How to setup the Azure AD implicit grant flow with React, ASP.NET Core, and RBAC roles

The OAuth 2.0 implicit grant flow is great way to handle authentication between a client JavaScript single page web app (SPA) and a web API. For example: a React or Angular web app that needs to authenticate users and then have those users call an authorized ASP.NET Core Web API.

Azure AD and the Microsoft identity platform have well established patterns and support for this workflow. In this blog post I will break down an end-to-end example that includes enabling this flow for AAD users with the following technologies: an Azure AD App configured with role-based access control (RBAC) claims, client side code leveraging React and ADAL.js, and server side code leveraging ASP.NET Core.

Continue reading

How to call the Azure REST API from PowerShell

Normally we use SDKs to interact with Azure. Things like the Azure .NET SDK, the Azure PowerShell module, or the dozens of other SDKs listed here can be used. These SDKs provide a lot of helpful utilities and validation, but ultimately they will hit the Azure REST API once they need to phone home. Azure’s REST API provides this all-important foundation to write code against the platform.
Continue reading