Search code examples
xamarin.androidxamarin.iosazure-active-directory

Can Azure B2C Application Registration for ASP.Net MVC also be used with Xamarin IOS and Android Apps

I have a website which is currently live and uses Azure B2C to manage user authentication. The site has been so successful that I have decided to build App (IOS and Android) versions of the site using Xamarin.

My 2 questions are:

  1. Can I use my existing Application Registration in B2C to authenticate both my MVC and Native Apps. If so is this done via the Allow Public Client Flows Radio button under the Advance Settings Section of the Authentication tab in Azure B2C? Will turning this from No to Yes impact the running of my registration for the website (as the system is live with thousand of users I am very wary of making updates to B2C Settings.

  2. What is the best way for testing changes to Azure B2C? Is there an easy way to create dev environments that can then be flipped to live, switching out the live version with the dev environment?

Any help will be gratefully received.

J

Solution
    1. Can I use my existing Application Registration in B2C to authenticate both my MVC and Native Apps. If so is this done via the Allow Public Client Flows Radio button under the Advance Settings Section of the Authentication tab in Azure B2C? Will turning this from No to Yes impact the running of my registration for the website (as the system is live with thousand of users I am very wary of making updates to B2C Settings.

    It's not recommended to use the same app registration in this case.

    Please see the differences between public client and confidential client applications.

    Confidential client applications are safe to keep application secrets while public clients not. If you use the same app registration, there is a conflict in keeping application secrets. And using the same app registration for multiple applications will make permission control more difficult.

    So in this case, it's recommended to create a new app registration with Public client/native platform.

    enter image description here

    Turning Allow Public Client Flows from No to Yes doesn't mean to change it to native app type.

    You could set "allowPublicClient": true, in the manifest file.

    enter image description here

    1. What is the best way for testing changes to Azure B2C? Is there an easy way to create dev environments that can then be flipped to live, switching out the live version with the dev environment?

    Creating a new app registration will not affect the use of your web application.