Unlocking the Power of Azure AD B2C Authentication in ASP.NET Core: A Step-by-Step Guide
Image by Ambroise - hkhazo.biz.id

Unlocking the Power of Azure AD B2C Authentication in ASP.NET Core: A Step-by-Step Guide

By Posted on

Are you tired of juggling multiple authentication systems for your ASP.NET Core application? Do you want to provide a seamless and secure experience for your users? Look no further! In this comprehensive guide, we’ll show you how to implement Azure AD B2C authentication in an ASP.NET Core application that has Razor pages and web API in a single application.

Table of Contents
  1. What is Azure AD B2C?
    1. Why Choose Azure AD B2C?
  2. Prerequisites
  3. Step 1: Install the Required NuGet Packages
  4. Step 2: Configure Azure AD B2C
  5. Step 3: Configure the Authentication Middleware
  6. Step 4: Add Authentication to Razor Pages
  7. Step 5: Add Authentication to Web API
  8. Step 6: Implement Sign-in and Sign-out
  9. Conclusion
  10. Additional Resources

What is Azure AD B2C?

Azure Active Directory B2C (Azure AD B2C) is a cloud-based identity and access management solution that enables you to customize and control how users sign up, sign in, and manage their profiles. It provides a scalable and secure way to authenticate users in your application, while also providing features like password reset, account blocking, and more.

Why Choose Azure AD B2C?

  • Customizable and flexible authentication flows
  • Support for multiple identity providers (Google, Facebook, LinkedIn, and more)
  • Advanced security features, such as multi-factor authentication and conditional access
  • Easy integration with ASP.NET Core applications
  • Scalable and reliable, with a 99.99% uptime SLA

Prerequisites

Before we dive into the implementation, make sure you have the following:

  • Azure AD B2C tenant and a registered application
  • ASP.NET Core 3.1 or later
  • Razor pages and web API in a single application
  • Visual Studio 2019 or later

Step 1: Install the Required NuGet Packages

In your ASP.NET Core project, install the following NuGet packages:

Install-Package Microsoft.AspNetCore.Authentication.AzureADB2C.UI
Install-Package Microsoft.AspNetCore.Authentication.OpenIdConnect
Install-Package Microsoft.Identity.Web

Step 2: Configure Azure AD B2C

In your Azure AD B2C tenant, create a new application and configure the following settings:

Setting Value
Web App/ API Yes
Reply URL https://localhost:5001/signin-oidc
Logout URL https://localhost:5001/signout-oidc

Make a note of the Client ID and Tenant ID, as we’ll need them later.

Step 3: Configure the Authentication Middleware

In your ASP.NET Core project, add the following code to the `Startup.cs` file:

using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.AzureADB2C.UI;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication(options =>
    {
        options.DefaultChallengeScheme = "AzureADB2C";
        options.DefaultSignInScheme = "AzureADB2C";
    })
    .AddAzureADB2C(options =>
    {
        options.ClientId = Configuration["AzureAdB2C:ClientId"];
        options.TenantId = Configuration["AzureAdB2C:TenantId"];
        options.Instance = "https://{your_tenant_name}.b2clogin.com/tfp/{your_tenant_name}.onmicrosoft.com/{your_policy_name}";
        options.SignUpSignInPolicyId = "{your_policy_id}";
        options.ResetPasswordPolicyId = "{your_policy_id}";
    });
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    app.UseRouting();
    app.UseAuthentication();
    app.UseAuthorization();
    app.UseEndpoints(endpoints =>
    {
        endpoints.MapRazorPages();
        endpoints.MapControllers();
    });
}

Replace `{your_tenant_name}`, `{your_policy_name}`, and `{your_policy_id}` with your Azure AD B2C tenant name, policy name, and policy ID, respectively.

Step 4: Add Authentication to Razor Pages

Update your Razor pages to use the Azure AD B2C authentication middleware:

@page
@attribute [Authorize]
@using Microsoft.AspNetCore.Authorization

// Your Razor page content here

This will require users to authenticate before accessing the Razor page.

Step 5: Add Authentication to Web API

Update your web API controllers to use the Azure AD B2C authentication middleware:

[ApiController]
[Route("api/[controller]")]
[Authorize]
public class MyController : ControllerBase
{
    // Your API controller actions here
}

This will require users to authenticate before accessing the web API.

Step 6: Implement Sign-in and Sign-out

Create a new Razor page for sign-in and sign-out:

@page "/signin"
@attribute [AllowAnonymous]
@page "/signout" @attribute [Authorize] @using Microsoft.AspNetCore.Authentication
@code { [Authorize] public async Task OnPostAsync() { await HttpContext.SignOutAsync("AzureADB2C"); return RedirectToPage("/Index"); } }

This will allow users to sign in and sign out of your application using Azure AD B2C.

Conclusion

And that’s it! You’ve successfully implemented Azure AD B2C authentication in your ASP.NET Core application with Razor pages and web API. This will provide a secure and scalable way to authenticate users in your application, while also providing advanced features like multi-factor authentication and conditional access.

Remember to replace the placeholders with your actual Azure AD B2C tenant name, policy name, and policy ID. If you encounter any issues, refer to the Azure AD B2C documentation and ASP.NET Core authentication middleware documentation for more information.

Additional Resources

Happy coding!

Frequently Asked Question

Are you trying to implement Azure Active Directory B2C (AAD B2C) authentication on your ASP.NET Core application that has Razor pages and web API in a single application? Look no further! Here are some frequently asked questions to get you started.

What are the prerequisites for implementing AAD B2C authentication on my ASP.NET Core application?

To implement AAD B2C authentication, you’ll need to register your application on the Azure portal, create a tenant, and set up a sign-up/sign-in policy. You’ll also need to install the Microsoft.Identity.Web and Microsoft.Identity.Web.MicrosoftAuthentication NuGet packages in your ASP.NET Core project.

How do I configure AAD B2C authentication in my ASP.NET Core application?

In your Startup.cs file, add the MicrosoftIdentityWebAuthentication services to the DI container in the ConfigureServices method. Then, in the Configure method, add the authentication middleware to the pipeline and configure the authentication options using the AzureADB2COptions class.

How do I protect my Razor pages and web API controllers with AAD B2C authentication?

Use the [Authorize] attribute on your Razor pages and web API controllers to restrict access to authenticated users. You can also use the [Authorize(Roles = “your-role-name”)] attribute to restrict access to specific roles.

How do I handle token acquisition and caching for my web API calls?

Use the Microsoft.Identity.Web token acquisition library to acquire and cache tokens for your web API calls. This library provides a set of APIs for acquiring tokens silently or interactively, and caching them for later use.

What are some common issues to watch out for when implementing AAD B2C authentication in my ASP.NET Core application?

Common issues to watch out for include incorrect configuration of the authentication options, mismatched tenant or client ID settings, and token acquisition errors. Make sure to test your implementation thoroughly and check the Azure portal for any errors or configuration issues.