Does Azure AD B2C only works with .NET core?
I need a sample web app in MVC with .NET 4.5 for Azure AD B2C, without using .Net core and OWIN.
Does Azure AD B2C only works with .NET core?
No. Azure Active Directory B2C is a highly available, global, identity management service for consumer-facing applications that scales to hundreds of millions of identities. It can be easily integrated across mobile and web platforms.
It supports industry standard protocols such as OpenID Connect makes identity management possible on a variety of platforms, such as .NET and Node.js.
Here is a code sample using the .Net OWIN OpenId connect component and you can follow the helpful article about it here. If you doesn’t want to use the OWIN component, you need to complete the OpenId connect protocol in the apps yourself.
Related
When I go through Azure AD B2C documentation, I notice there is no code example or mention of Java Web apps and APIs as part of examples. We have good examples for nodejs and dotnet apps, but Java web app example is missing:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/integrate-with-app-code-samples#web-apps-and-apis
Does this mean that Java web applications must implement B2C authentication at the protocol REST call level?
There are some Java samples here:
Java web application using the MSAL4J to sign in users with Azure AD
A Java web application using Spring Security to sign in users with Azure AD
A Java web application using the MSAL4J to sign in users Azure AD B2C
They use the MSAL4J library.
I am a bit new to Azure AD and some of its features. I have a vendor application that wants to setup authentication & single sign on using our Azure Active Directory. The documentation they provided me with just walks through adding Azure AD SAML Toolkit as the enterprise application and configuring it accordingly. However, I noticed immediately that the description for that enterprise application was "This is the sample SAML app which customers can use to test the SAML single sign-on integration with Azure AD."
My question is, shouldn't a vendor application have setup an enterprise application for me to add to our Azure tenant or is it common and good practice for applications to use the Azure AD SAML Toolkit for production implementations?
So far I have found no reason documented that this is bad practice. We have implemented it for the vendor application and have had no issues up to this point.
I have written a custom authentication service using Windows Identity Framework. Currently, I have registered it as Identity Provider on Windows Azure ACS and have configured a couple of relying parties using this identity provider. With Microsoft closing down the ACS, I need to see if ACS can be replaced by Azure AD or Azure AD B2C? I didn't find any straightforward way of doing this. Can anyone provide me with any documentation or share your thoughts on how best I can handle this migration
Azure ACS can be migrated to Azure AD as well as Azure AD B2C. Refer: Migrate from Azure ACS. Consider both the migration plans and follow the best suitable solution.
I have configured the Azure AD Authentication for my asp.net core project using the services of "Microsoft.AspNetCore.Authentication.*" packages. The project is expected to be deployed to Azure App Service as a Web App.
While I enabled Azure AD authentication, I also see there is an option to enable the same at the Web App level through Application Settings on Azure Portal.
I have question around which option is recommended. I do see when I don't leverage Azure AD authentication configured via nuGet packages, I don't have OpenId connect service plugged into the StartUp.cs file. And I think these services are pivotal in populating the authentication properties like User.Identity.Name. On the other hand with just portal enabled authentication, I don't see this information populated. So, I presume if I want to do further work with logged in user's identity, like leveraging current claims information for authorization, I won't be able to achieve that with portal only authentication.
Your assessment is basically correct. The portal-enabled authentication runs completely outside your application and isn't capable of setting User.Identity.Name when using .NET Core (that level of integration only works with ASP.NET 4.x).
My recommendation is to use the ASP.NET Core NuGet package so you can get the full integration. It's a lot more work to set up, but once you get it working you should be in good shape and get the full end-to-end experience you want.
If you are interested in using the portal-enabled Azure AD authentication support, then take a look at this StackOverflow question to learn how you can get it to work with User.Identity.Name.
We have an API, we planning to publish this API in the Azure marketplace under developer service. For authentication, we are planning to use developer service SSO (Single sign-on) in API. I googled this but can't find any useful link, please suggest some links
Azure AD B2C became generally available recently and it somehow offers what you are looking for. You can use local Azure identity and/or social account for your end users to authenticate with SSO support.
https://azure.microsoft.com/en-us/services/active-directory-b2c/
With that being said and although you can secure your Web API with AAD b2C as in this guide, your customers won't be able to call this WebAPI from their own applications as the calling app must be registered in the same Azure AD directory with the same application Id. This is a limitation that is mentioned here:
Note:
Azure AD B2C currently supports only web APIs that are accessed
by their own well-known clients. For instance, your complete app may
include an iOS app, an Android app, and a back-end web API. This
architecture is fully supported. Allowing a partner client, such as
another iOS app, to access the same web API is not currently
supported. All of the components of your complete app must share a
single application ID.
If the above limitation is OK with you, then you might also be interested in this Azure article to list your app in the Azure AD application gallery.