Tuesday, February 11, 2025

Read B2C Token from Razor MVC Application

 To Retrieve B2C logged in users token for delegate permissions, follow below steps,


Add below lines in startup,


// Configuration to sign-in users with Azure AD B2C

   services.AddMicrosoftIdentityWebAppAuthentication(Configuration, Constants.AzureAdB2C).

        EnableTokenAcquisitionToCallDownstreamApi(new string[] { "https://graph.microsoft.com/.default" })

       .AddInMemoryTokenCaches();

services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>

{

    options.TokenValidationParameters = new TokenValidationParameters

    {

        ValidAudience = "https://graph.microsoft.com"

    };

    options.SaveTokens = true;

});

 

services.Configure<ConfidentialClientApplicationOptions>(options =>

{

    options.ClientSecret = Configuration["AzureAdB2C:ClientSecret"];

});

 

services.ConfigureApplicationCookie(options =>

{

    options.Cookie.SameSite = SameSiteMode.None;

    options.Cookie.SecurePolicy = CookieSecurePolicy.Always;

});

 

Now retrieve token from Controller with below syntax,

    HttpContext.GetTokenAsync("access_token").Result

    or

    HttpContext.GetTokenAsync("id_token").Result


   



Posted by at No comments:
Labels: , , , ,

Friday, June 14, 2024

Azure AD B2C SSO to Microsoft Entra ID (AD) using OIDC - User Flow

 How to Setup SSO on Azure AD B2C to Azure AD Entra ID


Prerequesties: 

- Create Azure AD Entra ID Tenant

- Create Azure AD B2C Tenant

- Create Azure AD B2C App Registration. Ref: Balajiprasad's useful codes: Azure AD B2C App Registration (rbalajiprasad.blogspot.com)


On Azure AD Entra ID:

- Go to "Microsoft Entra ID", click "Enterprise Applications"

- Click "New Application" then click "Create your own application"

- Choose account type as Single Tenant

- Set Redirect URL as Web & URL to https:// {b2ctenantname}.b2clogin.com/{b2ctenantname}.onmicrosoft.com/oauth2/authresp  (Replace b2cTenantName)

- Go to "Certificates & Secrets" tab, create new client secret, give some unique name and expiration, store the secret for later purpose


On Azure AD B2C: 

- Go to "Azure AD B2C"

- Go to "Identity Provider", Click to "New OpenID Connect Provider"

- Enter the below details and save,

Name: {{SomeUniqueName}}

Metadata url: https://login.microsoftonline.com/{{ADtenantname}}.onmicrosoft.com/.well-known/openid-configuration

Client ID: {{EntraIDADAppRegistrationApplicationId}}

Client secret:  {{EntraIDADAppRegistrationSecret}}

Scope:  open

Response type: id_token

Response mode: form_post

Domain hint: {{SomeUniqueName}}

User ID: oid

Display name:  name

Given name:  given_name

Surname:  family_name

Email:  unique_name


- Go To "User Flows", Choose the SignIn or SignupSignIn flow then select the identity providers

- Now test the policy run flow or through Web Application, you can see the new Login Button for AD tenant added in Signin page

Posted by at No comments:
Labels: , , , , ,
Subscribe to: Comments (Atom)