One of the most common requirements for web applications is for users create accounts for the purpose of access control and personalization. While ASP.NET templates have always made it easy to create an application that uses a database you control to register and track user accounts, that introduces other complications over the long term. As laws around user information get stricter and security becomes more important, maintaining a database of users and passwords comes with an increasing set of maintenance and regulatory challenges.
A few weeks ago I tried out the new Azure Active Directory B2C service, and was really impressed with how easy it was to use. It added user identity and access control to my app, while moving all the responsibility for signing users up, authenticating them, and maintaining the account database to Azure (and it’s free to develop with).
In this post I’ll briefly walk through how to get up and running with Azure B2C in a new ASP.NET Core app. It’s worth noting it works just as well with ASP.NET apps on the .NET Framework with slightly different steps (see walkthrough). I’ll then include some resources that will help you with more complex scenarios including authenticating against a backend Web API.
Step 1: Create the B2C Tenant in Azure
- To get started, you’ll need an Azure account. If you don’t have one yet, create your free account now
- Create an Azure AD B2C Directory
- Create your policies (this is where you indicate what you need to know about the user)
- Create a sign-up or sign-in policy
- Create a profile editing policy
- Create a password reset policy
- Note: After you create each policy, you’ll be taken back to the tab for that policy type which will show you the full name of the policy you just created, which will be in the form “B2C_1_<name_you_entered>”. You’ll need these names below when creating your project.
- Register your application (follow the instructions for a Web App)
- Note: You’ll get the “Reply URL” in the next step when you create the new project.
Step 2: Create the Project in Visual Studio
- File -> New Project -> Visual C# -> ASP.NET Core Web Application
- On the New ASP.NET dialog, click the “Change Authentication” button on the right side of the dialog
- Choose “Individual User Accounts”
- Change the dropdown in the top right to “Connect to an existing user store in the cloud”
- Fill in the required information from the B2C Tenant you created in the Azure portal previously
- Copy the “Reply URI” from the “Change Authentication” dialog and enter it into the application properties for the app you previously created in your B2C tenant in the Azure portal.
- Click OK
Step 3: Try it out
Now run your application (ctrl+F5), and click “Sign in” in the top right:
You’ll be navigated to Azure’s B2C sign-in/sign-up page:
The first time, click the “Sign up now” at the bottom to create your account. Once your account is created, you’ll be redirected back to your app and you’re now signed in. It’s as easy that.
The above walk through provided a quick overview for how to get started with Azure B2C and ASP.NET Core. If you are interested in exploring further or using Azure B2C in a different context, here are a few resources that you may find useful:
- Create an ASP.NET (.NET Framework) app with B2C
- ASP.NET Core GitHub sample: This sample demonstrates how to use a web front end to authenticate, and then obtain a token to authenticate against a backend Web API.
- If you are looking to add support to an existing app, you may find it easiest to create a new project in Visual Studio and copy and paste the relevant code into your existing application. You can of course use code from the GitHub samples mentioned above as well
Hopefully you found this short overview of Azure B2C interesting. Authentication is often much more complex than the simple scenario we covered here, and there is no single “one size fits all”, so it should be pointed out that there are many alternative options, including third-party and open source options. As always, feel free to let me know what you think in the comments section below, or via twitter.