I have developed
C# application and hosted it as a
windows service on a machine http://localhost:5000 . This application registered in `Azure Active Directory
Application is using the below details in-app configuration
Application receives a
Token from AAD and which will be used by
User for authenticating (OAuth Device flow in Azure AD, sometimes called device code flow)
Currently, all the employees of the company registered in AD, and
frustrated employees who copy the application configuration values can get access by
SPOOFIING the application. This is a risk. How to mitigate this?
Note: Attacker can shut down this application and run his own spoofed application at the same port 5000.
Is it possible to create a
security group and add only users who are supposed to have access to this application?
|AD All Users
|AD Sec Group 1
user 3 even after having the
secret, he shall reject the request by AAD. Is it possible?