How to Use Azure AD B2C As Identity Provider?

[scout208]

Hi, I am wondering how I would setup Azure AD B2C to use for authentication for accessing the backend. I know how to setup Azure AD by following the Quickstart, but I'm not sure what to put in for the issuer URL for the identity provider to make it work with Azure AD B2C.

[adrianhall]

The issuer URL comes from Azure AD B2C. See https://stackoverflow.com/questions/66201234/where-can-i-obtain-my-azure-ad-b2c-issuer-url-in-the-portal

(Proviso - I've not used AAD B2C in a looong time, but it's fairly standard. Grab an access token and use jwt.ms to decode it - the issuer is the "iss" field)

[ideas2appsaustralia]

The way I have setup B2C in the ASP.NET Core API that is given to us by Adrian is below. I had done this before Adrian provided the code in the wiki. Anyway its working.

`var builder = WebApplication.CreateBuilder(args);

var connectionString = builder.Configuration.GetConnectionString("MS_TableConnectionString");

builder.Services.AddDbContext(options => options.UseSqlServer(connectionString));

// Adds Microsoft Identity platform (AAD v2.0) support to protect this Api
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(options =>
{
builder.Configuration.Bind("AzureAdB2C", options);
options.Authority = "https://???????.b2clogin.com/your B2C tenantID";
options.TokenValidationParameters.RequireAudience = true;
options.MetadataAddress = "https://????????.b2clogin.com/????????????.onmicrosoft.com/B2C_1_signinsignup/v2.0/.well-known/openid-configuration";
},
options => { builder.Configuration.Bind("AzureAdB2C", options); });

builder.Services.AddDatasyncControllers();

var app = builder.Build();

// Initialize the database
using (var scope = app.Services.CreateScope())
{
var context = scope.ServiceProvider.GetRequiredService();
await context.InitializeDatabaseAsync().ConfigureAwait(false);
}

// Configure and run the web service.
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();`

I have a delegating handler that enables jwt bearer token to provide the access token that comes back from azure B2C authentication service which I configure in the DatasyncClientOptions as per Adrians Wiki

`var options = new DatasyncClientOptions
{
HttpPipeline = new DelegatingHandler[]
{
new UserApiAuthenticationHandler(),
new LoggingHandler(true)
},
OfflineStore = store
};

            client = new DatasyncClient(Constants.BackendUrl, options);`

And here is the delegating handler

`public class UserApiAuthenticationHandler : DelegatingHandler
{
public UserApiAuthenticationHandler()
{
}

		protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {

            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", ???put your AccessToken here????);
            return await base.SendAsync(request, cancellationToken);
        }
    }`

Oh and the appsettings json

"AzureAdB2C": { "Instance": "https://???????.b2clogin.com/", "Domain": "???????.onmicrosoft.com", "ClientId": "??? the is the app/client ID of your azure web app ???", "TenantId": "??????", "SignUpSignInPolicyId": "B2C_1_signinsignup", "CallbackPath": "/signin-oidc"

[adrianhall]

In the new codebase, instead of providing a delegatinghandler, set up a GenericAuthenticationProvider:

var authProvider = new GenericAuthenticationProvider(GetAuthenticationTokenAsync);
var client = new DatasyncClient(url, authProvider, options);

Then you can define:

private async Task<AuthenticationToken> GetAuthenticationTokenAsync() {
  // put your code here to retrieve the access token
  return new AuthenticationToken {
    AccessToken = "{{??? your access token ???}}",
    ExpiresOn = ??? your expiry time ???
  }
}

If you are using MSAL (which is the recommendation currently), then I provide a full end-to-end example of MSAL (using AAD) in the tutorial code that is being published.