Azure-Samples/active-directory-b2c-custom-policy-starterpack Azure-Samples/active-directory-b2c-custom-policy-starterpack

  • Stars
    star
    268
  • Rank 153,144 (Top 4 %)
  • Language
  • License
    MIT License
  • Created over 7 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Azure-Samples/active-directory-b2c-custom-policy-starterpack
github

Azure-Samples

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Azure AD B2C now allows uploading of a Custom Policy which allows full control and customization of the Identity Experience Framework

Contributing

This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

Change log

09 August 2022

With this version the starter pack now contains a Refresh Token user journey. This journey will be executed any time an application refreshes a token. It will check the user still exists and is enabled in the Azure AD B2C directory. It also checks that the refresh token is not expired. It compiles any claims that are not persisted in the user profile, including claims from Identity Provider's and REST API calls. A new set of refreshed tokens is then issued.

This fix allows for refresh token to be revoked from users and prevents directory deleted users from getting continued access.Change affects all starterpack samples.

Policy Notes
B2C_1A_TrustFrameworkBase Added Refresh Token claims, Refresh Token ClaimsTransformations, Refresh Token Technical Profiles and Refresh Token User Journey
B2C_1A_SignUpOrSignIn Added Refresh Token Endpoint to Relying Party

Migrate existing policy to this version

Your custom policy can invoke a custom refresh token journey. Add the following user journey to your TrustFrameworkExtensions.xml file to get started.

  1. Open the extensions file of your policy. For example, SocialAndLocalAccounts/TrustFrameworkExtensions.xml.
  2. Locate the UserJourneys element. If the element doesn't exist, add it.
  3. Add the following UserJourney to the UserJourneys element.
<!--
<UserJourneys>-->
  <UserJourney Id="RedeemRefreshToken">
    <PreserveOriginalAssertion>false</PreserveOriginalAssertion>
    <OrchestrationSteps>
      <OrchestrationStep Order="1" Type="ClaimsExchange">
        <ClaimsExchanges>
          <ClaimsExchange Id="RefreshTokenSetupExchange" TechnicalProfileReferenceId="RefreshTokenReadAndSetup" />
        </ClaimsExchanges>
      </OrchestrationStep>
      <OrchestrationStep Order="2" Type="ClaimsExchange">
        <ClaimsExchanges>
          <ClaimsExchange Id="CheckRefreshTokenDateFromAadExchange" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId-CheckRefreshTokenDate" />
        </ClaimsExchanges>
      </OrchestrationStep>
      <OrchestrationStep Order="3" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
    </OrchestrationSteps>
  </UserJourney>
<!--
</UserJourneys>-->

This user journey will validate that the refresh token has not been revoked. You can revoke refresh tokens in Azure AD B2C following the Microsoft Graph API Revoke sign in sessions guidance.

You can add additional steps into this journey to call any other technical profiles, such as to your REST API technical profiles or Azure AD read/write technical profiles.

Configure the relying party policy

The relying party file must be configured to point to your custom refresh token journey. This allows Azure AD B2C to reference your refresh token journey when your app makes a refresh token request.

Add an Endpoint with Id set to token and provide a UserJourneyReferenceId referencing the UserJourney Id from the prior section. Merge the following XML snippet into your SignUpOrSignin.xml file.

<RelyingParty> 
  <DefaultUserJourney ReferenceId="SignUpOrSignIn" /> 
    <Endpoints> 
      <Endpoint Id="Token" UserJourneyReferenceId="RedeemRefreshToken" /> 
    </Endpoints>
    ...    
</RelyingParty>

Repeat this for all Relying party files your application may invoke, such as ProfileEdit.xml and PasswordReset.xml.

Configure refresh token revocation evaluation

The custom refresh token journey can be used to evaluate whether the current refresh token being presented has been revoked. To implement this logic, Azure AD B2C must compare the refreshTokenIssuedOnDateTime and the refreshTokensValidFromDateTime. Create the claims schema definitions as shown in the below XML snippet in your TrustFrameworkExtensions.xml.

  1. Open the extensions file of your policy. For example, SocialAndLocalAccounts/TrustFrameworkExtensions.xml.
  2. Locate the BuildingBlocks element. If the element doesn't exist, add it.
  3. Locate the ClaimsSchema element. If the element doesn't exist, add it.
  4. Add the following claims to the ClaimsSchema element.
<!--
<BuildingBlocks>
  <ClaimsSchema> -->
    <ClaimType Id="refreshTokenIssuedOnDateTime">
      <DisplayName>refreshTokenIssuedOnDateTime</DisplayName>
      <DataType>string</DataType>
      <AdminHelpText>Used to determine if the user should be permitted to reauthenticate silently via their existing refresh token.</AdminHelpText>
      <UserHelpText>Used to determine if the user should be permitted to reauthenticate silently via their existing refresh token.</UserHelpText>
    </ClaimType>
    <ClaimType Id="refreshTokensValidFromDateTime">
      <DisplayName>refreshTokensValidFromDateTime</DisplayName>
      <DataType>string</DataType>
      <AdminHelpText>Used to determine if the user should be permitted to reauthenticate silently via their existing refresh token.</AdminHelpText>
      <UserHelpText>Used to determine if the user should be permitted to reauthenticate silently via their existing refresh token.</UserHelpText>
    </ClaimType>
  <!--
  </ClaimsSchema>
</BuildingBlocks> -->

To check whether the refresh token has been revoked, the refreshTokenIssuedOnDateTime and the refreshTokensValidFromDateTime must be compared. Add the following AssertDateTimeIsGreaterThan ClaimsTransformation to your TrustFrameworkExtensions.xml.

  1. Open the extensions file of your policy. For example, SocialAndLocalAccounts/TrustFrameworkExtensions.xml.
  2. Locate the BuildingBlocks element. If the element doesn't exist, add it.
  3. Locate the ClaimsTransformations element. If the element doesn't exist, add it.
  4. Add the following ClaimsTransformation to the ClaimsTransformations element.
<!--
<BuildingBlocks>
  <ClaimsTransformations> -->
    <ClaimsTransformation Id="AssertRefreshTokenIssuedLaterThanValidFromDate" TransformationMethod="AssertDateTimeIsGreaterThan">
      <InputClaims>
        <InputClaim ClaimTypeReferenceId="refreshTokenIssuedOnDateTime" TransformationClaimType="leftOperand" />
        <InputClaim ClaimTypeReferenceId="refreshTokensValidFromDateTime" TransformationClaimType="rightOperand" />
      </InputClaims>
      <InputParameters>
        <InputParameter Id="AssertIfEqualTo" DataType="boolean" Value="false" />
        <InputParameter Id="AssertIfRightOperandIsNotPresent" DataType="boolean" Value="true" />
        <InputParameter Id="TreatAsEqualIfWithinMillseconds" DataType="int" Value="300000" />
      </InputParameters>
    </ClaimsTransformation>
  <!--
  </ClaimsTransformations>
</BuildingBlocks> -->

To invoke the process to evaluate whether the refresh token has been revoked, add the following technical profile to your TrustFrameworkExtensions.xml.

  1. Open the extensions file of your policy. For example, SocialAndLocalAccounts/TrustFrameworkExtensions.xml.
  2. Locate the ClaimsProviders element. If the element doesn't exist, add it.
  3. Add the following ClaimsProvider to the ClaimsProviders element.
  4. Add extra claims collected from previous REST API's and Federated IDP's that have not been persisted in the directory as OutputClaims under the RefreshTokenReadAndSetup technical profile
<!--
<ClaimsProviders> -->
  <ClaimsProvider>
    <DisplayName>Refresh token journey</DisplayName>
    <TechnicalProfiles>
      <TechnicalProfile Id="RefreshTokenReadAndSetup">
        <DisplayName>Trustframework Policy Engine Refresh Token Setup Technical Profile</DisplayName>
        <Protocol Name="None" />
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="objectId" />
          <OutputClaim ClaimTypeReferenceId="refreshTokenIssuedOnDateTime" />
              <!--additional claims from REST API or Federated IDP-->
            <OutputClaim ClaimTypeReferenceId="ExtraClaim1" />
            <OutputClaim ClaimTypeReferenceId="ExtraClaim2" />
        </OutputClaims>
      </TechnicalProfile>
      <TechnicalProfile Id="AAD-UserReadUsingObjectId-CheckRefreshTokenDate">
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="refreshTokensValidFromDateTime" />
        </OutputClaims>
        <OutputClaimsTransformations>
          <OutputClaimsTransformation ReferenceId="AssertRefreshTokenIssuedLaterThanValidFromDate" />
        </OutputClaimsTransformations>
        <IncludeTechnicalProfile ReferenceId="AAD-UserReadUsingObjectId" />
      </TechnicalProfile>
    </TechnicalProfiles>
  </ClaimsProvider>
<!--
</ClaimsProviders> -->

Upload the policies

  1. Select the Identity Experience Framework menu item in your B2C tenant in the Azure portal.
  2. Select Upload custom policy
  3. Select Overwrite the custom policy if it already exists
  4. In this order, upload the policy files:
    1. TrustFrameworkExtensions.xml
    2. SignUpOrSignin.xml

11 October 2021

With this version the starter pack now contains localization policy file TrustFrameworkLocalization.xml. The localization policy allows your policy to accommodate different languages to suit your customer needs. For more information, check the PR #107.

The new localization policy is located between the base and the extension policies:

Policy Base policy Notes
B2C_1A_TrustFrameworkBase Contains most of the definitions. To help with troubleshooting and long-term maintenance of your policies, try to minimize the number of changes you make to this file.
B2C_1A_TrustFrameworkLocalization B2C_1A_TrustFrameworkBase Holds the localization strings.
B2C_1A_TrustFrameworkExtensions B2C_1A_TrustFrameworkLocalization Holds the unique configuration changes for your tenant.
Relying Parties (RP) B2C_1A_TrustFrameworkExtensions For example: sign-up, sign-in, password reset, or profile edit.

Migrate exiting policy to this version

To migrate from the older version of the starter pack to this version:

  1. Download the starter pack and update the tenant name.

  2. Upload the newer version of TrustFrameworkBase.xml file.

  3. Upload the new TrustFrameworkLocalization.xml file.

  4. Update your existing TrustFrameworkExtension.xml with the new base policy B2C_1A_TrustFrameworkLocalization. The following XML snippet demonstrates the base policy before the change:

    <!-- file: TrustFrameworkExtensions.xml -->
<BasePolicy>
  <TenantId>yourtenant.onmicrosoft.com</TenantId>
  <PolicyId>B2C_1A_TrustFrameworkBase</PolicyId>
</BasePolicy>

    The following XML snippet demonstrates the base policy after the change:

    <!-- file: TrustFrameworkExtensions.xml -->
<BasePolicy>
  <TenantId>yourtenant.onmicrosoft.com</TenantId>
  <PolicyId>B2C_1A_TrustFrameworkLocalization</PolicyId>
</BasePolicy>

  5. Upload the TrustFrameworkExtension.xml policy.

15 September 2021

Update to the content definition page version. With the new version the starter pack uses the page contract. For more information, see Migrating to page layout.

20 July 2019

Updated policies to use the new Ocean Blue template

29 January 2019

A collection of bugfixes, improvements to code, and additional feature support is included in this starterpack. It is not necessary or encouraged for developers to change policies currently in production or in testing. We do encourage the use of these new versions for all new projects.

10 May 2017

Public Preview Release

5 May 2017

Added Key definition to the metadata element in all four TrustframeworkBase.xml versions. When this Item Key is set to TRUE, the expiration dates on the token issued by B2C will be presented as JSON Numbers. When set to False (default) they will be presented as strings.

<Item Key="SendTokenResponseBodyWithJsonNumbers">true</Item>

Important notes

The following Change is incorporated into the latest version of starterpack (01/29/2019) - It remains here for historical purposes. 06/26/2017 - Correction to SocialAndLocalAccountswMFA in TrustFrameworkBase.xml file.

A change to fix a data loss issue related to SSO, the profile edit policy, and MFA. This issue was due to the MFA SSO technical profile not outputting the below claim in the same format that the regular MFA provider does

<TechnicalProfile Id="SM-MFA">
  <DisplayName>Session Mananagement Provider</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.SSO.DefaultSSOSessionProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <PersistedClaims>
***OLD:  <PersistedClaim ClaimTypeReferenceId="strongAuthenticationPhoneNumber" />
***CORRECTED:  <PersistedClaim ClaimTypeReferenceId="Verified.strongAuthenticationPhoneNumber" />
    <PersistedClaim ClaimTypeReferenceId="executed-PhoneFactor-Input" />
  </PersistedClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="isActiveMFASession" DefaultValue="true" />
  </OutputClaims>
</TechnicalProfile>

More Repositories

1

azure-search-openai-demo

A sample app for the Retrieval-Augmented Generation pattern running in Azure, using Azure AI Search for retrieval and Azure OpenAI large language models to power ChatGPT-style and Q&A experiences.
Python
5,707
star
2

cognitive-services-speech-sdk

Sample code for the Microsoft Cognitive Services Speech SDK
C#
1,955
star
3

graphrag-accelerator

One-click deploy of a Knowledge Graph powered RAG (GraphRAG) in Azure
Python
1,730
star
4

active-directory-aspnetcore-webapp-openidconnect-v2

An ASP.NET Core Web App which lets sign-in users (including in your org, many orgs, orgs + personal accounts, sovereign clouds) and call Web APIs (including Microsoft Graph)
PowerShell
1,366
star
5

openai

The repository for all Azure OpenAI Samples complementing the OpenAI cookbook.
Jupyter Notebook
1,090
star
6

contoso-real-estate

Intelligent enterprise-grade reference architecture for JavaScript, featuring OpenAI integration, Azure Developer CLI template and Playwright tests.
JavaScript
881
star
7

Cognitive-Speech-TTS

Microsoft Text-to-Speech API sample code in several languages, part of Cognitive Services.
C#
870
star
8

chat-with-your-data-solution-accelerator

A Solution Accelerator for the RAG pattern running in Azure, using Azure AI Search for retrieval and Azure OpenAI large language models to power ChatGPT-style and Q&A experiences. This includes most common requirements and best practices.
Python
816
star
9

blockchain

Azure Blockchain Content and Samples
HTML
786
star
10

serverless-chat-langchainjs

Build your own serverless AI Chat with Retrieval-Augmented-Generation using LangChain.js, TypeScript and Azure
Bicep
694
star
11

azure-search-openai-demo-csharp

A sample app for the Retrieval-Augmented Generation pattern running in Azure, using Azure Cognitive Search for retrieval and Azure OpenAI large language models to power ChatGPT-style and Q&A experiences.
C#
638
star
12

Serverless-microservices-reference-architecture

This reference architecture walks you through the decision-making process involved in designing, developing, and delivering a serverless application using a microservices architecture through hands-on instructions for configuring and deploying all of the architecture's components along the way. The goal is to provide practical hands-on experience in working with several Azure services and the technologies that effectively use them in a cohesive and unified way to build a serverless-based microservices architecture.
C#
493
star
13

modern-data-warehouse-dataops

DataOps for the Modern Data Warehouse on Microsoft Azure. https://aka.ms/mdw-dataops.
Shell
486
star
14

openai-plugin-fastapi

A simple ChatGPT Plugin running in Codespaces for dev and Azure for production.
Bicep
432
star
15

Azure-MachineLearning-DataScience

HTML
407
star
16

raspberry-pi-web-simulator

Raspberry Pi web simulator. Demo address:
JavaScript
406
star
17

contoso-chat

This sample has the full End2End process of creating RAG application with Prompt Flow and AI Studio. It includes GPT 3.5 Turbo LLM application code, evaluations, deployment automation with AZD CLI, GitHub actions for evaluation and deployment and intent mapping for multiple LLM task mapping.
Jupyter Notebook
400
star
18

MyDriving

Building IoT or Mobile solutions are fun and exciting. This year for Build, we wanted to show the amazing scenarios that can come together when these two are combined. So, we went and developed a sample application. MyDriving uses a wide range of Azure services to process and analyze car telemetry data for both real-time insights and long-term patterns and trends. The following features are supported in the current version of the mobile app.
C#
387
star
19

azure-voting-app-redis

Azure voting app used in docs.
Shell
370
star
20

azure-search-knowledge-mining

Azure Search Knowledge Mining Accelerator
CSS
370
star
21

azure-cli-samples

Contains Azure CLI scripts samples used for documentation at https://docs.microsoft.com
Shell
353
star
22

Synapse

Samples for Azure Synapse Analytics
Jupyter Notebook
348
star
23

nodejs-docs-hello-world

A simple nodejs application for docs
JavaScript
347
star
24

cognitive-services-quickstart-code

Code Examples used by the Quickstarts in the Cognitive Services Documentation
Jupyter Notebook
346
star
25

saga-orchestration-serverless

An orchestration-based saga implementation reference in a serverless architecture
C#
340
star
26

container-apps-store-api-microservice

Sample microservices solution using Azure Container Apps, Dapr, Cosmos DB, and Azure API Management
Shell
323
star
27

azure-sdk-for-go-samples

Examples of how to utilize Azure services from Go.
Go
296
star
28

AzureMapsCodeSamples

A set of code samples for the Azure Maps web control.
JavaScript
293
star
29

active-directory-dotnet-native-aspnetcore-v2

Calling a ASP.NET Core Web API from a WPF application using Azure AD v2.0
C#
280
star
30

jp-azureopenai-samples

Python
270
star
31

azureai-samples

Official community-driven Azure AI Examples
Jupyter Notebook
260
star
32

azure-batch-samples

Azure Batch and HPC Code Samples
C#
256
star
33

active-directory-b2c-dotnet-webapp-and-webapi

A combined sample for a .NET web application that calls a .NET web API, both secured using Azure AD B2C
JavaScript
244
star
34

openai-dotnet-samples

Azure OpenAI .NET Samples
Jupyter Notebook
236
star
35

streaming-at-scale

How to implement a streaming at scale solution in Azure
C#
234
star
36

azure-files-samples

This repository contains supporting code (PowerShell modules/scripts, ARM templates, etc.) for deploying, configuring, and using Azure Files.
PowerShell
231
star
37

azure-search-openai-javascript

A TypeScript sample app for the Retrieval Augmented Generation pattern running on Azure, using Azure AI Search for retrieval and Azure OpenAI and LangChain large language models (LLMs) to power ChatGPT-style and Q&A experiences.
TypeScript
231
star
38

service-fabric-dotnet-getting-started

Get started with Service Fabric with these simple introductory sample projects.
CSS
230
star
39

ansible-playbooks

Ansible Playbook Samples for Azure
226
star
40

iot-edge-opc-plc

Sample OPC UA server with nodes that generate random and increasing data, anomalies and much more ...
C#
222
star
41

cognitive-services-REST-api-samples

This is a repo for cognitive services REST API samples in 4 languages: C#, Java, Node.js, and Python.
HTML
217
star
42

active-directory-dotnetcore-daemon-v2

A .NET Core daemon console application calling Microsoft Graph or your own WebAPI with its own identity
PowerShell
215
star
43

active-directory-b2c-advanced-policies

Sample for use with Azure AD B2C with Custom Policies.
C#
215
star
44

powerbi-powershell

Samples for calling the Power BI REST API via PowerShell
PowerShell
207
star
45

ms-identity-python-webapp

A Python web application calling Microsoft graph that is secured using the Microsoft identity platform
PowerShell
207
star
46

ms-identity-javascript-react-tutorial

A chapterwise tutorial that will take you through the fundamentals of modern authentication with Microsoft identity platform in React using MSAL React
JavaScript
204
star
47

SpeechToText-WebSockets-Javascript

SDK & Sample to do speech recognition using websockets in Javascript
TypeScript
200
star
48

azure-iot-samples-csharp

Provides a set of easy-to-understand samples for using Azure IoT Hub and Azure IoT Hub Device Provisioning Service and Azure IoT Plug and Play using C# SDK.
C#
196
star
49

digital-twins-explorer

A code sample for visualizing Azure Digital Twins graphs as a web application to create, edit, view, and diagnose digital twins, models, and relationships.
JavaScript
184
star
50

AI-Gateway

APIM ❀️ OpenAI - this repo contains a set of experiments on using GenAI capabilities of Azure API Management with Azure OpenAI and other services
Jupyter Notebook
182
star
51

Serverless-Eventing-Platform-for-Microservices

This solution is a personal knowledge management system and it allows users to upload text, images, and audio into categories. Each of these types of data is managed by a dedicated microservice built on Azure serverless technologies including Azure Functions and Cognitive Services. The web front-end communicates with the microservices through a SignalR-to-Event Grid bridge, allowing for real-time reactive UI updates based on the microservice updates. Each microservice is built and deployed independently using VSTS’s build and release management system, and use a variety of Azure-native data storage technologies.
C#
176
star
52

Custom-vision-service-iot-edge-raspberry-pi

Sample showing how to deploy a AI model from the Custom Vision service to a Raspberry Pi 3 device using Azure IoT Edge
Python
176
star
53

active-directory-angularjs-singlepageapp

An AngularJS based single page app, implemented with an ASP.NET Web API backend, that signs in users and calls web APIs using Azure AD
JavaScript
171
star
54

IoTDemos

Demos created by the IoT Engineering team that showcase IoT services in an end-to-end solution
CSS
171
star
55

ms-identity-aspnet-webapp-openidconnect

A sample showcasing how to develop a web application that handles sign on via the unified Azure AD and MSA endpoint, so that users can sign in using both their work/school account or Microsoft account. The sample also shows how to use MSAL to obtain a token for invoking the Microsoft Graph, as well as incrementental consent.
170
star
56

cosmos-db-design-patterns

A collection of design pattern samples for building applications and services with Azure Cosmos DB for NoSQL.
C#
167
star
57

ms-identity-javascript-angular-tutorial

A chapterwise tutorial that will take you through the fundamentals of modern authentication with Microsoft identity platform in Angular using MSAL Angular v2
TypeScript
165
star
58

azure-python-labs

Labs demonstrating how to use Python with Azure, Visual Studio Code, GitHub, Windows Subsystem for Linux, and more!
Python
164
star
59

active-directory-b2c-javascript-msal-singlepageapp

A single page application (SPA) calling a Web API. Authentication is done with Azure AD B2C by leveraging MSAL.js
JavaScript
164
star
60

cosmosdb-chatgpt

Sample application that combines Azure Cosmos DB with Azure OpenAI ChatGPT service
HTML
163
star
61

active-directory-b2c-dotnetcore-webapp

An ASP.NET Core web application that can sign in a user using Azure AD B2C, get an access token using MSAL.NET and call an API.
C#
160
star
62

active-directory-xamarin-native-v2

This is a simple Xamarin Forms app showcasing how to use MSAL.NET to authenticate work or school and Microsoft personal accounts with the Microsoft identity platform, and access the Microsoft Graph with the resulting token.
C#
160
star
63

cognitive-services-python-sdk-samples

Learn how to use the Cognitive Services Python SDK with these samples
Python
159
star
64

active-directory-dotnet-webapp-openidconnect

A .NET MVC web application that uses OpenID Connect to sign-in users from a single Azure Active Directory tenant.
JavaScript
159
star
65

NVIDIA-Deepstream-Azure-IoT-Edge-on-a-NVIDIA-Jetson-Nano

This is a sample showing how to do real-time video analytics with NVIDIA DeepStream connected to Azure via Azure IoT Edge. It uses a NVIDIA Jetson Nano device that can process up to 8 real-time video streams concurrently.
C++
158
star
66

openhack-devops-team

DevOps OpenHack Team environment APIs
C#
153
star
67

semantic-kernel-rag-chat

Tutorial for ChatGPT + Enterprise Data with Semantic Kernel, OpenAI, and Azure Cognitive Search
C#
147
star
68

azure-search-power-skills

A collection of useful functions to be deployed as custom skills for Azure Cognitive Search
C#
146
star
69

azure-spring-boot-samples

Spring Cloud Azure Samples
JavaScript
146
star
70

service-fabric-dotnet-web-reference-app

An end-to-end Service Fabric application that demonstrates patterns and features in a web application scenario.
C#
144
star
71

aks-store-demo

Sample microservices app for AKS demos, tutorials, and experiments
Bicep
142
star
72

active-directory-b2c-javascript-nodejs-webapi

A small Node.js Web API for Azure AD B2C that shows how to protect your web api and accept B2C access tokens using Passport.js.
JavaScript
141
star
73

Serverless-APIs

Guidance for building serverless APIs with Azure Functions and API Management.
C#
139
star
74

blockchain-devkit

Samples of how to integrate, connect and use devops to interact with Azure blockchain
Kotlin
138
star
75

storage-blob-dotnet-getting-started

The getting started sample demonstrates how to perform common tasks using the Azure Blob Service in .NET including uploading a blob, CRUD operations, listing, as well as blob snapshot creation.
C#
135
star
76

active-directory-dotnet-webapp-openidconnect-aspnetcore

An ASP.NET Core web application that signs-in Azure AD users from a single Azure AD tenant.
HTML
132
star
77

power-bi-embedded-integrate-report-into-web-app

A Power BI Embedded sample that shows you how to integrate a Power BI report into your own web app
JavaScript
131
star
78

azure-event-grid-viewer

Live view of events from Azure Event Grid with ASP.NET Core and SignalR
HTML
130
star
79

active-directory-dotnet-webapi-manual-jwt-validation

How to manually process a JWT access token in a web API using the JSON Web Token Handler For the Microsoft .Net Framework 4.5.
C#
129
star
80

azure-opensource-labs

Azure Open Source Labs (https://aka.ms/oss-labs)
Bicep
128
star
81

azure-video-indexer-samples

Contains the Azure Media Services Video Indexer samples
Python
128
star
82

active-directory-lab-hybrid-adfs

Create a full AD/CA/ADFS/WAP lab environment with Azure AD Connect installed
PowerShell
125
star
83

service-fabric-dotnet-quickstart

Service Fabric quickstart .net application sample
C#
125
star
84

jmeter-aci-terraform

Scalable cloud load/stress testing pipeline solution with Apache JMeter and Terraform to dynamically provision and destroy the required infrastructure on Azure.
HCL
120
star
85

active-directory-dotnet-desktop-msgraph-v2

Sample showing how a Windows desktop .NET (WPF) application can get an access token using MSAL.NET and call the Microsoft Graph API or other APIs protected by the Microsoft identity platform (Azure Active Directory v2)
C#
120
star
86

active-directory-dotnet-webapp-webapi-openidconnect-aspnetcore

An ASP.NET Core web application that authenticates Azure AD users and calls a web API using OAuth 2.0 access tokens.
C#
119
star
87

ms-identity-aspnet-daemon-webapp

A web application that sync's data from the Microsoft Graph using the identity of the application, instead of on behalf of a user.
C#
117
star
88

active-directory-dotnet-webapp-multitenant-openidconnect

A sample .NET 4.5 MVC web app that signs-up and signs-in users from any Azure AD tenant using OpenID Connect.
JavaScript
116
star
89

azure-intelligent-edge-patterns

Samples for Intelligent Edge Patterns
JavaScript
114
star
90

cognitive-services-sample-data-files

Cognitive Services sample data files
113
star
91

python-docs-hello-world

A simple python application for docs
Python
113
star
92

azure-ai

A hub with a curated awesome list of all Azure AI samples
112
star
93

Cognitive-Speech-STT-Windows

Windows SDK for the Microsoft Speech-to-Text API, part of Cognitive Services
111
star
94

durablefunctions-apiscraping-dotnet

Build an Azure Durable Functions that will scrape GitHub for opened issues and store them on Azure Storage.
C#
111
star
95

active-directory-b2c-xamarin-native

This is a simple Xamarin Forms app showcasing how to use MSAL to authenticate users via Azure Active Directory B2C, and access a Web API with the resulting tokens.
C#
110
star
96

cognitive-services-dotnet-sdk-samples

Learn how to use the Cognitive Services SDKs with these samples
C#
108
star
97

active-directory-dotnet-daemon

A Windows console application that calls a web API using its app identity (instead of a user's identity) to get access tokens in an unattended job or process.
C#
107
star
98

azure-samples-python-management

This repo contains sample code for management libraries of Azure SDK for Python
Python
105
star
99

private-aks-cluster-terraform-devops

This sample shows how to create a private AKS cluster using Terraform and Azure DevOps.
HCL
105
star
100

ms-identity-java-webapp

A Java web application calling Microsoft graph that is secured using the Microsoft identity platform
Java
105
star