Client Credentials flow with AAD B2C
I have a SPA React app with a NetCore API backend. This api is also used by another application.
I want to authenticate and authorize the SPA users using AAD B2C and the second app using the client credential flow. I understand that client credential flow is not supported by B2C. And I read that to achieve that I'd need to register the api again in Active Directory (non-B2C) as well as the client app and configure that using normal AD.
That will leave me with SPA and API registered as apps in B2C and API and client app in normal non-B2C.
IF.... all that is correct, how do I make the API validate both different types of clients? Authorizing users from B2C and client app through client credentials flow against AD non-B2C
For authorizing users from B2C, you just need to refer to this document: Tutorial: Grant access to an ASP.NET web API using Azure Active Directory B2C.
Your main concerns is for client credentials flow against AD non-B2C.
I have a test and the steps are the same as in the normal AD:
I registered a web API application in Azure AD B2C. Add an appRole in its manifest.xml.
"appRoles": [
{
"allowedMemberTypes": [
"Application"
],
"description": "Writers Have the ability to create tasks.",
"displayName": "Writer",
"id": "d1c2ade8-98f8-45fd-aa4a-6d06b947c66f",
"isEnabled": true,
"lang": null,
"origin": "Application",
"value": "Writer"
}
]
Then I registered a web App application in normal AD. Add the API permission to it.
Use client credentials flow to acquire the access token.
- Blazor web app couldn't find js function in external js file
- Multiple EditForm in Blazor Page
- How to pass js function argument to inline c# in cshtml?
- Blazor: Implementing 404 not found page
- How to tell when a self-hosted ASP.NET Core application is ready to receive requests?
- What kind of commands/queries can be created with MediatR?
- C# HttpRequestMessage - Host ignores the Content-Type Header I send it and complains that I am sending the wrong Content Type
- User.Identity.IsAuthenticated is false in a non-auth methods after successful login in asp.net core
- InvalidOperationException: Cannot find compilation library location for package 'System.Security.Cryptography.Pkcs'
- How to validate uploaded files in ASP.Net MVC
- .Net Core [Authorize] - Or instead of And for permission test
- NSwag produces incorrect output for IFromFile in Minimal API when file parameter is wrapped in model class
- Get individual error messages from modelstate
- Property Injection in ASP.NET Core
- ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException
- Confirm form resubmission - ASP.NET 5 MVC
- Serialise HTML Form with time/text input type and validation of time fields
- How to show loading progress while wasm part being loaded (.NET 8, no pre-render)
- How to merge multiple arrays from ASP.Net Core configuration files?
- ASP.NET Core EF Identity Roles while using JWT Bearer Scheme
- Pass the selected value of a dropdown in to a URL.Action so that a modal form is displayed on a button click
- Why I am getting Cascade delete cycle error when updating the database
- To have different session timeout for different users
- How to setup a beta versioning in Swagger endpoint?
- Is there a way to have dynamic regex strings in a RegularExpression attribute?
- Is there a way to have the Identity Library cookies be tied to the root domain?
- How to access Microsoft.AspNetCore.Routing namespace
- What is the difference between regular and Async methods (OnGet vs OnGetAsync)
- Changing property in Razor @ref component does not update its usage in HTML element
- Visual Studio Project doesn't load after changing folder name