The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Active Directory!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
Azure B2C - WebSite and API Security, RRS feed

  • Question

  • Hi All, 

    I have Azure B2C configured for a Web Site with two Web API's. After user logged in I am getting the logged in user information with the help of System.Security.Claims namespace. 

    As mentioned, API endpoints also secured using below code 

     options.Events = new JwtBearerEvents
                    {
                        OnTokenValidated = context =>
                        {
                            if (context.SecurityToken is JwtSecurityToken token)
                            {
                                if (context.Principal.Identity is ClaimsIdentity identity)
                                {
                                    identity.AddClaim(new Claim("access_token", token.RawData));
                                }
                            }

                            return Task.FromResult(0);
                        },
                        OnAuthenticationFailed = AuthenticationFailed
                    }; 

    Questions :

    1. which token I suppose to pass to access this API endpoints ?

    2. How do I get those tokens ?

    3. How do I refresh the token ?

    4. In that access token can I able to get the website's logged in email address?


    Selvakumar Rathinam

    Thursday, June 20, 2019 9:49 AM

Answers

  • I'm following up on this, please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions.

    Thanks!

    Friday, June 21, 2019 5:43 PM

All replies