GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Azure-Samples → Active Directory B2c Dotnet Webapp And Webapi

Azure-Samples / Active Directory B2c Dotnet Webapp And Webapi

Licence: mit
A combined sample for a .NET web application that calls a .NET Web API, both secured using Azure AD B2C

Labels

dotnetwebappmicrosoftidentitywebapiasp-net

Projects that are alternatives of or similar to Active Directory B2c Dotnet Webapp And Webapi

Active Directory B2c Dotnetcore Webapp
An ASP.NET Core web application that can sign in a user using Azure AD B2C, get an access token using MSAL.NET and call an API.
Stars: ✭ 160 (-3.61%)
Mutual labels:  microsoft, identity, webapp
Active Directory B2c Javascript Nodejs Webapi
A small Node.js Web API for Azure AD B2C that shows how to protect your web api and accept B2C access tokens using Passport.js.
Stars: ✭ 85 (-48.8%)
Mutual labels:  webapi, microsoft, identity
Dbwebapi
(Migrated from CodePlex) DbWebApi is a .Net library that implement an entirely generic Web API (RESTful) for HTTP clients to call database (Oracle & SQL Server) stored procedures or functions in a managed way out-of-the-box without any configuration or coding.
Stars: ✭ 84 (-49.4%)
Mutual labels:  webapi, asp-net
Aspnetcore Ddd
Full ASP.NET Core 3.1 LTS application with DDD, CQRS and Event Sourcing
Stars: ✭ 88 (-46.99%)
Mutual labels:  webapi, identity
Active Directory B2c Javascript Msal Singlepageapp
A single page application (SPA) calling a Web API. Authentication is done with Azure AD B2C by leveraging MSAL.js
Stars: ✭ 164 (-1.2%)
Mutual labels:  microsoft, identity
Epilink
Authenticate people on your Discord servers and give them roles automatically. All-in-one server back-end, Discord bot and front-end. Works with Google, Microsoft and any OpenID Connect provider.
Stars: ✭ 36 (-78.31%)
Mutual labels:  microsoft, identity
Active Directory B2c Dotnet Desktop
Sample showing how a Windows Desktop .NET (WPF) application can sign in a user using Azure AD B2C, get an access token using MSAL.NET and call an API.
Stars: ✭ 39 (-76.51%)
Mutual labels:  microsoft, identity
Microsoft Authentication Library For Android
Microsoft Authentication Library (MSAL) for Android
Stars: ✭ 103 (-37.95%)
Mutual labels:  microsoft, identity
Aspnetcore Webapi Course
Professional REST API design with ASP.NET Core 3.1 WebAPI
Stars: ✭ 323 (+94.58%)
Mutual labels:  webapi, identity
Huxley
JSON proxy for the UK National Rail Live Departure Board SOAP API
Stars: ✭ 123 (-25.9%)
Mutual labels:  webapi, asp-net
Active Directory Dotnet Webapp Webapi Openidconnect Aspnetcore
An ASP.NET Core web application that authenticates Azure AD users and calls a web API using OAuth 2.0 access tokens.
Stars: ✭ 124 (-25.3%)
Mutual labels:  webapi, webapp
Ps Webapi
(Migrated from CodePlex) Let PowerShell Script serve or command-line process as WebAPI. PSWebApi is a simple library for building ASP.NET Web APIs (RESTful Services) by PowerShell Scripts or batch/executable files out of the box.
Stars: ✭ 24 (-85.54%)
Mutual labels:  webapi, asp-net
Microsoft Authentication Library For Dotnet
Microsoft Authentication Library (MSAL) for .NET
Stars: ✭ 746 (+349.4%)
Mutual labels:  microsoft, identity
Webapiclientgen
Strongly Typed Client API Generators generate strongly typed client APIs in C# .NET and in TypeScript for jQuery and Angular 2+ from ASP.NET Web API and .NET Core Web API
Stars: ✭ 134 (-19.28%)
Mutual labels:  webapi, asp-net
Mytested.webapi
Fluent testing framework for ASP.NET Web API 2.
Stars: ✭ 719 (+333.13%)
Mutual labels:  webapi, asp-net
Active Directory B2c Xamarin Native
This is a simple Xamarin Forms app showcasing how to use MSAL to authenticate users via Azure Active Directory B2C, and access a Web API with the resulting tokens.
Stars: ✭ 91 (-45.18%)
Mutual labels:  microsoft, identity
DotNETCarRental
Daily car rental simulation with ASP.NET.
Stars: ✭ 13 (-92.17%)
Mutual labels:  asp-net, webapi
Aspnetcoreapistarter
An ASP.NET Core (v2.1) Web API project to quickly bootstrap new projects. Includes Identity, JWT authentication w/ refresh tokens.
Stars: ✭ 304 (+83.13%)
Mutual labels:  webapi, identity
Xclcms
XCLCMS is a lightweight CMS (content management system) background management system, Developed using asp.net MVC, it provides a simple and easy-to-use web API interface and supports multiple applications for a single merchant.
Stars: ✭ 107 (-35.54%)
Mutual labels:  webapi, asp-net
Microsoft Authentication Library For Objc
Microsoft Authentication Library (MSAL) for iOS and macOS
Stars: ✭ 132 (-20.48%)
Mutual labels:  microsoft, identity
View All Similar Projects ➔

page_type: sample description: "The sample covers calling an OpenID Connect identity provider (Azure AD B2C) and acquiring a token from Azure AD B2C using MSAL." languages:

  • csharp products:
  • dotnet
  • azure
  • azure-active-directory

Azure AD B2C: Call an ASP.NET Web API from an ASP.NET Web App

This sample contains a solution file that contains two projects: TaskWebApp and TaskService.

  • TaskWebApp is a "To-do" ASP.NET MVC web application where the users enters or updates their to-do items. These CRUD operations are performed by a backend web API. The web app displays the information returned from the ASP.NET Web API.
  • TaskService is the backend ASP.NET API that manages and stores each user's to-do list.

The sample covers the following:

  • Calling an OpenID Connect identity provider (Azure AD B2C)
  • Acquiring a token from Azure AD B2C using MSAL

How To Run This Sample using your own Azure AD B2C Tenant

After cloning this repo, configure the sample to use your own Azure AD B2C tenant. In this section, you'll learn how to configure the ASP.NET Web Application and the ASP.NET Web API to work with your own Azure AD B2C Tenant.

Step 1: Get your own Azure AD B2C tenant

First, you'll need an Azure AD B2C tenant. If you don't have an existing Azure AD B2C tenant that you can use for testing purposes, you can create your own by following these instructions.

Step 2: Create your own policies

This sample uses three types of policies: a unified sign-up/sign-in policy, a profile editing policy, and a password reset policy. Create one policy of each type by following the built-in policy instructions. You may choose to include as many or as few identity providers as you wish.

If you already have existing policies in your Azure AD B2C tenant, feel free to re-use those policies in this sample.

Make sure that all the three policies return User's Object ID and Display Name on Application Claims. To do that, on Azure Portal, go to your B2C Directory then click User flows (policies) on the left menu and select your policy. Then click on Application claims and make sure that User's Object ID and Display Name is checked.

Step 3: Register your ASP.NET Web API with Azure AD B2C

Follow the instructions at register a Web API with Azure AD B2C to register the ASP.NET Web API sample with your tenant. Registering your Web API allows you to define the scopes that your ASP.NET Web Application will request access tokens for.

Provide the following values for the ASP.NET Web API registration:

  • Provide a descriptive Name for the ASP.NET Web API, for example, My Test ASP.NET Web API. You will identify this application by its Name whenever working in the Azure portal.
  • Set the Reply URL to https://localhost:44332/. This is the port number that this ASP.NET Web API sample is configured to run on.
  • Set the AppID URI to demoapi. This AppID URI is a unique identifier representing this particular ASP.NET Web API. The AppID URI is used to construct the scopes that are configured in your ASP.NET Web Application. For example, in this ASP.NET Web API sample, the scope will have the value https://<your-tenant-name>.onmicrosoft.com/demoapi/read
  • Create the application.
  • Once the application is created, open your My Test ASP.NET Web API application and then open the Published Scopes window (in the left nav menu). Add the following 2 scopes:
    • Scope named read followed by a description demoing a read scenario.
    • Scope named write followed by a description demoing a write scenario.
  • Click Save.

Step 4: Register your ASP.NET Web Application with Azure AD B2C

Follow the instructions at register a Web Application with Azure AD B2C

Your web application registration should include the following information:

  • Provide a descriptive Name for your web application, for example, My Test ASP.NET Web Application. You can identify this application by its Name within the Azure portal.
  • Set the Reply URL to https://localhost:44316/ This is the port number that this ASP.NET Web Application sample is configured to run on.
  • Create your application.
  • Once the application is created, from the menu select Authentication. In the Implict grant section, select Access tokens.
  • Next, create a Web App client secret. In the Azure portal go to your Azure AD B2C instance. From the menu select App registration. Select the registration for your Web Application. From the menu select Certificates & secrets and click New client secret. Note: You will only see the secret once. Make sure you copy it.
  • From the menu choose API permissions. Click Add a permission, switch to the My APIs tab, and select the name of the Web API you registered previously, for example My Test ASP.NET Web API. Select the scope(s) you defined previously, for example, read and write and select Add permissions.

Step 5: Configure your Visual Studio project with your Azure AD B2C app registrations

In this section, you will change the code in both projects to use your tenant.

⚠️ Since both projects have a Web.config file, pay close attention which Web.config file you are modifying.

Step 5a: Modify the TaskWebApp project

  1. Open the Web.config file for the TaskWebApp project.

  2. Find the key ida:Tenant and replace the value with your <your-tenant-name>.onmicrosoft.com.

  3. Find the key ida:AadInstance and replace the value with your <your-tenant-name>.b2clogin.com.

  4. Find the key ida:TenantId and replace the value with your Directory ID. You can get it by navigating to the registration information of one of your apps and copying the value of the Directory (tenant) ID property.

  5. Find the key ida:ClientId and replace the value with the Application ID from your web application My Test ASP.NET Web Application registration in the Azure portal.

  6. Find the key ida:ClientSecret and replace the value with the Client secret from your web application in in the Azure portal.

  7. Find the keys representing the policies, e.g. ida:SignUpSignInPolicyId and replace the values with the corresponding policy names you created, e.g. b2c_1_SiUpIn

  8. Change the api:ApiIdentifier key value to the App ID URI of the API you specified in the Web API registration. This App ID URI tells B2C which API your Web Application wants permissions to.

    <!--<add key="api:ApiIdentifier" value="https://fabrikamb2c.onmicrosoft.com/api/" />>

<add key="api:ApiIdentifier" value="https://<your-tenant-name>.onmicrosoft.com/demoapi/" />

    📝 Make sure to include the trailing '/' at the end of your ApiIdentifier value.

  9. Find the keys representing the scopes, e.g. api:ReadScope and replace the values with the corresponding scope names you created, e.g. read

Step 5b: Modify the TaskService project

  1. Open the Web.config file for the TaskService project.
  2. Find the key ida:Tenant and replace the value with your <your-tenant-name>.onmicrosoft.com.
  3. Find the key ida:AadInstance and replace the value with your <your-tenant-name>.b2clogin.com.
  4. Find the key ida:ClientId and replace the value with the Application ID from your web API My Test ASP.NET Web API registration in the Azure portal.
  5. Find the key ida:SignUpSignInPolicyId and replace the value with the policy name you created, e.g. b2c_1_SiUpIn
  6. Find the keys representing the scopes, e.g. api:ReadScope and api:WriteScope and replace the values with the corresponding scope names you created if needed, e.g. read and write

Step 5c: Run both projects

You need to run both projects at the same time. If you did not complete the demo tenant instructions above, you need to configure Visual Studio for multiple startup projects.

You can now perform all the previous steps as seen in the demo tenant environment.

Known Issues

  • MSAL cache needs a TenantId along with the user's ObjectId to function. It retrieves these two from the claims returned in the id_token. As TenantId is not guranteed to be present in id_tokens issued by B2C unless the steps listed in this document, if you are following the workarounds listed in the doc and tenantId claim (tid) is available in the user's token, then please change the code in ClaimsPrincipalsExtension.cs GetB2CMsalAccountId() to let MSAL pick this from the claims instead.

Next Steps

Customize your user experience further by supporting more identity providers. Checkout the docs belows to learn how to add additional providers:

Microsoft

Facebook

Google

Amazon

LinkedIn

Additional information

Additional information regarding this sample can be found in our documentation:

Questions & Issues

Please file any questions or problems with the sample as a github issue. You can also post on StackOverflow with the tag azure-ad-b2c.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].