| services | platforms | author | level | client | endpoint |
|---|---|---|---|---|---|
active-directory |
dotnet |
TiagoBrenck |
100 |
ASP.NET Core Web App |
Microsoft identity platform |
This sample shows how to build a .NET Core MVC Web app that uses OpenID Connect to sign in users in Azure AD B2C. It assumes you have some familiarity with Azure AD B2C. If you'd like to learn all that B2C has to offer, start with our documentation at https://aka.ms/aadb2c.
To run this sample, follow the guidance in the Configure authentication in a sample web application using Azure Active Directory B2C article.
ASP.NET core applications create session cookies that represent the identity of the caller. Some Safari users using iOS 12 had issues which are described in ASP.NET Core #4467 and the Web kit bugs database Bug 188165 - iOS 12 Safari breaks ASP.NET Core 2.1 OIDC authentication.
If your web site needs to be accessed from users using iOS 12, you probably want to disable the SameSite protection, but also ensure that state changes are protected with CSRF anti-forgery mechanism. See the how to fix section of Microsoft Security Advisory: iOS12 breaks social, WSFed and OIDC logins #4647
Did the sample not work for you as expected? Did you encounter issues trying this sample? Then please reach out to us using the GitHub Issues page.
This sample does NOT use MSAL as it only signs-in users (it does not call a Web API). It uses the built-in ASP.NET Core middleware. MSAL is used for fetching access for accessing protected APIs (not shown here), as well as ID tokens. For logging-in purposes, it is sufficient to obtain an ID Token, and the middleware is capable of doing this on its own.
The AccountController.cs used in this sample is part of Microsoft.Identity.Web.UI NuGet package, and you can find its implementation here. If you want to customize the Sign-in, Sign-up or Sign-out actions, you are encouraged to create your own controller.
This sample shows how to use the OpenID Connect ASP.NET Core middleware to sign in users from a single Azure AD B2C tenant. The middleware is initialized in the Startup.cs file by passing the default authentication scheme and OpenIdConnectOptions.cs options. The options are read from the appsettings.json file. The middleware takes care of:
- Requesting OpenID Connect sign-in using the policy from the
appsettings.jsonfile. - Processing OpenID Connect sign-in responses by validating the signature and issuer in an incoming JWT, extracting the user's claims, and putting the claims in
ClaimsPrincipal.Current. - Integrating with the session cookie ASP.NET Core middleware to establish a session for the user.
You can trigger the middleware to send an OpenID Connect sign-in request by decorating a class or method with the [Authorize] attribute or by issuing a challenge (see the AccountController.cs file).
Here is the middleware example:
services.AddMicrosoftIdentityWebAppAuthentication(Configuration, "AzureAdB2C");Important things to notice:
- The method
AddMicrosoftIdentityWebAppAuthenticationwill configure the authentication based on theMicrosoftIdentityOptions.csoptions. Feel free to bind more properties onAzureAdB2Csection onappsettings.jsonif you need to set more options. - The URLs you set for
CallbackPathandSignedOutCallbackPathshould be registered on the Reply URLs of your application, in Azure Portal.
Learn how to:
To understand more about Azure AD B2C see:
To understand more about ASP.NET Core and Azure identity integration
To understand more about token validation, see:
To understand more about app registration, see: