Thursday, March 19, 2020

Implementing Azure Ad B2C with MSAL.js in SPA with aspnetcore api

In the previous article Implicit Flow in SPA with Azure Ad I tried to learn how to use the Azure Ad Implicit flow to login to Single Page Application.

Azure AD B2C documentation on Microsoft is very elaborate and will take you through the steps from Creating a tenant in Azure to running an application.

Currently, you cannot create an Azure B2C tenant in Australia

If you have gone through the previous article, I had use MSAL.js in the client app to implement the login flow.

If you want to follow the steps you can refer the code hosted on Github AzureAd Samples under the SPA_B2C folder.

I have tried to implement only signup and sign-in flow.

If you follow the steps in the documentation you will have an Azure Ad B2c tenant and user flow to sign in and sign up a user.

you would need to create a .env.developement file next to the .env file in the root folder and update the following variables

REACT_APP_CLIENT_ID=
 REACT_APP_TENANT_ID= 
REACT_APP_TENANT_NAME= 
REACT_APP_SUSI_FLOW_ID= 

If you do not know about React environment variables have a read at Adding custom environment variables


Also, I am loading the SPA from the aspnet core web app. So in my case, the redirect URL in the app registration is https://localhost:44321, which can be found in the launchSettings.json

If you run the aspnet core web app and navigate to https://localhost:44321 on your favorite browser. you will see an empty page with a Sign-in button.


There are 2 flows that can be used


- Popup flow where a separate popup window will open to login
- Redirect flow

If you just check out the repo you will see the redirect flow and if you wanna see the popup action you need to be on the corresponding commit

There are some known issues with IE.

If everything is configured properly you should see your custom ui page after clicking the login button

You can hit sign up to register a new user.

Note: The order of the fields on the signup page will be what is set in the Page layouts in the Azure Ad B2C. If, you want to chage the order you can do in Azure



Also, you can set which fields are optional or not.

You will need a real email for verification. This is the first step in the registration process.

After you get the email with verification code you can finish the registration process.

If the user is created successfully and logged in you will see the next page in the app.


logout button does not work at the time when I am writing this article but it may be in when you are reading :)

Next article I will be doing how to access the API and get the weather summaries.

Cheers

Happy coding.







Thursday, March 12, 2020

Authentication and Authorization with Azure Ad using Implicit Flow and Security Groups

Authentication

The process of identifying is a process of identifying the identity of a person or process or device. This process identifies the end user and get the basic details about the user. This process only see if the user is who it is but has nothing to do with giving it access to the resources.

Authorization

Authorization is something that decide what part of the system or resources an end user can access based on their identity.

So, I want to know how these things are actually implemented in the real world.

Fow now, I am aware of Microsoft Identity Platform, Auth0 and Identity server.

I have started looking into MS Identity platform and how to implement these different Authentication flows in real world.

I am talking about real world implementations, so it is better to point you to the some code that I have started to write to get these implementations done.

As the title of the article says, I have use the Implicit flow to authenticate the user. AzureAdSamples is my GitHub repo that will eventually evolve to have most of these Authentication flows.

There not much to explain here if you follow the document in the github and try to run the app with the changes suggested in the Git document, you should be able to run this app and see the content.

Let me know if you face any issues.

Happy coding..