issharp issharp - 1 month ago 28
ASP.NET (C#) Question

Web Forms Authentication with B2C

I'm trying to add authentication using Azure AD B2C to a web forms app. Unfortunately, every tutorial I've found is for MVC, except for this web forms tutorial. Using that tutorial, I've added this code to my startup.auth.cs:

public partial class Startup {

// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301883
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

app.UseCookieAuthentication(new CookieAuthenticationOptions());

app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = "my-client-id",
Authority = "https://login.microsoftonline.com/my-tenant"
});
}
}


And that is working fine. However, I need to have sign up functionality as well as just sign-in, but I can't figure out how to do it, since everything I've found is for MVC, and I'm not sure how to convert that to what I need. I've tried adding code such as this:

app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(_SignUpPolicyId));
app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(_ProfilePolicyId));
app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(_SignInPolicyId));


And that creates three more buttons on the login page, but clicking on them just gives a 404 error and no extra information, so I don't know how to make that work, either, or even if I'm headed in the right direction. I've never worked with B2C before, so if anyone has any suggestions/has done this sort of thing for web forms, I'd really appreciate some tips or sample code.

Answer

The example you are using is using "Local Accounts" enter image description here

Local Accounts mean a local database, and for each Idenity provider it will add a button.

Try to change the authentication to "No Authentication" (and add all the files yourself) or "Work and School Accounts" (which connects to an AD, so convert that to B2C).

You will see a redirect to the https://login.microsoftonline.com/yourtenant.onmicrosoft.com/....

The next steps are to follow the same steps as with the MVC example, implement the same pieces of code.

Make sure to update the nuget packages to a newer version(1.0 and 4.0 are the default):

<package 
    id="Microsoft.IdentityModel.Protocol.Extensions"
    version="1.0.2.206221351" 
    targetFramework="net46" />
<package 
    id="System.IdentityModel.Tokens.Jwt" 
    version="4.0.2.206221351" 
    targetFramework="net46" />

And the code:

    public void ConfigureAuth(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(signInPolicyId));
    }

 private OpenIdConnectAuthenticationOptions CreateOptionsFromPolicy(string policy)
    {

        return new OpenIdConnectAuthenticationOptions
        {
            MetadataAddress = string.Format(aadInstance, tenant, policy),
            AuthenticationType = policy,

            ClientId = clientId,
            RedirectUri = "https://localhost:44300/",
            PostLogoutRedirectUri = redirectUri,
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
            },

            Scope = "openid",
            ResponseType = "id_token",

            TokenValidationParameters = new TokenValidationParameters
            {
                NameClaimType = "name",
            },
        };
    }

Add a /Account/SignIn.aspx page, and in the code behind place the code from the MVC sample SignIn:

 if (!Request.IsAuthenticated)
        {                
            // To execute a policy, you simply need to trigger an OWIN challenge.
            // You can indicate which policy to use by adding it to the AuthenticationProperties using the
            // PolicyKey provided.
            HttpContext.Current.GetOwinContext().Authentication.Challenge(
                new AuthenticationProperties()
                {
                    RedirectUri = "/",
                },
                appConfiguration.B2CSignInPolicyId);
        }