The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Active Directory!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
Azure B2C Authentication for Asp.net core Web and API RRS feed

  • Question

  • Hi, 

    I have created a asp.net core web and API projects and registered with my B2C Active directory and I am able to do the authentication in the asp.net core web and getting the token based on my B2C user flow configuration. Now, I want to access the asp.net core API (which is secured through B2C active directory). 

    Please let me know how do I create the access token to access the API ? I want to get the user information also in the API. 

    Thanks,

    Selva

       


    Selvakumar Rathinam

    Sunday, May 5, 2019 7:32 AM

Answers

  • Dear Mohit, 

    Thanks for your response. here I am not trying to do the service to service access token request. what I want is to inject the user information somehow in the token so that I can get the user email (atleast) in the API.

    Please let me if this is possible. I am not trying to achieve the chain of calls here but only from Web to API. 

    Can you help me to understand how the user claims are passed to the API? my purpose is to do the authorization in the API to secure the resources based on the UI authenticated user (email) information. 

    Thanks,

    Selva

     

    Selvakumar Rathinam


    Tuesday, May 7, 2019 8:40 AM

All replies

  • Hi Selvakumar Rathinam,

    Azure Active Directory (Azure AD) B2C is an identity management service that enables you to customize and control how customers sign up, sign in, and manage their profiles when using your applications. As per your requirement, you are able to get the token from AD B2C and you want to use that token to authenticate web api, it's also called on-behalf-of flow. As per the document, the on-behalf-of flow is not currently implemented in the Azure AD B2C. 

    But you can achieve your functionality with Azure AD also. Please check the below documentation for on-behalf-of flow.

    https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow

    I hope this helps.

    Thank you.



    Tuesday, May 7, 2019 7:04 AM
  • Dear Mohit, 

    Thanks for your response. here I am not trying to do the service to service access token request. what I want is to inject the user information somehow in the token so that I can get the user email (atleast) in the API.

    Please let me if this is possible. I am not trying to achieve the chain of calls here but only from Web to API. 

    Can you help me to understand how the user claims are passed to the API? my purpose is to do the authorization in the API to secure the resources based on the UI authenticated user (email) information. 

    Thanks,

    Selva

     

    Selvakumar Rathinam


    Tuesday, May 7, 2019 8:40 AM
  • Please let us know if the above answers were helpful and remember to mark as answer.

    If none of the answers helped you, let us know, and we'll try to provide assistance. Thanks!

    Thursday, June 6, 2019 12:34 AM