The following forum(s) are migrating to a new home on Microsoft Q&A (Preview): Azure Active Directory!

Ask new questions on Microsoft Q&A (Preview).
Interact with existing posts until December 13, 2019, after which content will be closed to all new and existing posts.

Learn More

 none
How to hook up existing application to Azure AD B2C? RRS feed

  • Question

  • Dear all, 

    My current task is to "hook up" an existing application to Azure AD B2C. Before they can access the actual application, users should be able to sign up / sign in, change password, etc using Azure B2C. This is somehow a test to check if it would be possible to add AAD B2C (and custom sign up pages) to other existing projects.

    I tried to use the connected services wizard provided in VS 2019 (Enterprise v. 16.3.9) to add AAD B2C. The application itself is an MVC Web application using NET 4.8.

    I followed the instructions provided by the wizard. As ClientID, I used my test application's ID created in Azure under 'Azure AD B2C - Applications'. As for the domain name, I used [domainName].onmicrosoft.com. When prompted, I added the secret set for my test application created in Azure AD B2C - Applications. Upon finishing the wizard I got the following error message

    Azure application reply URL: https://localhost:44347/Adding Azure application user-delegated permission to enable sign-on and read user's profiles.Adding Azure application user-delegated permission to read directory data.Error:Unable to add or update Azure AD application https://[domainName]/[applicationName]: Updates to converged applications are not allowed in this version.Error:Adding Azure AD Authentication to the project failed: Unable to add or update Azure application.


    I came across this post here in the forum describing a similar issue, but given that fact that the post dates back a few years and that there was no definitive answer, I figured that things might have changed and it might give it a shot. It would be grand if somebody could

    • explain the errors and how to resolve them
    • provide a solution how to go about adding an AAD B2C login to existing projects, preferably without dismantling the existing code and/or adding classes. 

    Thanks a mil in advance for your help. Please do get in touch, if you require additional information.


    Tuesday, November 19, 2019 10:48 AM

All replies

  • Hey Bigfoot_c, 

    The issue is because currently : 

    All modifications to a B2C application need to be done through the B2C extension UI in the Azure portal at the moment.

    So you must use the B2C Blade in the Azure Portal to create and modify B2C Apps, including their Reply URLs. The product team is looking to being a MS Graph endpoint to create and modify App Registrations in the future, sometime next year. 

    So you will need to manually add the permission.

    Note how the user journey works below. I suggest reading further into B2C as there are many intricacies to understand for AAD B2C : https://docs.microsoft.com/en-us/azure/active-directory-b2c/technical-overview
    Diagram showing an example of a complex user journey enabled by IEF

    In addition to that are you sure that the connected wizard is for AAD B2C or just AAD? Can you please provide the documentation you followed to perform this task? See this post for info on difference between the types of AADs : https://stackoverflow.com/questions/39271230/azure-ad-vs-azure-ad-b2c-vs-azure-ad-b2b 

    Note: they are all different and typically should be assumed incompatible unless otherwise specified. 

    If you're interested in seeing a sample for B2C being hooked up see here : https://docs.microsoft.com/en-us/samples/azure-samples/active-directory-b2c-dotnetcore-webapp/an-aspnet-core-web-app-with-azure-ad-b2c/

    And all samples for b2c can be found here : https://docs.microsoft.com/en-us/samples/browse/?term=b2c

    If you're interested in this feature I would suggest posting it here : https://feedback.azure.com/forums/169401-azure-active-directory

    And if there's enough community support the product team will put it on the roadmap to implement. 


    Tuesday, November 19, 2019 11:15 PM
    Moderator
  • Dear Frank,

    Thanks a mil for your reply and taking a look at the matter at hand. I would also like to thank you for the links you kindly provided. In terms of using the wizard, I did not follow any particular documentation. Since I had already added Application Insights as a connected service, I remembered that there was an AAD option in the wizard. However, you were right about the fact that this was only AAD and not AAD B2C. Are there any plans of creating a similar wizard for AAD B2C at some stage?

    Thank you also for the link to the sample application. Unfortunately, the sample is .NET Core and it has not been updated to the most recent version. I tried to manually upgrade the application to .NET Core 3 but, since my question is concerned with .NET 4.8 MVC, I wasn't able to spend additional time on this. 

    I was aware of the fact that there is a sample application using AAD B2C in a .NET environment (https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi). The issue with this sample is that there are two solution files with let's say "intertwined" logic for hooking up to AAD B2C. While the sample as such works, I was not able to transfer that particular logic into my current project. That is why I was hoping this could be achieved using the aforementioned wizard. 

    Last, I must admit that I did not quite understand the first part of your answer, in particular

    "All modifications to a B2C application need to be done through the B2C extension UI in the Azure portal at the moment. So you must use the B2C Blade in the Azure Portal to create and modify B2C Apps, including their Reply URLs [...]"

    The Reply URL was added to the application, is that already sufficient for users to sign-up with my application. I would have thought that application somehow needs to be connected to AAD B2C. Below is a snippet from the 'AAD B2C - Applications' > '[MyApplication]' > 'Properties', as you can see, localhost is added. What other steps are required?  

    Could you please elaborate on this section of your answer and maybe provide some additional information?

    Am I right in the assumption that, at least at present, my goal of hooking up an existing application to AAD B2C (either by wizard or by code behind) cannot be achieved? A significant amount has already been invested and this feature is required for additional applications, since my superiors would like to this feature implemented across all existing applications that require some sort of sign-up

    I would be delighted if you could get back to me regarding this matter. Please also do get in touch if you require additional information. 

    Kind regards

    Wednesday, November 20, 2019 9:55 AM
  • Hey Bigfoot_c, 

    I apologize, it should be the api permission that needs to be changed in the portal. I would also try resetting the reply url, by changing it to localhost, and then the right local host with the right port #. 

    In addition to that, I can look further into the connection wizard, however I am not sure that this connection wizard is fully supported. Could you please provide the steps you took to setup the connection wizard? 

    To be clear, you're referring to this connection wizard? 

    https://docs.microsoft.com/en-us/azure/active-directory/develop/vs-active-directory-add-connected-service

    Thanks,

    - Frank Hu

    Please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions. Also please remember to post future questions on the new Q&A Forums here : https://docs.microsoft.com/answers/index.html Thanks


    Thursday, November 21, 2019 2:33 AM
    Moderator
  • Dear Frank, 

    Thanks a mil for getting back to me. Regarding the steps in using the connection wizard, the instructions on that page you provided via the link come pretty close, although it looked a bit different on my part. I'd say we can agree on these steps as being the instructions I did not follow when I was trying to hook up my application. 

    Thank you also for pointing out what changes need to be made in Azure. Are there any particular api permissions that need to be changed in the portal? I did not find any permissions in my view. I assume that I do not have the necessary permissions. Are there any documents that provide detailed instructions which I could pass to my admin? 

    Question is what I am I to do in the meantime, are there any other ways to hook up an existing application to AAD B2C? If not, please let me know, since I could mark that particular task and let my team know that I'd be available for other tasks.

    Looking forward to hearing from you and thanks for your support.

     

    Thursday, November 21, 2019 1:34 PM
  • Hello Bigfoot_c,

    Unfortunately, there is no other sort of "hook up" way to automatically get your application to work with B2C. You'll have to utilize the B2C manual method for the most predictable and controllable way to implement B2C Authentication into your application.

    I apologize for the inconvenience.

    Thanks,

    - Frank Hu

    Thursday, November 21, 2019 7:23 PM
    Moderator
  • Hey Bigfoot_c,

    I'm following up on this issue, unfortunately it looks like as this is a visual studio feature you'll have to engage with the visual studio team via their own escalation path : https://developercommunity.visualstudio.com/content/problem/post.html?space=8

    Please follow the instructions documented in the link above to report the problem and the visual studio team will engage as soon as possible to fix the issue. 

    I apologize again for the inconvenience and understand that this might not be the answer you're looking for, and thank you for letting us know about this issue. The product team for the visual studio authentication hook in feature will look into it and resolve it as quickly as possible. 

    Please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions. Also please remember to post future questions on the new Q&A Forums here : https://docs.microsoft.com/answers/index.html Thanks


    Thursday, November 21, 2019 11:02 PM
    Moderator