Security Research Lab

Security Research Lab is used for research and analysis of Azure AD authentication, permissions granted to Enterprise Applications, use of tokens at the website or at the web api, how request for token and use of token affects the behavior of Azure Conditional Access Policies and many more.

Organizations would like to participate in the research and analysis of Azure AD application permissions may contact at You are encouraged to review Privacy, Terms and Help on website.

Architecture of Security Research Lab

Architecture is simple and it includes a Mobile App, Web App, Web API and Azure Resources. Azure AD is at the heart which provides identity and authentication services. Users can use Mobile or Browser client, sing-in to Azure AD to get tokens and request protected contents from Web Api or Azure Graph Api.

Security Research Lab Mobile

This is my 2nd generation mobile app development. Unlike it’s predecessor, this mobile app is built with security focus. Visual Studio Enterprise with Xamarin made the life so easy as I am already familiar with .NET Core and C#! At this time, the app is available on Android platform only (due to ease of development). Feel free to download from – Google Play.

Mobile App displaying contents received from Web API
Mobile App displaying contents received from Azure Graph

Security Research Lab Web App

To deliver enterprise capabilities, you always need web application where you can deliver all features. Like Mobile app, some contents requires authentication and authorization. In both cases, Azure AD act as identity provider and provides authentication and authorization services. Feel free to visit – SecurityResearchLab.

Security Research Lab- Web App
Security Research Lab- Web App – Graph Api

Security Research Lab Web Api

Web Api is used as data provider and the endpoint is protected by Azure AD. Mobile or Browser client must include bearer token before calling web api. It’s always a good idea to implement Swagger to deliver api metadata!

Security Research Lab Web Api

Comments are disabled at the blogs to avoid spams. If you have any feedbacks or comments, you are welcome to contact me over LinkedIn.

Leave a Reply