Security

Understanding and Mitigating Prompt Injection Attacks with Prompt Shield in Azure AI Studio Introduction In the fast-changing landscape of Generative AI and its applications, keeping AI models secure and reliable is very important. Prompt injection is one of the prominent attack identified against AI Implementations. Azure AI Studio offers a solutions to tackle these threats and is called Prompt Shield. This blog will explain what prompt injection attacks are, their possible effects, and how Azure AI Studio’s Prompt Shield can protect against them....

Context Powerapps Portal gives a quick and easy way to build public facing websites. Data in the portal is mostly fetched from Microsoft Dataverse using Powerplatform FetchXML or the portal’s Web API. These operations are secured using portal’s application session, as explained here. Often there are requirements to consume an externally hosted API, in this particular example an API hosted in Azure behind an API Management. With Javascript the only option to trigger an API, implementing a secret based authentication is out of scope....

Introduction APIs have become so popular that almost all websites and applications rely on APIs to get data from server. Often user impersonation is used to authenticate as well as authorize access to the resource exposed by an API, but there are also use cases where application itself needs data from an API for functioning. Currently the most used authentication mechanism is OAuth, where identity management is performed by a third provider and both the client and resource server trusts this identity provider....

Introduction Continuing from the previous post, the new generation of authentication mechanism was created to satisfy the new generation of application, starting from apps that run just in the browser to apps that run on micro-controllers. This new generation of authentication mechanism called as the modern authentication protocols are built on top of the OAuth protocol and taking inspiration from SAML. In the below article the term IDP refers to the Identity provider, the external service that is responsible for authenticating a user and issuing authorization tokens....

Introduction Authentication has been an important component in the world of IT from the time companies required their employees to prove their identity to use the company’s computing resources whether it was to execute its business processes or accessing email or file. During the earlier days employees used to login to their computers using a username and password, which was stored in a central server like an active directory (in case of Microsoft tech stack)....

Security? Security is one of the most important cross-cutting concern for any web application. All applications (except for static web sites) require to identify a user and restrict the users from viewing or performing actions on pages. Authentication Authentication is the method by which an application identifies a user. By identifying a user, the application can decide whether the user is a valid user to access the application. Authorization Authorization is the way the application decides if the identified user can view a particular page or perform a particular action....