Open Closed

Update on External Identity Provider config for AAD B2C OpenID #6525


0
richardghubert created

Hi, could you provide me with an update to this:

https://forum.aspnetboilerplate.com/viewtopic.php?f=3&t=5140%20--%20https://stackoverflow.com/questions/48243612/asp-net-boilerplate-identityserver

I want to delegate the user sign-in flow to AAD B2C, i.e. to delegate identity management to Azure AD B2C by some AspNetZero-compatible means. Heres the appropriate tutorial from AAD B2C for this: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-oidc

We are using the newest AppNetZero ASP.NET-Core-MVC which is considerably different than the abp forum post above. In the doc, all I see is this:

https://docs.aspnetzero.com/documents/zero/latest/Development-Guide-Core#openid-connect-login

which I have done, as also described here:

https://tahirnaushad.com/2018/05/19/azure-ad-b2c-with-asp-net-core-2-0/

What is not yet clear to me:

  1. Do I have to add any redirect code myself to the AccountController.cs?
  2. After enabling OpenId in appsettings.json, what changes do I need to make to the IdentityServer config in that (or other) files.
  3. The Token Reply Url required in the Azure AAD B2C config should be what? I currently have https://localhost:62114/signin-oidc

Since I'm looking to delegate identity management to Azure AD B2C OpenId, the External Authetication Source described here (https://aspnetboilerplate.com/Pages/Documents/Zero/User-Management) does not appear to be the proper fit. I need to go via the OpenId-connect and, perhaps, in federation with the internal IdentityServer4?...

Thanks!


4 Answer(s)
  • 0
    ismcagdas created

    Hi @richardghubert

    Only thing you have to do is, filling the correct values for OpenId configuration in appsettings.json. We are using Microsoft's OpenIdConnect package and it handles return urls etc...

    ClientSecret parameter is not mandatory, you can leave it empty.

    "OpenId": {
      "IsEnabled": "false",
      "Authority": "",
      "ClientId": "",
      "ClientSecret": ""
    }
    
  • 0
    richardghubert created

    Thanks, ok. Will take a look again with only this single change and see why it wasn't working.

  • 0
    richardghubert created

    Getting back to this. The reply above and the default configuration in aspnetzero -- looks like -- is for Azure AD. I'm wanting to use Azure AD B2C which is somewhat different from AAD. Any tips/pointers appreciated.

    https://azure.microsoft.com/en-us/resources/samples/active-directory-b2c-dotnetcore-webapp/

    https://docs.microsoft.com/en-us/azure/active-directory-b2c/b2clogin

    I just want to use OpenIdConnect to Authenticate for starters.

  • 0
    ismcagdas created

    @richardghubert

    Have you tried setting authority to your Azure AD B2C url ? I haven't treid it with Azure AD B2C but according to this doc https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-oidc they work similar to each other.