Implement user authentication and authorization Flashcards

1
Q

Microsoft identity platform supports two types of permissions

A

Delegated access are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests. The app is delegated with the permission to act as a signed-in user when it makes calls to the target resource.

App-only access permissions are used by apps that run without a signed-in user present, for example, apps that run as background services or daemons. Only an administrator can consent to app-only access permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

components that make up the Microsoft identity platform

A

OAuth 2.0 and OpenID Connect standard-compliant authentication service
Open-source libraries
Microsoft identity platform endpoint
Application management portal
Application configuration API and PowerShell

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

three consent types

A

static user consent,
incremental and dynamic user consent, and
admin consent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Public client

A

Public client applications run on devices, such as desktop, browserless APIs, mobile or client-side browser apps. They can’t be trusted to safely keep application secrets, so they can only access web APIs on behalf of the user. Anytime the source, or compiled bytecode of a given app, is transmitted anywhere it can be read, disassembled, or otherwise inspected by untrusted parties. As they also only support public client flows and can’t hold configuration-time secrets, they can’t have client secrets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

confidential client applications

A

Confidential client applications run on servers, such as web apps, web API apps, or service/daemon apps. They’re considered difficult to access by users or attackers, and therefore can adequately hold configuration-time secrets to assert proof of its identity. The client ID is exposed through the web browser, but the secret is passed only in the back channel and never directly exposed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the purpose of using PublicClientApplicationBuilder class in MSAL.NET?

A

Enables the automation and validation of the creation and teardown of environments to help deliver secure and stable application hosting platforms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

User delegation SAS

A

A user delegation SAS is secured with Microsoft Entra credentials and also by the permissions specified for the SAS. A user delegation SAS applies to Blob storage only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Service SAS

A

A service SAS is secured with the storage account key. A service SAS delegates access to a resource in the following Azure Storage services: Blob storage, Queue storage, Table storage, or Azure Files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Account SAS

A

An account SAS is secured with the storage account key. An account SAS delegates access to resources in one or more of the storage services. All of the operations available via a service or user delegation SAS are also available via an account SAS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly