Application User Roles with Azure B2C

Рет қаралды 7,691

Күн бұрын

Пікірлер: 16

@danieloskar 2 жыл бұрын

I am very dissapointed that we need work arrounds like this in the first place for Azure AD B2C. This should be functionality that is provided out of the box. Thanks for you video anyway!

@thepragmaticprogrammer 2 жыл бұрын

Thanks for the feedback. I agree its more work, but it does give a clean separation of concerns between authentication and authorisation. Something out of the box as well would be nice though.

@Marcel-dt5du Жыл бұрын

I agree whole heartedly.. I mean the functionality is there in AAD, why is it different with AAD B2C?

@galsoftware 11 ай бұрын

Usually you would have a very custom logic regarding what claims do you want to include. Imagine that you want to simulate a multi tenant environment. How would you do that without such custom code?

@ogunacg3387 Ай бұрын

As far as I know, there is a possibility to include a user who has been authenticated by entra id by adding the entra id provider to Azure B2c, but I am not sure the roles that entra id gave to the user comes with that user. So, do you know it is feasible?

@عروضوهميزات-ل5غ Жыл бұрын

Hello, thank you for this awesome tutorial,Why not use azure b2c groups to do that ? is it possible ?

@ben.y.g 10 ай бұрын

Instead of setting up a reverse proxy, you can use something like ngrok to expose a local endpoint.

@midowazzan 7 ай бұрын

One of the best videos on custom claims. However, this does not work when the user is self-registering. This is because the first time the user registers, their data is not yet in the DB and so the Azure Function won't return any roles yet. To overcome the problem the user will have to log out and back in to refresh the claims which is not ideal. I could not find any solutions for this problem.

@thepragmaticprogrammer 7 ай бұрын

I'm not 100% understanding you scenario. First problem - What permissions will you give a new user? You can only give them some defaults unless in your signup you allow them to tell you what role/permissions they want. if you look here learn.microsoft.com/en-us/azure/active-directory-b2c/add-api-connector?pivots=b2c-user-flow You can see there are different types of API connector that get called at different points in the sign-up/in flow. So for signup could you use the 'before creating the user' connector to create the user. For signup and / or signin the 'before sending the token' will be called. So could you not use this connector to create the user with the default permissions if they dont exist in your db?

@midowazzan 7 ай бұрын

@@thepragmaticprogrammer Thanks for your reply, really appreciate it. I had a feeling I was not being clear. Here is my issue in details: 1. User visits the app and opens the login page (they're not the in the DB yet and so they have roles). 2. User is redirected to B2C page to log in/sign up. 3. User completes sign up in B2C. 4. Behind the scene: B2C calls Azure Function to grab the roles (they don't exist yet) 5. Behind the scene: B2C generates a token, it does not have any roles. 6. User is redirected back to my app (with the token) to fill out their profile information. 7. User is redirected to the Dashboard page. This page requires a role that is not present in the token. 8. User sees a NotAllowed page. The only way around this is to log the user out and ask them to log back in. When they do this the Azure Function will be able to load the roles. I'm going to see if I can resolve this by using your suggestions. Thanks

@midowazzan 7 ай бұрын

Found out that the suggestions above won't fix my issue. :(