We have used Azure ADAL authentication in our web application. Now we are going to migrate from ADAL to MSAL authentication. Kindly provide an MVC sample source for Azure MSAL authentication.
Also, we are going to retrieve AD groups and AD groups users from Azure AD and store it in the DB. Kindly provide the sample code to get this also using MSAL.
Thank you in advance.
Related
I’m trying to get the Azure AD B2C AUTH token through login Endpoint in Web API Core 6.
Is that possible?
This article uses a sample ASP.NET web application that calls a web API to illustrate how to add Azure Active Directory B2C (Azure AD B2C) authentication to your web applications - https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-authentication-sample-web-app-with-api?tabs=visual-studio
To get an access token ,use
GET
https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy- name>/oauth2/v2.0/authorize?
client_id=<application-ID>
&nonce=anyRandomValue
&redirect_uri=https://jwt.ms
&scope=<application-ID-URI>/<scope-name>
&response_type=code
ref docs - https://learn.microsoft.com/en-us/azure/active-directory-b2c/access-tokens
Then Configure tokens in Azure Active Directory B2C - https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-tokens?pivots=b2c-user-flow
Hope this will help you .
Thanks
I've found no library for Azure Active Directory/ADAL for React Native. Could anyone give me a hint how to go about implementing ADAL with React Native?
Use the MSAL.js to integrate Azure AD B2C with your application.
Microsoft also recommends customers use MSAL.js to integrate Azure AD B2C. For more details, please refer this document: https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-b2c-overview.
To know how to implement you can refer this git hub documents
react-msal-sample and MSAL Azure AD B2C sample
I want to implement Azure AD B2C with .net core web API application.
The purpose of Web API application, to create/register users, provide bearer token, also when a new user create/register in Azure ADb2c the same entry it will create in SQL DB also.
The Web API application will be accessed by other .Net core web site applications, Android APK, IOS APP.
Using AD B2C how the sign-in/sign up will be handle by Web API with the other application.
Similarly how to get the bearer token and pass to Postman to test/run Web API with Authorize attribute.
Can anyone please guide me on how to implement it with a sample of code.
Thanks.
The Web API's are be used to protect and accept the B2C access tokens from client applications.
You can implement Azure AD B2C .Net Core MVC web application with web api.
Please go through the available code samples which can help you more.
In the web API using the Access token you can connect with Microsoft Graph API using which you can create Users.
Please go through the documentation on how to expose you API service
Is it possible to use MSAL to allow a windows service to access a web api protected by Azure AD B2C? If not, what is the best way to allow a autonomous service to access an API protected by B2C.
This scenario should be addressed with the Client Credentials OAuth flow.
This is possible in Azure AD B2C, however, the experience isn't ideal.
To do achieve this, use "App Registration" blade in the Azure Portal to register a apps that define application permissions and then register apps that use client credentials to request these. You would effectively be using the same mechanism that you use in regular Azure AD, see Azure AD's "Daemon or Server Application to Web API" documentation
Important note: Make sure you are not using the Azure AD B2C blades for this.
You can support the ask for a first class experience by voting for this entry in the Azure AD B2C feedback forum: Support OAuth 2.0 Client Credential Flow
We are building a Xamarin Native mobile apps and using Azure AD B2C for authenticating users using their social logins.
We decided use MSAL native library (Xamarin) for authenticating using B2C. And our mobile app required to manage(full access) the signed-in user profile. Since this feature isn't available in MSAL we have decided to go with ADAL for the time being. Followed the instruction provided in the link below and the sample works. But I started experimenting by deleting the API access provided in the application (created in b2c tenant) and the ran the application with "Get-user" parameter. And the application is still able to get the users from AD. Not sure how secure is this thing?
Then deleted the application key from the B2c tenant application and ran the console application sample. And received an error AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.
Trace ID: cef09957-06bf-462e-a0c3-4ed6bae11e00
Correlation ID: afab126d-8694-479a-8a21-c12eb7cb176c
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet
Any Idea why this is happening. I would like to implement this on a xamarin.ios app and any guidance much appreciated.
The answer to this is very similar to the answer to your other question: Exception access Azure AD B2C using ADAL library for user management, which can be summarized as:
Azure AD B2C does not yet support delegated permissions to the Azure AD or Microsoft Graph. The correct way to work around this limitation at this time is to have your native client application call a web API (using MSAL) which would in turn call the Graph API (using ADAL). This web API is an API you build which has authorization logic to scope the user management operations.
Once user management in Azure AD B2C is supported via the Microsoft Graph, you won't need this API and will be able to use delegated permissions (vs application permissions using client credentials) to have your native client application talk directly to the Microsoft Graph. In the interim, you'll have to stand up your own Web API as per the guidance above.
UPDATE: the Azure AD v2.0 endpoint and Microsoft Graph API now support client credentials flow, so you can also use MSAL for your Microsoft Graph API calls. However if you need to call the Azure AD Graph, then you will still need to use ADAL.