# Thursday, October 14, 2021

GCast 116:

Azure Active Directory B2C Token Generation With No User Interaction

Learn how to configure Azure Active Directory B2C, so you can request an Authentication Token without any user interaction. This is ideal for running automated processes that require a token, such as an integration test that calls a secure API.

Azure | GCast | Screencast | Security | Video
Thursday, October 14, 2021 9:12:00 AM (GMT Daylight Time, UTC+01:00)
# Thursday, October 7, 2021

GCast 115:

Registering an Azure Account Subscription

Sometimes, you may receive the following error message, when trying to do something in Azure: "The subscription is not registered to use namespace 'Microsoft.AzureActiveDirectory'. This video walks you resolving fixing this issue.

Azure | GCast | Screencast | Security | Video
Thursday, October 7, 2021 9:11:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, October 4, 2021

Episode 681

Tudor Damian on Cybersecurity and Ethical Hacking

Tudor Damian is a Certified Ethical Hacker. He describes how he uses this skill to protect his customers from malicious hackers and to increase their cybersecurity.

Monday, October 4, 2021 7:32:47 PM (GMT Daylight Time, UTC+01:00)
# Thursday, September 30, 2021

GCast 114:

Creating an Azure Active Directory B2C Tenant

Learn how to create an Azure Active Directory B2C Tenant

Azure | GCast | Screencast | Security | Video
Thursday, September 30, 2021 9:48:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, April 19, 2021

Episode 657

Wolfgang Goerlich on Cyber Security Design Principles

Wolfgang Goerlich has written a series of articles featuring the ideas of classic designers, which he relates to principles of cyber security.


Monday, April 19, 2021 9:31:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, March 29, 2021

Episode 654

Dave Hoerster on Azure Active Directory B2C

Cloud Solution Architect Dave Hoerster describes how to use Azure Active Directory B2C to manage identity and security for a Business-to-Consumer application.

Monday, March 29, 2021 9:14:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, March 1, 2021

Episode 650

Christos Matskos on Microsoft Identity Platform

Microsoft Identity Platform is a set of authentication service, open-source libraries, and application management tools. Christos Matskas describes these tools and how to use them to make your application more secure.


Monday, March 1, 2021 8:48:00 AM (GMT Standard Time, UTC+00:00)
# Monday, February 8, 2021

Episode 647

Kevin Pilch on gRPC

Kevin Pilch describes gRPC - an open source system for making remote calls across processes and/or machines - and the .NET Core implementation of this system.

Monday, February 8, 2021 9:30:00 AM (GMT Standard Time, UTC+00:00)
# Friday, August 23, 2019

Recently, I was working on a VM that someone else provided me and I needed to download an executable from the Internet onto this VM. I discovered that the only installed browser on the VM was Internet Explorer 11 and that the browser was configured to prevent anyone from downloading files from the Internet.

I don't know if this is the default setting for IE 11, but here is how to change the setting to allow users to download files.

Open Internet Explorer.

From the menu, select Tools | Internet Options

The "Internet Options" dialog displays. Select the "Security" tab, as shown in Fig. 1.

Fig. 1

Click the [Custom Level] button. The "Security Settings" dialog displays. Scroll down to the "Downloads/File download" section, as shown in Fig. 2.

Fig. 2

Select the "Enable" radio button and click the [OK] button. If prompted for confirmation, click [Yes].

Click the [OK] button to close the "Internet Options" dialog.

Now you can download files linked within the browser.

Friday, August 23, 2019 11:17:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, March 11, 2019

Episode 554

Ondrej Balas on 2-Factor Authentication

Ondrej Balas discusses advances in 2-Factor Authentication and tells us how to add this security to our applications.

Monday, March 11, 2019 9:31:00 AM (GMT Standard Time, UTC+00:00)
# Monday, August 20, 2018
Monday, August 20, 2018 8:25:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, July 2, 2018
Monday, July 2, 2018 9:35:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, May 7, 2018
Monday, May 7, 2018 11:18:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, March 27, 2017
Monday, March 27, 2017 11:58:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, December 5, 2016
Monday, December 5, 2016 12:54:37 PM (GMT Standard Time, UTC+00:00)
# Monday, October 24, 2016
Monday, October 24, 2016 9:53:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, September 19, 2016
Monday, September 19, 2016 12:38:00 PM (GMT Daylight Time, UTC+01:00)
# Tuesday, September 13, 2016
Tuesday, September 13, 2016 12:36:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, July 25, 2016
Monday, July 25, 2016 9:10:12 PM (GMT Daylight Time, UTC+01:00)
# Monday, May 16, 2016
Monday, May 16, 2016 1:20:43 PM (GMT Daylight Time, UTC+01:00)
# Friday, April 8, 2016

Wolfgang - 220x123 Last year, Security expert Wolfgang Goerlich began recording short videos from the front seat of his car. Each video lasted on only a few minutes and each covered a different topic of IT Security and/or infrastructure.

Now, you can watch many of these videos on Channel 9. This provides not only a different audience for Mr. Goerlich, but gives viewers the ability to subscribe to a video feed and to download different resolutions of the each video and even an audio-only track.

You can find these videos at https://channel9.msdn.com/blogs/stuck-in-traffic.

Friday, April 8, 2016 8:06:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, June 8, 2015
Monday, June 8, 2015 2:45:00 PM (GMT Daylight Time, UTC+01:00)
# Tuesday, October 7, 2014
Tuesday, October 7, 2014 12:46:21 AM (GMT Daylight Time, UTC+01:00)
# Monday, August 25, 2014
Monday, August 25, 2014 1:30:00 PM (GMT Daylight Time, UTC+01:00)
# Monday, June 30, 2014
# Monday, June 16, 2014
Monday, June 16, 2014 2:30:18 PM (GMT Daylight Time, UTC+01:00)
# Monday, December 24, 2012
Monday, December 24, 2012 3:50:00 PM (GMT Standard Time, UTC+00:00)
# Monday, December 17, 2012
Monday, December 17, 2012 3:13:00 PM (GMT Standard Time, UTC+00:00)
# Friday, November 9, 2012

So last night I go to the bar to get all liquored up and I says to the bartender: “Gimme my favourite getting-liquored-up drink – a dirty vodka martini with extra olives and Grey Goose vodka.

The bartender looks at me and he sees my cherubic countenance and he notices my boyish charm and he says “Son, we have laws in this state. We are unable to serve anyone who is under the age of 21. Can you prove to me that you are at least 21 years old?”

“You bet I can!” I says to him. “Follow me!”

And we go out back where my private jet is parked and we fly down to Tampa where he meets my parents and they tell him how I was born during the Kennedy administration and they explain how I was such a rotten kid that my dad went to the War in Vietnam just to get a break from me.

Then we get back in my private jet and we fly to Jacksonville, NC to the hospital where I was born and they show us my birth certificate and the bartender asks me “Can you prove that you are the David Giard listed on this birth certificate?” and I proceed to provide him with blood samples and fingerprints and utility bills and all sorts of evidence that I am in fact the David Giard listed on the Birth Certificate.

So we fly back to the bar and the bartender says “OK, you’ve convinced me that you are David Giard and that you were born more than 21 years ago” and he mixes up my favourite getting-liquored-up drink and I drink it like the grown man that I am.


…Some of the above story is untrue.

First, I don’t drink Grey Goose. I’m a Ketel One man.

Second, I don’t own a private jet.

And finally, the bartender does not have time to personally verify the identity and age of every young whippersnapper who orders a drink. If he did so, he wouldn’t have time to serve other whippersnappers and they would go away thirsty and cranky and he wouldn’t make enough money to keep the bar open.

Instead, the bartender has to trust someone else. But who can he trust? Probably not me. As we’ve already seen, I am capable of telling a convincing story that is not 100% true.

Of course, he will trust the government (because, if you can’t trust the government, who can you trust?)

In my case, he will trust the state government because months ago, I went to an office run by the state of Michigan and I proved to them (by supplying a birth certificate, a photo ID, a utility bill, and other documents) that I am David Giard and on what date I was born. It turns out that the state government has been verifying such information for a long time, so they are pretty good at it. When I had satisfied the government office, they issued me a “token” verifying my identity and certain claims about me, such as my date of birth. This token took the form of a Driver’s License. This Driver’s License claims that my name is David Giard and that I was born on a specific date and that I look like the photo in the corner of the license and that I reside at a specific address.

Claims-based authentication works exactly like this.

In claims-based authentication, an application does not authenticate a user directly. Instead, the application directs the user to a trusted authority (known as a “Secure Token Service” or “STS”) and asks the STS to authenticate the user. In some cases, this STS may even decide to ask some other STS that it trusts to authenticate the user. When the user has been authenticated, the STS will create a token to return to the application. This token contains proof of authentication, but it may also contain a number of “Claims”. Claims are attributes about the user that are asserted by the STS. Because the application trusts the STS, it will believe these claims about the user.

Much like the bartender believes the birth date on a valid driver’s license, the application believes the claims contained in the token. And just like the bartender applies his own rules based on the driver’s license claims (you must be 21 or over to drink), the application can apply whatever rules it sees fit to authorize the user based on claims contained in the token provided by the STS. For example, the application may decide that only users in a given role may view certain pages in an application. Or that certain links are disabled, unless a user has been with the company a certain length of time.

Thus, the authentication (who is this user?) is outsourced to another application, but the authentication (what can this user do?) is not.

Friday, November 9, 2012 1:22:00 PM (GMT Standard Time, UTC+00:00)
# Monday, July 2, 2012
Monday, July 2, 2012 3:47:00 PM (GMT Daylight Time, UTC+01:00)
# Monday, April 23, 2012
Monday, April 23, 2012 9:37:00 PM (GMT Daylight Time, UTC+01:00)
# Monday, February 27, 2012
Monday, February 27, 2012 8:33:00 PM (GMT Standard Time, UTC+00:00)