Is there an equivalent of AcquireTokenByUsernamePassword in .NET Framework 4.6.1? I am trying to implement ROPC flow to AD B2C "local" user account, but the docs for this class say that it's only applicable for .NET Core. Although, it does let me use it in the code, but it doesn't work. I followed all of the instructions, but still getting permission errors. I am wondering if it's my setup issues or the framework.
Unfortunately, we are stuck with the old framework for now.
Related
I have a legacy B2C application that runs just fine. I decided to upgrade to the new 'experience' since the message said they're discontinuing the old legacy blade as of Nov-21. So I followed the instructions on this page:
AAD B2C specifics
When I start up the application, I get this message:
Switching back to the legacy application results in a working login screen.
• Since your Azure AD B2C application is a ‘PublicClientApplication’, it has the property of ‘UseCorporateNetwork’ which is a Boolean that enables the application to benefit from Integrated Windows Authentication and SSO as these are cross platform capabilities. Thus, set this property to ‘true’ in ‘package.appxmanifest’ by enabling the capabilities, viz., Enterprise Authentication, Private Networks(Client & Server) and Shared User certificate.
Also, as IWA is not enabled by default as applications requesting the above type of authentication require a higher level of verification to be accepted for social identities using MSAL .NET.
Kindly check the ‘RedirectURI’ of your new Azure AD B2C experience as it may get overridden by that in ‘UserDetailsClient\App.cs’. Hence, replace the ‘RedirectURI’ in your Azure AD B2C application by the one that is overridden in ‘UserDetailsClient\App.cs’ along with the msal://auth. Maybe, this should resolve your issue. For more details, kindly refer to the below Github link below: -
https://github.com/Azure-Samples/active-directory-b2c-xamarin-native/issues/28
To anyone running into a similar problem, I discovered two very interesting reasons for this problem:
In the legacy, you could share applications between your web API and your client. In the new workflow, you need one 'application' for your Web API, and a distinct 'application' for your clients.
This code seemed important to getting the new flow to work:
this.PublicClientApplication = PublicClientApplicationBuilder
.Create(this.ClientId)
.WithIosKeychainSecurityGroup(this.KeychainGroup)
.WithRedirectUri(this.RedirectUri)
.WithB2CAuthority($"https://{this.AuthorityHostName}/tfp/{this.Tenant}/{this.AuthorityPolicy}")
.Build();
The 'WithRedirectUri' got me past the original error posted above.
So I recently started exploring Azure Identity Platform for this user authorization use case I'm trying to implement. After a bit of research I came across using Graph API and creating ROPC flows to handle SingUp and Login via REST API from my application. My requirement is also to allow users to use login credentials from another app (I'm not sure yet if it implements a SAML based Identity Provider method) to use services in my application. This is a typical SSO requirement, but I'm not sure if it is possible to implement alongside username-password based authentication using Azure AD B2C.
I would appreciate any leads. Thank you.
Edit: To be more precise, I am working with Java-Spring. The demo application mentioned in Azure AD documentation (Woodgrove groceries) is exactly what I'm trying to achieve. A quick google search for the same provides me with github repos with sample code that uses .Net I believe. Are there any Java sample codes that demonstrate the same?
ROPC does not support SSO if that's what you want to achieve.
Can anyone suggest the Azure AD sign-in/ Sign-Out code flow for the Asp.net core Web API.
I am developing the Web API project(same as https://app.hubspot.com/crm-settings-email/6849578/email/connectedEmails) for Office 365 integration and have implemented all the required MS GRAPH API but stuck with the Sign-In/Sign-out process for the Personal Microsoft account holder. tried the sample code for OpenId-Connect V2 code flow but not able to return any Access Token or Code in return.
Can anyone suggest the correct code-flow for Web-API project and the how to register or sign-in/out the any Microsoft User into my Azure APP?
I believe Authorization code flow is good for your requirement as you have mentioned .net core Web-API project. Please go through Ms document for different implementations of other authentication flows (which can be implemented MSAL library) which helps you to choose your own code flow based on your scenario.
Please go through sample given by Microsoft which helps you in handling AAD login with personal accounts. Also, Please make sure you have selected Accounts in any organizational directory and personal Microsoft accounts option while creating an app in app registration.
Please help me.
To login into Azure active directory how to use MSAL.Net library in my login page of my website.I am seeing very big samples online but I didnt find small peace of code which makes me to understand MSAL.
MSAL Library is just an implementation for enabling developers to acquire tokens from the Microsoft identity platform endpoint.
If you want to use MSAL to acquire a token, you need to:
Register an application in Azure AD.
Add target API, and grant consent to select permissions.
Generate a secret key.
Then you can get a token as Acquire a token and call Microsoft Graph API.
However, I think what you really want is to integrate AAD. You can easily enable AAD authentication for your .NET web application. It uses OWIN middleware.
If you are using a aspnet or aspnetcore, you can get the necessary code needed to sign in your web application with your Azure AD tenant just by following steps.
Create the sample from the command line
Note that MSAL.NET is a token acquisition library (for services like MS Graph and such) that can optionally sign-in users as well. the sign-in code is present in the aspnet and aspnet core SDKs
I am building a Xamarin app that will need to have users authenticated and each user will have a role. Would Azure AD OAuth 2.0 be a good solution for this scenario? Each person that downloads my app would register which would create an Azure AD user? At first I thought Azure AD was strictly for managing users within an organizations and not a way to authorize thousands of users of an app. Would I be able to seamlessly integrate Azure OAuth into my app without having to leave my app (like I would need to do with Google or Facebook OAuth)? Thanks for any clarification that would help me better understand!!
The Xamarin experience can leverage ADAL / MSAL PCL libraries for authentication (in Alpha right now) - available on nuget. You need to look at the new Azure AD Business to Consumer (B2C) offering (in preview right now).
Note that the OAuth experience this provides leverages WebViews inside of your app to perform user authentication so it doesn't differ from what you wish to avoid.
While you could theoretically change that behaviour by custom coding a solution it's probably worth considering the benefits of handing off authentication and only having to deal with the resulting tokens.