Some thoughts on programming stuff

Tag: Security

Access ADFS-secured Web API via Angular SPA

This blog post you cover the important steps for implementing a project that allows you to to access ADFS-secured Web API via Angular SPA. It’s important to have the ADFS Application Group configured properly.

If you haven’t setup the Application Group yet, just check the post to learn how to create and configure it.

We will be using JWT to make the authentication because JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

The objective

Our main objective is getting to the login screen in our Angular application and receive a JWT on our callback page, which will be also our index page. So this App will get some data from the Server, another application built as a Web API in .NET.

The project source code is stored in GitHub:
https://github.com/wiliammbr/adfs-angular-webapi

AD FS Sign in Page
Continue reading

SharePoint and Information Rights Management

Information Rights Management or IRM is a subset of features and procedures to protect sensitive information from unauthorized access. As we know, SharePoint is document-driven, so everyone expects that platform can help you on protecting data with out-of-box options.

Hopefully SharePoint has it! Allowing you to add policies at Document Library level that persists even after the document was downloaded and isn’t at SharePoint context anymore, so I must say the IRM SharePoint is very powerful! Furthermore, it’s important to say that IRM policy will work only at library level!

Image by geralt via Pixabay.com
Edited by me

Because I’ve had to understand the feature more deeply, considering what could be done by users that only have Read access to libraries, I’ve decided to test how the IRM feature works and then wrote a document trying to identify what are actions were available, depending on what you configure.

Continue reading

© 2024 wiliammbr's blog

Theme by Anders NorenUp ↑