.
  • 11. Visual Studio 2013 wizard makes it easy Register the application in Azure AD Set a database Set Sign-On URL, App ID and Reply URL Basic set of claims available from AAD
  • 13. Read
  • 16. REST API Endpoints Authentication with Azure AD
  • 17. REST API Endpoints Authentication with Azure AD Role Based Access Control (RBAC)
  • 18. REST API Endpoints Authentication with Azure AD Role Based Access Control (RBAC) Differential Queries
  • 19. REST API Endpoints Authentication with Azure AD Role Based Access Control (RBAC) Differential Queries Directory Extensions
  • 20. What’s in the directory? REST Graph API
  • 21. Graph URL Tenant (domain or objectID) https://graph.windows.net/ Entity (user, group, role, etc) ?$filter=givenName eq 'Jon'&api-version=2013-11-08 OData query ($filter, $top) collierdemo.onmicrosoft.com/ API Version users
  • 22. Active Directory Authentication Library (ADAL) for .NET
  • 25. My Application Service-to-Service OAuth 2.0 Grant Type Client Credentials Azure AD Authentication Endpoint (OAuth) (https://graph.windows.net) REST Service (validates token, process, returns data) Authorization Check Azure Active Directory 1) Request JWT token (provide clienID and secret) 2) Return JWT token 3) HTTP Request w/ JWT token 4) Return response
  • 26. OAuth 2.0 Grant Type = Client Credentials // get OAuth token using Client Credentials string tenantName = "GraphDir1.onMicrosoft.com"; string issuingAuthority = "https://login.windows.net/" + tenantName; AuthenticationContext authenticationContext = new AuthenticationContext(issuingAuthority,false); // Config for OAuth client credentials string clientId = "118473c2-7619-46e3-a8e4-6da8d5f56e12"; string clientSecret = "hOrJ0r0TZ4GQ3obp+vk3FZ7JBVP+TX353kNo6QwNq7Q="; ClientCredential clientCred = new ClientCredential(clientId, clientSecret); string resource = "https://graph.windows.net"; string token; AuthenticationResult authenticationResult = authenticationContext.AcquireToken(resource, clientCred); token = authenticationResult.AccessToken; * Some values removed for readability OAuth 2.0 grant type, client_id, and client_secret configured in Azure portal
  • 27. OAuth 2.0 Grant Type = Client Credentials POST https://login.windows.net/GraphDir1.onMicrosoft.com/oauth2/token Content-Type: application/x-www-form-urlencoded client-request-id: 1e38c3d3-dca3-42ff-8149-5db607b3488c return-client-request-id: true resource=https%3A%2F%2Fgraph.windows.net& client_id=118473c2-7619-46e3-a8e4-6da8d5f56e12& client_secret=hOrJ0r0TZ4GQ3obp%2Bvk3FZ7JBVP%2BTX353kNo6QwNq7Q%3D& grant_type=client_credentials * Some values removed for readability
  • 28. OAuth 2.0 Grant Type = Client Credentials Content-Type: application/json; charset=utf-8 client-request-id: 1e38c3d3-dca3-42ff-8149-5db607b3488c Content-Length: 1160 {"token_type":"Bearer","expires_in":"3599","expires_on":"1407640794","not_before":"1407636894","resource":"https: //graph.windows.net","access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImtyaU1QZG1Cdng2OHNrV DgtbVBBQjNCc2VlQSJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLndpbmRvd3MubmV0IiwiaXNzIjoiaHR0cHM6Ly9zdHMud 2luZG93cy5uZXQvNGZkMmIyZjItZWEyNy00ZmU1LWE4ZjMtN2IxYTdjOTc1ZjM0LyIsImlhdCI6MTQwNzYzNjg5NCwib mJmIjoxNDA3NjM2ODk0LCJleHAiOjE0MDc2NDA3OTQsInZlciI6IjEuMCIsInRpZCI6IjRmZDJiMmYyLWVhMjctNGZlNS1 hOGYzLTdiMWE3Yzk3NWYzNCIsIm9pZCI6ImIwZGVhNTFlLWJkMDQtNGI5OS05NmEyLTE0ZDk5YjE5YmM2YSI………… ………….."} * Some values removed for readability
  • 29.
  • 30. 1. Leverage ADAL and Graph Library 2. Obtain authentication token 3. Set GraphSetting with API version of choice 4. Set filter properties (if desired) 5. Get, Create, or Delete User, Group, Application, etc.
  • 31. Provide means to bring on-premises / custom schema extensions to Azure AD.
  • 32.
  • 33. 1. Obtain authentication token 2. Write against REST API directly 3. Ability to set custom properties on directory objects
  • 34. Azure AD extends directory authentication to the cloud Enables single sign-on for web applications CRUD objects in the directory
  • 35. Azure AD Graph API Azure AD Samples Azure AD Graph Team Blog Graph Explorer Building Web Apps and Mobile Apps Using Microsoft Azure Active Directory for Identity Management

Notes de l'éditeur

  1. Show via Azure management portal Sign up for Azure AD Delete a tenant Register a new application in Azure AD Set for single sign-on mcadmin@collierdemo.onmicrosoft.com / test!123
  2. The Check Group Membership operation is performed by invoking the IsMemberOf function on the directory service. This function returns a Boolean value that indicates whether a specified user, group, or contact is a member of a specified group. The operation is transitive, that is, if User A is a member of Group B and Group B is a member of Group C and the function is invoked with User A and Group C as parameters, it will return true. You can contrast this with the memberOf navigation property for User A, which is intransitive and would therefore not return Group C in its result set because User A is a member of Group C only through its membership in Group B. http://msdn.microsoft.com/en-us/library/azure/dn151601.aspx
  3. DirectoryObject is the base type for the following entity types: Application, Device,DirectoryLinkChange, Contact, Group, Role, ServicePrincipal, TenantDetail, and User. http://msdn.microsoft.com/en-us/library/windowsazure/jj134105.aspx
  4. ADAL
  5. Use snippets in Postman
  6. These are the four primary application scenarios supported by Azure AD: • Web Browser to Web Application: A user needs to sign in to a web application that is secured by Azure AD. • Native Application to Web API: A native application that runs on a phone, tablet, or PC needs to authenticate a user to get resources from a web API that is secured by Azure AD. • Web Application to Web API: A web application needs to get resources from a web API secured by Azure AD. • Daemon or Server Application to Web API: A daemon application or a server application with no web user interface needs to get resources from a web API secured by Azure AD. http://msdn.microsoft.com/en-us/library/azure/dn499820.aspx