Azure AD Proxy with Data Protection APIs
- ASP.NET Core application that operates like an Azure AD Proxy sending the username of the user or (app) as X-AAD-Username.
- If you need to implement an allow list of AppIDs or usernames, that is up to you to implement.
- Azure Storage Account for Data Protection
- Azure Key Vault for Protecting Keys
- Azure Key Vault for your SSL Certificate
- Azure Key Vault for Data Protection Keys
- Azure Storage Account for Data Protection Keys
- You need to acquire, upload and auto-rotate your SSL Certicate for the domain