How to Implement an Authentication Functionality in an ASP.Net Core Application using Azure Active Directory B2C Service (Part 1)

Azure Active Directory B2C (Business to Client) is a cloud service that allows for easy access and identity management. Using Azure AD B2C service you can integrate into your ASP.Net application such functionality like sign-in, sign-out, password change, and profile editing. Moreover, you can enable users to sign up for your service using their social account like google, facebook, twitter, LinkedIn and so on. The best part is that Azure AD B2C service is free up to 50K users and 50K authentications per month.

In this tutorial, we are going to implement a basic ASP.Net application with integrated Azure AD B2C service. The tutorial will consist of three parts:

  • Part 1: Create and configure an Azure Active Directory B2C resource
  • Part 2: Create and configure an ASP.Net Core application
  • Part 3: Create and configure an external Identity Provide (e.g. Google)

For this tutorial you will need the following:

  • A free Azure subscription (a pay-as-you-go subscription will also do, since Azure AD B2C is free up to the mentioned limits)
  • Visual Studio 2017 (download here)
  • ASP.Net and Web development Workload, which you can install using Visual Studio Installer

First, we are going to create a new Active Directory B2C Resource:

  • Go to Azure portal and log in using your credentials
  • In the Azure portal click on Create a resource button
  • In the search field enter Azure Active Directory B2C und press enter
  • In the new window Azure Active Directory B2C click Create
  • In the window Create new B2C Tenant or Link to existing Tenant select Create a new Azure AD B2C Tenant
  • Next, enter your organization name, initial domain name, and your country. Confirm by clicking on Create.

It will take a couple of minutes to create the tenant.

Next, we are going to register an application. This is needed to secure the directory by allowing only registered applications to make requests and ensure user redirection to a trusted place after the sign in process.

To register the application click on All resources and select the tenant you have just created.

Next, click on Applications and subsequently on Add

Enter the your application name, set Web App / Web API to Yes, and enter a reply URL (for now, you can enter just any URL, we will need to change it later). Finally, click Create.

Your application is now registered and has an Application ID.

Next, we are going to create user flows, also known as user policies, which, for instance, define the procedures for signing up and signing into the application. For the application, we will need at least the policies for sign in and sign up, as well as for password reset.

For that, click on User flows (policies) and subsequently on New user flow.

In the Recommended Tab select Sign up and sign in

Fill in the name of the policy, select identity providers (per default, there is only one namely Email signup), leave the multifactor authentication disabled. Finally, select user attributes your application should gather during the sign up process. Click on Create.

Repeat the same steps to create the reset password policy.

That is all! We have just created the Azure Active Directory B2C resource, registered our application, and implemented user policies for sign in, sign up, and password reset.

In the next tutorials, we are going to create and configure an ASP.Net Core application and configure it to use the Active Directory B2C resource. Additionally, we will add an external Identity Provider (e.g., Google) to allow users to sign in and sign up using their social network accounts.

%d bloggers like this: