DEV Community

Cover image for Play with Azure AD B2C Custom Policies and .Net
rprohit66
rprohit66

Posted on

Play with Azure AD B2C Custom Policies and .Net

Alt Text

Application owner always look for security and effective user experience. They want to only allow authorised users to access their application. In this article I will show you how you can develop .Net app and secure it using Azure AD B2C.


Before I jump directly to the coding part of it, I want to introduce each components I used :

  • .Net Core: .NET is a free and open-source, managed computer software framework for Windows, Linux, and macOS operating systems.
  • Azure AD B2C: Azure Active Directory B2C (Azure AD B2C) is an identity management service that enables custom control of how your customers sign up, sign in, and manage their profiles when using your iOS, Android, .NET, single-page (SPA), and other applications.
  • Visual Studio: Microsoft Visual Studio is an integrated development environment from Microsoft. It is used to develop computer programs, as well as websites, web apps, web services and mobile apps.

Version of Tools and Technologies used to build this application:

  • Microsoft Visual Studio Community 2019
  • .Net Core 5.0
  • Azure AD B2C

This is all about the technical components I used. Let’s move to the implementation part of it.

Pre-Requisites:

  • VS 2019 Installed
  • Azure AD B2C Tenant Configured

Implementation
First, we will setup Azure AD B2C Custom Policies:

Step1: Please go through this link to configure tenant to run custom policies, if not done yet. Either you can do the configuration manually or you can use this link to automate it. Automating will deploy the policies from Azure AD B2C starter pack, which will provide Sign Up and Sign In, Password Reset and Profile Edit journeys. In this article I am going with automate process.

Alt Text

Alt Text

Step2: Below are the details you need to fill:

  • Domain: B2C domain (E.g.: xxx.onmicrosoft.com)
  • Facebook Reference if not required check the box.
  • If needed Phone Sign-In Journey check the box.
  • If want to enable JavaScript to run on the B2C Page check the box.

Step3: Once done click on Submit button and then Sign-in with an account with admin privileges in the provided tenant.

Alt Text

Step4: AzureAD will ask you to consent to the application having the ability to create objects in your tenant (applications, keys, policies)

Alt Text

Step5: Once you consent, the application will check the tenant and create objects if not exists and upload policies. Below is the report you see once application run successfully.

Alt Text

You can also check out Audit Logs in the Azure Portal to get the insights.

Step6: Now, complete the setup by clicking on the link. 1st point to give consent to ProxyIdentityExperienceFramework application. 2nd point to give consent to IEF Test App application.

Implementation of the custom policies done, if you want you can Test the custom policy.


.Net Core App Implementation

Step1: Open Visual Studio and click on New Project.
Step2: Select ASP.Net Core Web Application with C# and click Next.
Step3: Provide the Project Name, Location and Solution Name (You can proceed with default value).
Step4: Select the Target Framework as .Net Core 5.0, MVC Template and Change the Authentication and make it Individual User Accounts. From the drop-down select Connect to existing store in the cloud and fill all the details which you created during Custom Policies Implementation and click ok.
Step5: Review and Click Create. Now you can review Solution Explorer to check all the files created.

Alt Text

appsettings.json

{
  "AzureAdB2C": {
    "Instance": "https://identitiessolution.b2clogin.com/tfp/",
    "ClientId": "dc71ecb1-0aa7-4c4e-9a81-af7853c6488c",
    "Domain": "identitiessolution.onmicrosoft.com",
    "SignedOutCallbackPath": "/signout/B2C_1_susi",
    "SignUpSignInPolicyId": "B2C_1A_SignUpOrSignInWithPhoneOrEmail",
    "ResetPasswordPolicyId": "B2C_1A_PasswordResetEmail",
    "EditProfilePolicyId": "B2C_1A_ProfileEditPhoneEmail",
    "CallbackPath": "/signin-oidc"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*"
}
Enter fullscreen mode Exit fullscreen mode

StartUp.cs

To Add B2C in the Solution

public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAdB2C"));
            services.AddControllersWithViews();
            services.AddRazorPages()
                 .AddMicrosoftIdentityUI();
        }
Enter fullscreen mode Exit fullscreen mode

Packages Related to Azure AD B2C

Alt Text

Important!!
Check out the app in the Azure Portal and add the Redirect URL if it is not present there.

Alt Text

Congratulations!! You done it!!
Alt Text
Now its time to see your implementation. Run the app from Visual Studio and wait to get it loaded to the browser.

Alt Text

Click on Sign-In to see the Azure AD B2C Journey.

Alt Text


Application Flow
Alt Text

Summary
This is where we will stop for now.
What did we actually learn?

  • Creation of Azure AD B2C Tenant
  • Automation to Setup tenant to run custom policies.
  • .Net Core 5.0 setup to work with Azure AD B2C

Feel like you have a ton more to learn? You're right this is a big topic.

I hope you enjoy learning and follow me to learn more.

Github Repo Link for .Net Code

Click here to go to Github Repo

Top comments (0)