Azure Websites' "Easy Authentication and Authorization" with Chris Gillum

Play Azure Websites' "Easy Authentication and Authorization" with Chris Gillum


Scott talks to Azure Websites software engineer Chris Gillum who gets is up to speed on Azure Websites' Easy Authentication and Authorization. This new "one-click" feature can take *any* Azure Website - that means node.js and PHP as well as ASP.NET and Java - and quickly setup authentication and authorization!





The Discussion

  • User profile image

    For the nodejs example, it doesnt look very secure - as Scott asked, where is the IsAuthenticated boolean for nodejs?  Spamming a system with an added header is pretty simple which would then allow you access wouldn't it?

  • User profile image

    @AussieInSeattle: Checking for the existence of the HTTP header was just a convenient way to determine whether authentication was enabled for the page. It is not used to grant access to the app.  Only valid security tokens issued by AAD can grant someone access to the app, and it's that security token which is used to populate the header.

  • User profile image

    Where can we download the demo code?

  • User profile image

    @cp10000: I found sample code here

  • User profile image
    Doug Chase

    Echoing Scott's comment about getting users registered to use a web app: for a consumer application, or one that requires cross-organizational logins, it seems like this isn't a good fit yet. For my site, for example, we have users from many different businesses who can't be assumed to have Live accounts or be members of a single AD. Looks good so far, but I hope this feature supports a sign-up and registration process for users soon!

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.