What's inside a PEM file
One of the more confusing aspects of dealing with public key cryptography is that there are so many different file formats. Let’s take a closer look at the most common one, PEM. Continue »
One of the more confusing aspects of dealing with public key cryptography is that there are so many different file formats. Let’s take a closer look at the most common one, PEM. Continue »
By using certificate-based authentication, we can let a Google Cloud service account authenticate to AD FS without having to manage any client secrets. Continue »
A common way to let an application authenticate to KeyCloak is to use a client ID and secret. But when the application runs on Google Cloud, we can do better. Continue »
Using Integrated Windows Authentication (IWA) to authenticate to AD FS not only works for OAuth. We can also use IWA to get SAML 2.0 assertions. Continue »
When an application needs to authenticate to AD FS, we don’t have to use a client secret. Instead, we can let the application use its existing Kerberos or NTLM credentials to authenticate. Continue »
In the last post we looked at how to set up a trust policy and role in AWS so that we can use a Google ID token to authenticate to AWS. But how do we actually use this in C#? Continue »
By using workload identity federation, we can let applications use AWS credentials to authenticate to Google Cloud. That’s useful if we have an application that runs on AWS and needs access to Google APIs. But what if we are in the opposite situation, where we have an application on Google Cloud that needs access to AWS? Continue »
Windows Server licensing is tricky, particularly if yur goal is to run Windows Server in the cloud and use existing licenses for it. But if you’re using Google Cloud’s sole-tenant nodes, a new best practices article can offer some help. Continue »
When a web server requires mutual TLS authentication, the default behavior of web browsers is to show a dialog that lets us choose which client certificate we’d like to use. Chrome lets us suppress these prompts by using the AutoSelectCertificateForUrls policy. But documentation is scarce. Continue »
Most browsers support client certificates for mutual TLS authentication. But what is really being authenticated here, the end user, their device, or both? Continue »
By default, installing AD FS requires domain admin access to Active Directory. But it’s possible to deploy AD FS in environments where we don’t have these privileges, like Google Cloud’s Managed Service for Microsoft Active Directory. Continue »
When an application running on AWS needs access to Google APIs, we can use workload identity federation to let the application use its AWS credentials to authenticate to Google APIs. Unfortunately, the C# client library doesn’t support that yet, but we can fill that gap. Continue »
Instead of using OAuth and access tokens, AWS uses request signatures to authenticate API requests. Typically, we can let libraries do the request signing for us – but sometimes we have to do it ourselves. Continue »
By using workload identity federation, we can let applications use Azure credentials to authenticate to Google Cloud. That’s useful if we have an application that runs on Azure and needs access to Google APIs. But what if we are in the opposite situation, where we have an application on Google Cloud that needs access to Azure APIs? Continue »
When an application running on Azure needs access to Google APIs, we can use workload identity federation to let the application use its Azure credentials to authenticate to Google APIs. Unfortunately, the C# client library doesn’t support that yet, but we can fill that gap. Continue »
Instead of performing machine-wide installations, some applications do per-user installations. That’s often convenient because we don’t need administrative privileges for such installations. But unfortunately, per-user installations typically don’t work on Windows Server. Continue »
On Azure, we can use managed identities and AzureAD applications to authenticate service-to-service authentication. But how can we ensure that only certain managed identities can obtain access tokens for an application? Continue »
It wasn’t until 2004 that I got broadband internet at home. So I remember the times when downloading a new JDK (which was around 20 MB at the time) over my 56K modem line meant blocking my family’s phone line for 2 hours. Today, bandwidth doesn’t seem like a limiting factor anymore. But that doesn’t mean that download sizes for applications don’t matter. Continue »
Group policies let you control and tweak thousands of Windows settings. But group policies aren’t limited to Windows or Microsoft applications. We can also use group policies to manage custom applications, either by registering a group policy extension for the app, or (more commonly) by using registry-based policies. Continue »
IAP Desktop 2.20 now lets you use group policies to ensure all users in your organization use consistent settings. Continue »