Resource App authorization server authorization endpoint token endpoint
![refresh token? [authority], resource, clientid, user matching cache entry? prompt the user via YES](https://slidetodoc.com/presentation_image/509e70b93c672a984b195076d126bc31/image-21.jpg "refresh token? [authority], resource, clientid, user matching cache entry? prompt the user via YES")
- Slides: 33
Resource App
authorization server authorization endpoint token endpoint A App A R Resource
Dir Sync
App Resource
here
Application JS/HTML 5 Windows Store App C# Windows Store App AAL for Windows Store. WINMD Windows Runtime (Win. RT) System OS
Authenticate the user to get a token Authentication. Context a. Ctx = new Authentication. Context("https: //login. windows. net/contoso. onmicrosoft. com"); Authentication. Result result = await authorization. Context. Acquire. Token. Async("http: //host. com/shipmentservice", client. ID); Use the token to invoke a REST service Http. Client http. Client = new Http. Client(); http. Client. Default. Request. Headers. Authorization = new Authentication. Header. Value("Bearer", result. Access. Token); //. . .
Key Authority Client. ID Resource User Value Access Token Expiration Refresh Token
refresh token? [authority], resource, clientid, user matching cache entry? prompt the user via YES Web. Authentication. Broker use the refresh token to refresh the access token NO NO NO success? YES valid access token? NO NO replace cache entry YES cache access token, refresh token, validity YES return cache entry return error info
Users can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applications Data from Windows Intune is sync with Configuration Manager which provides unified management across both on-premises and in the cloud Active Authentication Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device Active Directory Web Application Proxy IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Active Authentication. ADFS As part of the registration process, a new device object is created in Active Directory, establishing a link between the user and their device
Active Directory Resource App Windows Azure Authentication Library Active Directory
Windows Azure AD home Window Server AD home Windows Azure and Windows Server AD Team Blog Windows azure AD Walkthroughs www. cloudidentity. com