Tuesday, 3 December 2019

Web Api hosted on Azure App Service with OIDC security using Azure AD B2C

Problem:  I want to add security to my .NET core ASP.NET Web API C# application using Azure AD B2C.

Terminology:
  • .NET Core - revision of the .NET framework.  Allows your application to run on Linux, Macs and Windows.  You do not need to have the .NET framework installed.   
  • ASP.NET Web API - Follows the MVC pattern using Controllers and Models to provide an HTTP services e.g. Give me the temp in Paris today.
  • Azure App Service  - Host an MCV or Web API on Azure.  Acts as a web server, it is scale-able and fully manged.
  • Azure Active Directory (AAD) B2C - AAD B2B is different to AAD B2C, totally separate services on Azure.  Business 2 Consumer (B2C) provides applications with an identity repository.  B2C provide authentication and identity management as a service to web applications and mobile applications.  Think of it as the same Google authentication but you own the identity provider instead of rely on third-party authentication providers like Google.
  • IdP - Indentity Provider, B2C is one of 2 AAD service for managing users/identities on Azure.
  • MVC - Model, View Controller is a pattern used to aggange software.  In this post I'm refering to project that utilise the MVC templates to create a project for web sites or Web API.



Problem: MVC web application hosted on a Web App, using Azure B2C, B2C holds users and also uses a social Identity Provider (IdP) namely Google.

Figure 1, Create a new project on the Google Developer Console

Figure 2, OAuth Consent Screen setup
Figure 3, Add the Credentials to Google
AAD B2C linkup to Google IdP.

High-Level Approach:
  1. Create your own Azure tenant & B2C service instance on Azure (using the Azure Portal)
  2. Register your ASP.NET Web application on the Azure tenant (using the Azure Portal)
  3. Create User Flows (Policies) on the B2C tenant (This allows you to create the flow to sign-in a user, create a new account, or a user to reset their password,...)
  4. Setup Google to connect to the B2C IdP (see figure 1-3)
  5. Update application created in Step 4 so that is is aware of the Google IdP
  6. Perform Authentication setup - create MCV web application using Visual Studio
Tip: This approach and technology is extremely well documented by Microsoft.


0 comments:

Post a comment