Skip to content

Latest commit

 

History

History
52 lines (32 loc) · 3.04 KB

ImplementAADB2C.md

File metadata and controls

52 lines (32 loc) · 3.04 KB
Raw

Challenge 8 - Implement Azure AD B2C

Prerequisities

  1. Challenge 4 - Run the app on Azure should be done successfully.

Introduction

Right now your application on Azure is wide open for anyone to use. Your application allows you to add, edit and delete competitors. Let's make sure only authenticated users can do this. If you try to perform one of these actions in your application, you'll get some errors; you need to complete the feature!

The application has the code in place to authenticate users against Azure AD B2C, you just need to create an Azure AD B2C application, build the user journeys and policy and then set the right configuration values.

Challenges

  1. Create an Azure AD B2C application in the Azure portal.
  2. Allow users to authenticate with a Microsoft Account.
  3. Make sure it works in your on Azure App Service
  4. DO NOT store credentials in your code or appsettings file.

Success criteria

  1. When a user hits the 'Sign In' link, they are redirected to login with a Microsoft Account.
  2. A user can successfully authenticate with an MSA, get redirected back to your application and see a personalized greeting (see below).

Personalized Authenticated Greeting

  1. A user can successfully add or edit a bot in the Competitor views.
  2. In Azure DevOps (Boards), from the Boards view, you could now drag and drop the user story associated to this Challenge to the Resolved or Closed column, congrats! ;)

Tips

  1. Make sure you are calling the application with https for the authentication redirects to work.
  2. Remember to keep your configuration secrets OUT of your code or config files.
  3. If you can't find your AAD B2C Azure resources after you create them, make sure you switch AAD Tenants in the Azure portal.
  4. Don't forget /signin-oidc in your redirect URL :)

Advanced challenges

Too comfortable? Eager to do more? Try this:

  1. Allow users to authenticate with more than 1 Identity Provider. Try it with Facebook and LinkedIn too.
  2. Rather than relying on users to use their social logins, let them create their own accounts in your tenant.
  3. Get it to work in your dev environment NOTE: this will require getting an SSL Certificate and configuring HTTPS for your docker-machine

Learning resources

  1. Set up AAD B2C with a Microsoft Account - In step 6, you may to format the Redirect URL as: https://login.microsoftonline.com/te/<your-tenant>.onmicrosoft.com/oauth2/authresp
  2. Working with Azure App Service Application Settings
  3. Cloud authentication with Azure Active Directory B2C in ASP.NET Core

Next challenge (Leverage SignalR) >