Introduction In previous post - Securing Function App with Azure Active Directory authentication we saw how function app can be secured with Azure active directory and how to make call to it. And it was done by creating an AD App which acted as Audience and and was responsible for validating the access token.  And as Azure Function App supports AD authentication, the Audience app can be assigned/linked to it. So the first thought would be that same can be done with Logic App, why this post? - Ideally it should be but it is not because not all Azure services support Azure AD authentication and Logic App is one of them. Microsoft has a plan for adding/integrating support for all All Azure services, but it will take some time.    So how do we use Azure Active Directory to secure Logic App? It can be done with the help of Azure APIM, where we ask it to do the task of validating the token and rest all remains same. i.e. whoever has to access the logic ap...

Introduction In last post we saw how to secure a Function App with Active directory and how to make call to it from another function App. And for doing it from function we used libraries provided by Microsoft i.e.,  Microsoft.IdentityModel.Clients.ActiveDirectory; So how do we do this in logic app? How do we add the above library to logic app and where do we write code? – No code required as Logic app already supports Active Directory OAuth out of box . We just need to provide the    following info Tenant ID(Directory ID)  -- It is the authority which grants the token AudienceID  - For whom the token will be created i.e.Target AD App's client ID Client ID and Client Secret  - It is caller AD app's details, this proves client identity Thus other steps remains same, in order to call AD secured app you(client/calling app) need to get access token from AD and for doing that you need to prove your identity with AD. And to create identity we need...

What is Azure Active Directory? Active directory is service offered from Azure for Identity management and Access management.  In simple terms it is an identity store where in you store information of the users, groups, applications etc and provide access and permissions based on those information thus helping in securing the resources.  It does it with help of RBAC,  industry-standard protocols such as OAuth 2.0 and OpenID Connect etc. Role-based access control (RBAC) is a authorization system that helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. Thus enabling right identities to access the right resources for right reasons. To grant access, you assign roles to users, groups, service principals, or managed identities at a particular scope. What is OAuth? Wikipedia says -  OAuth is an open standard for access delegation, commonly used as a way for Intern...

Introduction By default Function Apps are public in nature i.e. you can access it over internet without any restriction  (anonymous access) . However that is not the only thing, you can restrict the access by enabling access with function level authorization(Host keys). So the caller/client  has to have the key and sent it along with request, thus adding security to function App. Second option which is available is securing Function App using Azure Active Directory(Oauth standard). This is what we will explore with an example . I have tried to cover basic understanding around  AD authentication in following post-  Understanding Azure Active Directory Authentication and Authorization using Oauth There is one more way to add security to function app - by using Azure APIM Adding function App in ASE also makes it secure. Azure Active Directory Application When we say securing Function App with Azure AD it means whoever has to access the functi...