Azure Lively Listing B2C (business-to-consumer) is a model of the Azure Lively Listing that permits customers (shoppers) to register with the applying.
This text exhibits easy methods to create an ASP.NET Core utility to make use of this nice Azure service.
Creating an ASP.NET Core Internet Utility
First, let’s create an ASP.NET Core Internet utility. Utilizing .NET CLI with the ASP.NET Core Internet App template, the --auth possibility provides some completely different predefined choices to authenticate and authorize customers:
- Particular person
- IndividualB2C
- SingleOrg
- MultiOrg
- Home windows
Utilizing Particular person, an area database is created that’s used to retailer person info. That is fairly highly effective choice to retailer customers and roles, customers can register with the applying, and you’ll configure e-mail suppliers to confirm the e-mail from customers. You too can completly customise what details about customers is saved. The dialogs for person enter are specified with a Razor pages library, with scaffolding you possibly can override these dialogs. Nevertheless, if there’s not a extremely good purpose to create a database to retailer person info, it’s finest to make use of a service that’s unbiased of the net utility – akin to Azure Lively Listing.
IndividualB2C is the choice coated on this article – accessing Azure Lively Listing B2C. With this info, you may as well simply make use of the subsequent two choices, accessing an Azure Lively Listing (AAD) with a single group (SingleOrg) or a number of organizations (MultiOrg).
Utilizing the choice Home windows, the authorization half is outdoors of the applying. With Home windows authentication, you usually make use of an on-premises Lively Listing (or use a hybrid model with synchronization choices utilizing AAD), and have your utility hosted with Web Data Server (IIS). Right here the authorization may be completed from IIS.
Let’s create a brand new internet utility with the IndividualB2C possibility. Utilizing the .NET CLI, you may as well specify values for all of the completely different choices wanted to entry the listing (e.g. utilizing --aad-instance, --client-id, --reset-password-policy-id, and plenty of extra), but it surely’s not onerous to vary the values afterwards.
dotnet new webapp --auth IndividualB2C -o AADB2CSample
The generated challenge has these NuGet packages added:
- Microsoft.AspNetCore.Authentication.JwtBearer – permits the applying to obtain an OpenID Join bearer token
- Microsoft.AspNetCore.Authentication.OpenIdConnect – this can be a package deal for middleware to assist the OpenID Join authentication circulation
- Microsoft.Identification.Internet – this package deal is for the net functions utilizing the Microsoft identification platform and itself has dependencies on some Microsoft identification libraries, e.g. Microsoft.Identification.Shopper
- Microsoft.Identification.Internet.UI – this package deal comprises an
AccountControllerand Razor pages
Utilizing .NET 6, with the generated top-level statements, the DI container is configured (see the next determine). The strategy AddAuthentication configures the OpenIdConnect authentication scheme. AddMicrosoftIdentityWebApp defines the identification service for use. For this configuration, the values utilizing the part AzureAdB2C are retrieved as proven within the following picture.
The configuration specified may be discovered within the file appsettings.json as proven within the subsequent determine. Right here you have to set the values which you will discover within the Azure ADB2C configuration.
> The worth for the Occasion key that’s created with the template (https://login.microsoftonline.com/tfp/) is now not working with AADB2C (not less than not with Lively Directories in Europe). Should you get the error IOException IDX20807, unable to retrieve…, one purpose is that the unsuitable hyperlink is specified (there may be different causes as nicely). Configure this hyperlink with AADB2C as an alternative: https://{yourdocomainname}.b2clogin.com.
Constructing the applying created from the template, customers can register and login – as quickly because the configuration values are specified, which shall be completed after creating the applying to the Azure service.
Azure AD B2C
Utilizing the Azure Portal, you possibly can create a brand new Azure Lively Listing B2C tenant – with a free tier of fifty,000 month-to-month energetic customers (MAU). Apart from specifying the title of the group and the area title, you choose the nation or area the place the person knowledge ought to be saved. I chosen Austria which supplies me an information middle situated inside Europe to satisfy the Common Knowledge Safety Regulation (GDPR) necessities.
With this listing, identification suppliers may be configured to permit customers to take their present account from suppliers akin to Amazon, Fb, GitHub, LinkedIn, and others as proven within the subsequent picture. As an alternative of remembering one other password, customers can carry their present account.
Utilizing person attributes (proven within the subsequent picture) you possibly can specify what details about the person ought to be saved with the listing. You too can create customized attributes. Utilizing person flows, you possibly can ask the person on registration (or when the person adjustments the profile) info that’s saved throughout the listing service. In case you utilize completely different identification suppliers, you don’t have entry to all of the person info saved with the identification supplier. As an alternative, it’s essential ask the person for the knowledge you’re , and might retailer this info with AADB2C.
Creating person flows, you possibly can specify what info ought to be collected from the person, and what info ought to be handed inside a token to the applying. The flows configured with the applying are flows to enroll and check in, resetting the password, and enhancing the profile. Bear in mind the names configured – these are wanted with the applying configuration.
With this configuration in place, you possibly can take a look at the person circulation from the portal. The subsequent picture exhibits the join web page of the join and check in person circulation.
Person flows are customizable in lots of regards. You possibly can specify the person attributes that ought to be a part of the shape – together with customized attributes. You possibly can create a completely custom-made web page that’s served out of your utility, add API connectors which are invoked from the circulation (e.g. after federating with an identification supplier, earlier than creating the person, earlier than together with utility claims in tokens), and you may as well create customized insurance policies.
To map the net utility created to the Azure Lively Listing B2C, with the listing an utility must be registered. With an online utility, the Redirect URI must be specified. To check the applying domestically utilizing the listing, configure the https://localhost deal with together with the port quantity and the signin-oidc path utilized by the applying.
With the default ASP.NET Core configuration, implicit flows should be configured as nicely. You discover this configuration with the Authentication part of the applying configuration. For assist with the configuration of functions, you may as well use the Integration assistant, choose the applying kind, and consider the app registration. This assistant provides hints – such because the implicit circulation – that should be configured. This assistant presents hyperlinks to documentation and tutorials as nicely.
To register an utility with the AADB2C, and to replace the configuration within the utility, you should utilize the NET instruments Microsoft.dotnet-msidentity or msidentity-app-sync. See the hyperlinks under.
Configuring the Utility
After the applying is configured with the AADB2C, you possibly can put all of the completely different configuration values to the applying configuration inside appsettings.json.
Here’s a checklist of the configuration settings for the AzureAdB2C part:
- Occasion – use https://{yourdomain}.b2clogin.com
- ClientId – use the Utility (shopper) Id discovered with the Overview settings of the app registration
- CallbackPath – depart it with
/signin-oidc– this must be configured with AADB2C - Area – use the area you registered
- SignedOutCallbackPath – you possibly can configure the trail specified right here with AADB2C for a signout
- SignUpSignInPolicyId – configure the title you specified for the join and check in person circulation
- ResetPasswordPolicyId – configure the title you specified for the password reset person circulation
- EditProfilePolicyId – configure the title you specified for the profile enhancing person circulation
After the configuration is in place, you can begin the applying. Clicking on the Signal In hyperlink, you’ve gotten the choice to check in, or click on on the Enroll now hyperlink. This opens the dialog proven under. All of the fields outlined with the precise person circulation are proven. Utilizing the e-mail supplier, verification of the e-mail deal with is already built-in with AADB2C.
Take away
The Azure Lively Listing B2C is a robust service that you should utilize in Internet functions the place your customers ought to be allowed to register. As an alternative of making a customized implementation, or utilizing an on-premises service, AADB2C presents many options which permit for customizations. Utilizing .NET, templates can be found which make it simple to make use of Microsoft Azure companies.
Take pleasure in studying and programming!
Christian
It could be nice in case you present assist shopping for a espresso.
