Using Azure AD B2C with API Management

In a previous post, I discussed how to setup OAuth2 authorization in API Management using Azure Active Directory. This time I’d like to show something very similar, but using Azure AD B2C instead. Once again, I’ll assume you already have an API implemented and configured in API Management. I’ll use...

Protecting APIs with OpenId Connect in API Management

In my last post, I outlined a customer scenario for protecting an API through OAuth2 in Azure API Management. I mentioned in it that I had been unsuccessful at using OpenId Connect, rather than raw OAuth2. After some more testing, and some help, I was able to get this working,...

Protecting APIs with OAuth2 in API Management

I’ve been playing a lot lately with Azure API Management. Recently, a customer asked me about the following scenario: They wanted to expose a Web API through API Management API Management should enforce and validate that an OAuth2 token was provided by the caller The underlying API did not know...

Decoding Application Gateway Certificates

Recently, I wanted to write a PowerShell script that would check expiration on the certificates assigned for SSL/TLS on Azure Application Gateway resources. Obtaining the certificates is easy through the SslCertificates property of the Application Gateway instance. However, it took me a while to figure out how to actually extract...

Logic Apps KeyVault Connector - Part 3

This is part 3 of my series of articles on implementing a custom Logic Apps connector. Read part 1 and part 2. By this point, I’ve implemented and deployed the WebApi application that implements the custom connector, and configured the necessary applications and permissions in Azure Active Directory. It’s time...

Logic Apps KeyVault Connector - Part 2

In part 1 of this series of posts, I introduced the idea of implementing a custom Logic Apps connector as a way to get familiar with the challenges involved. The initial part revolved around the ASP.NET Core WebApi implementation. In this second part, I’d like to discuss a bit about...

Azure SQL authentication with a Managed Service Identity

On a previous article I discussed how to use a certificate stored in Key Vault to provide authentication to Azure Active Directory from a Web Application deployed in AppService so that we could authenticate to an Azure SQL database. With the introduction of Managed Service Identity, this becomes even easier,...

Creating an Event Hub destination using Event Grid in ARM

In a previous post, I presented a few ways to create Azure Event Grid resources using Azure Resource Manager (ARM) templates. Today, support for sending grid events to Azure Event Hubs rather than to an HTTP-based WebHook was announced. Obviously, I wanted to try this out as quick as possible!...

Logic Apps KeyVault Connector - Part 1

Azure Logic Apps now supports writing custom connectors, which are just custom REST APIs for which you can customize the experience so that they feel like the built-in Logic Apps connectors. I wanted to give try my hand at writing one, so decided on a simple use case: Writing a...

Azure Managed Service Identity - Querying in ARM Template

In a previous post I was lamenting not having a way to obtained the managed service identity generated for an Azure resource, such as a Azure SQL logical server or a Web App from the Azure Resource Manager (ARM) template itself. The issue was that the reference() function in an...