none
Identity, Authorization and Claims: which route to go? RRS feed

  • Question

  • We have a bunch of Azure App Services, mostly hosting Dot Net Services. On top we've got some webapps.

    What is the best way to secure those? Identity users? Authorize using Attributes in declaration, other means of configuration and code?

    I know that the answer is "It depends". The scenario is not quite an ideal candidate for any of these drawers, and hence I would rather like to ask in a general way:

    - When looking into the manual of App Service Security, e.g. here https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization, it seems that any Identity Provider can be used without any involvement of Active Directory what so ever. 
    - When looking at general whitepapers, Microsoft say that for "B2C" Scenarios you can use Azure AD B2C, which caters for all functionality that you would need to administer identities, manage provisioning including self service for password change etc., and of course with solid integration on the basis of an Azure Tenant. However, comparing this for example to Amazon AWS Cognito, it seems very expensive?

    - Azure AD B2B even more so, plus, of course, a huge technical overhead to "misuse" the AD is a container to store user profiles, which in our case would not make any sense.

    Questions are:

    - Does App Service allow use of Azure AD B2B and B2C?

    - Does it allow NOT to use one of them, while still being able to support developers using standard classes and atteributes to control authorization?

    I am a bit confused. Please help.

    Monday, August 12, 2019 12:45 PM

All replies