Is it possible to use Azure AD B2C authentication in a localhost Azure Functions project? If yes, how can this be done?
There are examples of using Azure AD B2C authentication for local ASP.NET Core projects, but I have not seen any examples for local functions projects.
As Azure Function is designed to run a small spice of code. You can not add AAD authentication to it as you do to an ASP.NET project directly.
Some ideas:
For cloud environment, you can integrate AAD authentication from Azure portal. Here is a tutorial: ADDING AZURE AD B2C AUTHENTICATION TO AZURE FUNCTIONS
You can always manually get the authentication header from a http request. And then manually verify the token you get to see if it is authenticated.
Related
I am planning to move some of my applications from AzureAD authentication to Azure B2C. I have an existing Azure AD Tenant that has a custom domain assigned and verified and I use this for all of my internal Office 365 and AzureAD authenticated applications. I do not want to change any of this as it is working well.
I then created an Azure B2C tenant using the instructions provided here https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-tenant. That also worked and I have been able to register applications and create sample Flows.
However, I now want to assign a custom domain to the Azure B2C tenant and I would like to use the same domain that I am using for my existing applications in the AzureAD tenant. I use subdomains on my web server to separate the various applications.
I used the instructions here to create the custom domain in my Azure B2C tenant and add the TXT record to my domain registrar. https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-domain?pivots=b2c-user-flow.
However, when I try to verify my domain, I get a message stating that
This domain has been previously configured on
[Azure Domain Prefix].onmicrosoft.com using an existing Azure AD or Office 365.
To verify this domain name, you will first need to remove the domain
name from the existing directory.
I tried adding the subdomain to the Azure B2C tennant, but understandably this "domain" was not able to be found in the verification step.
Does anyone know how I can get around this? My understanding is that I can't add the B2C functionality to an existing AzureAD tenant and I really don't want to move everything from my existing AzureAD tenant, nor create a new domain.
I have now worked out why I had this problem and will post an answer to help anyone else.
The issue was that I was trying to add my top-level domain to the Azure B2C instance. However, if I followed the instructions more closely, I would have seen that I should be registering login.[my-doimain].com.au. I found the following graphic from https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-domain?pivots=b2c-user-flow useful to understand B2C a bit better.
We are using Oracle IDCS for our Oracle Apps that use SAML authentication. We would like to federate the authentication to use Azure AD B2C. For this we need federation between Oracle IDCS and Azure AD B2C. Can we setup Azure AD B2C as a trusted IDP with Oracle IDCS?
Yes, you can.
Refer to this.
That post refers to the Microsoft default documentation.
As long as you have the metadata or all the relevant details you can connect any client-side SAML stack to B2C.
At present, there is no way to accomplish setup Azure AD B2C as a trusted IDP with Oracle IDCS.
According to Azure AD B2C doc.
By acting as an identity provider (IdP) and achieving single-sign-on
(SSO) with SAML-based service providers (your applications)
And this your application is an Azure Web app.
Please refer to this.
I have created a tenant and application to be able to authenticate users via Azure B2C. I have a front-end application in React which uses Msal.js with authorization grant to obtain the access token, which is then used to make requests to a webserver which acts as a resource-server (connected to Azure b2c as well). I have used this answer to make it work -> How to secure Spring Boot REST API with Azure AD B2C?
Apart from that I have few daemon applications which need to connect to the backend as well. They should use client_crendentials grant_type to connect to the backend server (which is a resource-server).
However, the token that is obtain by the daemon app, cannot be used with the backend server (resource server) for some reason. Is there something that I do wrong ? Do you have samples for this scenario ? I've already spent days looking over all the documentation to find where is the problem.
I am develop a public Web API which will be used by number of external clients. In the past I have used HMAC for authentication and stored usernames and api keys in a database. We have more than 50 potential external client applications which will consume my API. The requirement from client point of view is, the authentication should be easy to implement, should support most of the web client/technologies (asp.net, angular, Node etc).
This time my organisation is interested in using Azure AD B2C. I am not sure if B2C is the right product for this usecase where external client application will use your API.
Does anyone have implemented azure-b2c in a same situation?? any sample app (API+Client)
B2C is about self service user registration, password reset, etc. with easy integration to things like Sign-in w/ Facebook (and many more IDPs (identity providers)).
Azure AD B2C is a cloud identity management solution for your web and mobile applications. It is a highly available global service that scales to hundreds of millions of identities. Built on an enterprise-grade secure platform, Azure AD B2C keeps your applications, your business, and your customers protected.
With minimal configuration, Azure AD B2C enables your application to authenticate:
Social Accounts (such as Facebook, Google, LinkedIn, and more)
Enterprise Accounts (using open standard protocols, OpenID Connect or SAML)
Local Accounts (email address and password, or username and password)
Sounds like Azure API Management is what you're looking for.
I have implemented Azure Active Directory Oath2.0 authentication and now I have to implement Claims-Based and Active Directory authentication in Java for Dynamics 365 Online/On-Premise.
I'm following this topic: https://msdn.microsoft.com/en-us/library/gg334502.aspx and here it says that Dynamics 365 online supports the following authentication scenarios: Claims Based Authentication or Active Directory Through Federation.
The problem is that I don't know from where to start and what configurations have to be done. I've played with azure portal and with the dynamics 365 online admin panel, but just can't figure out what I have to do :).
Can I use some info from https:// login.microsoftonline.com//FederationMetadata/2007-06/FederationMetadata.xml to perform such authentications?
Do I need do install a local Active Directory server?
I highly recommend looking through some Azure AD samples on how to setup oAuth2.0 to various Microsoft services. The dev landing page has tons of a great samples. Here is the java sample.
If you're trying to sign in purely Azure AD users the access some resources, then this is pretty straight forward. You'll want to register an app in the Azure Portal, setup all the delegated permissions and app configs necessary (the sample will help with this), then use the ADAL library to perform the oAuth2.0 flow. This flow will return back tokens that can be played to whatever service you requested access in the form of http requests.