Demystifying Web API Security in Azure - Jimmy Bogard - NDC Sydney 2024
HTML-код
- Опубликовано: 12 сен 2024
- This talk was recorded at NDC Sydney in Sydney, Australia. #ndcsydney #ndcconferences #developer #softwaredeveloper
Attend the next NDC conference near you:
ndcconferences...
ndcsydney.com/
Subscribe to our RUclips channel and learn every day:
/ @NDC
Follow our Social Media!
/ ndcconferences
/ ndc_conferences
/ ndc_conferences
#security #cloud #dotnet #microsoft #azure #api
Building APIs can be easy, but securing them is hard. We have external and internal applications, APIs, users, and more. Each might use a different authentication and authorization strategy, depending on customer and system needs. The stakes are high and there is no margin for error!
In this talk, we’ll look at the different categories of applications and users, and what possibilities we have for securing them. We’ll also look at what Azure provides for securing internal users and applications, and an external provider such as Auth0 for external users and applications. We’ll also cover different authentication and authorization strategies, and how we can map these to our various communication scenarios.
Finally, we’ll look at a full end-to-end example using .NET 5 and Azure, building out a playbook for the common and not-so-common scenarios we encounter.
Fantastic presentation Jimmy, and thank you for making all the sourse available, I think there is months worth of work there! When you are doing the External Client if you are in control of the server you could use Azure ARC instead of the clientId / client Secret. The advantage being that Azure will automatically rotate the clientId / client secret so you don't have to, it basically becomes a credentialess.
Great explanation!
Ironically app role service principal assignments is still a PITA in azure and can only be done through command line
Good talk on a complex topic