Joonas Westlin is a software developer at Zure and an Azure MVP specializing in building cloud applications on Microsoft Azure. He focuses on ASP.NET Core, TypeScript, and identity solutions using Azure Active Directory.
91 articles from this blog
A guide to developing and deploying Azure AD B2C custom policies locally using Visual Studio Code, environment configuration, and manual deployment methods.
A guide to retrieving Managed Identity access tokens from within Azure App Service using the Kudu (Advanced Tools) console for debugging and testing.
A guide on how to transfer .NET Core user secrets between development machines, explaining the file location and security considerations.
A guide to managing and cleaning up execution history data in Azure Durable Functions to control storage costs and maintain performance.
Explains how to use Azure Role-Based Access Control (RBAC) with Azure Key Vault, including enabling it and the new built-in roles.
An update on Azure AD v2 endpoint and MSAL library changes in 2020, covering app registration, platforms, and authentication flows.
Explains how Azure Durable Functions scale, detailing the differences between stateless activity functions and stateful orchestrators/entities.
Explains how to hide specific controllers or actions from Swagger/OpenAPI documentation in ASP.NET Core using conventions.
Guide to securely storing ASP.NET Core Data Protection keys using Azure Key Vault for encryption and Azure Blob Storage for persistence.
Azure Cosmos DB now offers a Free Tier with 400 RUs and 5GB storage, enabling free development and testing for small applications.
A technical guide on setting up Azure Pipelines to run integration tests for Azure AD-protected APIs, including service principal creation.
Guide to setting up a GitHub Actions CI workflow for automated testing of Azure AD-protected APIs, including Azure Key Vault integration.
Guide to creating automated integration tests for Azure AD-protected APIs using XUnit, covering authentication strategies and implementation.
A guide on testing Azure AD-protected APIs using Postman, focusing on client credentials and application permissions.
A guide to configuring Swagger UI for testing Azure AD-protected APIs, using an ASP.NET Core 3.0 sample application.
Guide to enabling free, managed HTTPS certificates for custom domains in Azure App Service, including limitations and setup steps.
A speaker discusses using Azure Managed Identities to securely access services without managing keys, including a demo app for file sharing.
Azure AD now blocks cross-tenant token attacks by preventing apps from getting tokens for tenants where they have no service principal.
Explains the importance of checking delegated and application permissions in Azure AD access tokens for API security, with ASP.NET Core examples.
Explains why embedding secrets like API keys in native apps is a critical security flaw, with a practical demonstration.
