Azure Active Directory B2C (AAD B2C) for beginners
Ғылым және технология
I already created 2 blogs on this issue under codingfreaks.de/aad-b2c-01
and codingfreaks.de/aad-b2c-02. This is now the screencast showing creation and basic setup of AAD B2C and usage inside a ASP.NET Core web app. In the end I mentioned a more sophisticated sample on GitHub. Here is the missing link: github.com/Azure-Samples/acti.... Have fun!
Пікірлер: 133
Thank you, Alexander, for the excellent explanation. Applause for German quality once again!
Better than Microsoft’s videos on b2c!
@real-codingfreaks
5 жыл бұрын
06silverfire thank you!!!
@saadmalaeb8372
3 жыл бұрын
Exactly! Microsoft trainers feel like robots. It's like listening to the documentation.
This is a great context on AAD B2C, I am searching for similar content for a week and glad was able to find this. Thank you Alex!
Thanks for sharing Alex, this is basically everything one needs to know about B2C!
Great job! Alex! Thank you so much for the great video! Very easy to understand. This will make my learning much easier!
Great tutorial. Much clearer than any of the Microsoft videos and documentation on the same subject. Looking forward to viewing more in the series.
Really helpfull for beginners..I checked many resources on internet but this one seems best for me to start with..Thank you so much for your efforts Alexander.
Amazing, I succesfully configured Azure and App. Thank you very much!
What a fantastic video! Thank you so much for your effort on this.
Excelente tutorial. You are right, most tutorial are skipping stuff. This one was very useful, thanks!
Alex,really apperciate your explanations and the way of presenting. Thanks for sharing this :)
Very informative and exactly what I was looking for. Thanks Alex
Great Job Alex. I wanted to do a demo for a few of my friends and this kinda gave a good beginner's guide. It made a my job simpler.
@real-codingfreaks
5 жыл бұрын
Noah James glad to hear it helped :)
Great start for me into Azure Identity world :) Thank you!
Thanks Alex - this was great. Very helpful.
Very simple explanation . Nice video .Thanks
Wonderful tutorial on B2C Authentication
A very good tutorial. Thanks!
saved my whole day from reading documentation..thanks Alex, good one
Thanks Alex. Very useful for beginners like me.
Nice work Alex, this might come in handy soon!
@real-codingfreaks
5 жыл бұрын
Thanks! I hope so :-)
very clear and informative, thank you.
Thank you Alex. You saved my time!!!!
Best tutorial ever!!
Very good video. Thank you Alex.
Danke dir Alexander, Es war sehr einfach erklärt!
Thanks for the effort. Very good guide.
Awesome explanation.Thank you.
Superb ! Big Help, Thanks Alex
Absolutely loved it.
Excellent explanation. Thanks
Very nicely explained
Excellent overview thanks
Awesome tutoral, thanks a lot
Just Amazing. I like it.
Hey Alex, I just wanted to let you know that A. I enjoyed your tutorial, it was great! and B. [Edited to remove some info]
@real-codingfreaks
2 жыл бұрын
Thx! Yea I know. This did not work in my old post production tool. Anyway its not that an sec issue. But thx.
As several commenters have posted, this video is much more informative than much of what MS has put out. Great video which clarifies some of the ambiguity. AD B2C should be as simple as Firebase, but it is not. Thanks for this video.
Great video!
Great video, Thanks
Grt Tutorial , Thanks
Good job!
Great tutorial Alex
@real-codingfreaks
4 жыл бұрын
Kishore B thx
very good,thank you.
Thanks Alexander
Awesome Thanks!!
Brilliant, just right - thanks :)
@real-codingfreaks
4 жыл бұрын
Andrew Ketley thank you sir!
vielen dank Alex
Thanks. I've been looking for a comprehensive "story" about how to conceptualize this for a while. The MS Documentation pages and jargon don't seem to convey whats going on to me as I think more mechanically and conceptually vs jargon.
helpful video
Thanks a lot
Nice job! vielen dank!
@real-codingfreaks
5 жыл бұрын
Thanks! Especially for the German greet :-)
I like this approach of “real use” instead of general docs that refer to other docs infinitelly, much better way to share knowledge in my opinion, more kb per hour to brain 😂 one question i have is: how to do the steps at 26:41 in visual studio 2019?
Thank you for this amazing video Alex. Great start for a beginner like me. I have a question associated with the same, in the existing code only the display name is being read , Is there any way I can read values like email, job title, etc.?
@real-codingfreaks
4 жыл бұрын
Any information that is not part of the claims in the token (ClaimsIdentity) can be taken from Azure Graph for instance. There are ways to customize the claims information provided by AzureAD too.
Thanks..
Thanks for the tutorial. Do you have an updated version? There is very little in the current versions of libraries, IDE, Azure Portal that resembles the screens you show. Especially hooking up authentication in a .NET Core Web App is completely different.
@real-codingfreaks
Жыл бұрын
I will do an updated cast soon. Expect this in the next 2 weeks.
Very good! Many thanks! Alex, do you have a sequal which shows how to communicate with an API from the Web App? I am trying to add a Web API application which receives access_token with read write scopes for the given user. Thanks.
@real-codingfreaks
4 жыл бұрын
Hi Andrei! I will bring up one. I think I need like 2-3 weeks because currently I'm moving my place.
Thanks for the video, I am looking bring the Azure AD to my app (react+ springBoot) , but not sure what will be best suited for me (Azure Ad B2C, Azure ad B2B etc), as my app has the functionality to register new user (name, email address(any domain email address) and password) and login. advise or pointer on this please?
Really good job in explaining in such a great detail. as @06silverfire said "better than microsoft videos"
@real-codingfreaks
3 жыл бұрын
Thank you!
Hi Alex, do you do one on one training? I love this video, is simple but kind of complex because i dont know much about visual studio.
@real-codingfreaks
4 жыл бұрын
Yes. I'm an Azure Consultant by profession. Sorry that I'm pretty focussed on VS but you could switch the dev-Environment to lets say VS Code without any problem.
Hello, We need to check this Implicit grant permission for Azure Ad B2C Login ?
@Alexander Schmidt which version of visual studio you are using
@real-codingfreaks
2 жыл бұрын
2022 Enterprise
This is an excellent tutorial - Thanks !!! How difficult is it to extract user information that is gathered in Azure? For example, I would like to use the user information other application and need to store user information in SQL Server.
@RenegadeVile
2 жыл бұрын
You should be able to mark what user attributes you want to get as a claim in your token. Then you can take them from the token (that's why the application knows what the user's given name, last name, etc. is.
@RenegadeVile
2 жыл бұрын
You should be able to mark what user attributes you want to get as a claim in your token. Then you can take them from the token (that's why the application knows what the user's given name, last name, etc. is.
It's really good. Got a few questions: 1) How can you use the users in new tenant inside the default tenant directory? Also, what if the app is also registered inside default tenant directory? 2) With your VS code, can you get JWT out of the box or would we need to add extension methods for Azure authentication first? Thanks
@real-codingfreaks
4 жыл бұрын
Hi Veronica! I'm not sure if I get everything right here. 1) The users registered in the AAD B2C have nothing to do with the AAD. This is why you choose B2C in the first place. You don't want to mess up your AAD tenant with external users. You should not register your App in the AAD tenant. 2) You can retrieve the token itself easily when you implement your own OpenId-Middleware. If you do this you have to configure AAD B2C login differently but then you get events which allow you to extract the token. I didn't show this because it would break my architecture pattern which basically targets simplicity here.
@veronicamoreo875
4 жыл бұрын
@@real-codingfreaks Thanks for the prompt reply. So basically, every tenant is going to be managed independently. In terms of Roles and Groups, can they be shared across multi tenants so that the application doesn't have to cater to different ones from every tenant?
Can you please give me a hand please I am getting AADB2C90108: The orchestration step '1' does not specify a CpimIssuerTechnicalProfileReferenceId when one was expected Pomogi poshalusta!
Hello, How we can get the access token with response_type id_token ?
Why did you choose that port? I receive an error when I'm trying to start the application from the visual studio and it says "Unable to connect to web server 'IIS Express' ". Do you have any idea how can I solve it?
@real-codingfreaks
4 жыл бұрын
You are free to switch your port. You have to take care that the port configured in your launchSettings matches the one configured in your callback URL.
start doing pluralsight on this topic :). Dou you have movei with e.g react and Rest API (implicit flow)
@real-codingfreaks
4 жыл бұрын
I'll overthink this :-). My main problem is time and I'm afraid that Pluralsight will boost my effert. Currently I already need like 2 hours of production time for every hour of result-video.
This video really helped and we got our Azure Function working with this. Our client that needs to consume our API is calling from a Java service and doesn't want any manual intervention when needing to login. Is there a method to validate credentials and get the access token programmatically like this? It's been hard finding anything online on how to consume our API from Java.
@real-codingfreaks
4 жыл бұрын
Brandon Emerson inhear this request a lot. I‘m not surenif this is supported because B2c relies on the policies and thus needs a matching UI. There are several other restrictions like missing implicit flow with native client. I got a hint to use Spring Boot in Java for this.
@real-codingfreaks
4 жыл бұрын
Not sure if this is still valueable for you but maybe this doc-link gives you some hints: docs.microsoft.com/en-us/azure/active-directory-b2c/signin-appauth-android?tabs=app-reg-ga, It's on Android but should be pretty close to your problem.
Lustig, das man die "geheimen" Daten alle sieht und dann wird erst der Weichzeichner aktiv.
@real-codingfreaks
3 жыл бұрын
Ja ich weiss. :) hab die extension auch nicht mehr aktiv
Can Azure AD B2C also take care of Authorization (not just Authentication)? Thanks for your work btw!
@real-codingfreaks
3 жыл бұрын
Not really. In distinction to AzureAD for instance it is currently not possible to add group-memberships to the claims which is what a lot of people use to distinguish roles. We are using GraphAPI to perform those steps after the authentication.
@get_ready
3 жыл бұрын
@@real-codingfreaks Interesting.. I will have a look at it. Thanks.
Can you show how to configure Google?
Microsoft should pay to you sir for this video haha
what's the best scenario to go with B2C and what's the best scenario to go with ADFS?
@real-codingfreaks
Жыл бұрын
Federation is completely different because you connect orgs directly. B2C leaves this open. Although you could achieve a similar result it is focussed on apps and self-service users. In short: B2C puts apps, devs and users in control where ADFS is more governed
@OvRaf
Жыл бұрын
@@real-codingfreaks thanks for explanation
Is this like AWS Cognito?
@real-codingfreaks
3 жыл бұрын
I don't know Cognito good enough to answer this but I already heard about certain features available on both sides.
I hear the word "Tenant" everywhere but still cannot grasp what exactly it is. Any suggestions where I can find an easy explanation for that? Thanks
@real-codingfreaks
3 жыл бұрын
Tenant here is mostly equivalent to Azure Active Directory.
@nasarazam
3 жыл бұрын
@@real-codingfreaks Thanks !
Hello We need same think done in PHP please provide how we can connect authenticate using PHP
@real-codingfreaks
4 жыл бұрын
Anitaben Parsottambhai Makwana github.com/Azure-Samples/active-directory-b2c-php-webapp-openidconnect
Hi, please I need help with deploying this app to a b2c tenant. Somehow I can not make it work. I was able to do everything you did on my localhost, and it works fine, but when I create an app on the tenant, and I deploy the code, I get a page error with little information : An error occurred while processing your request
@real-codingfreaks
4 жыл бұрын
Deyner Francisco Lezcano sorry but this is to vague to answer. One hint: you don‘t deploy anything to the B2C tenant. You alwasy deploy to your original tenant. Watch the video carefully when I deploy!
@deynerfranciscolezcano5586
4 жыл бұрын
@@real-codingfreaks thanks man for answering my question. So, I can not create a web application within b2c? In fact, I tried doing that, but I get the error I mentioned. I posted some details of my issue on stackoverflow (stackoverflow.com/questions/58741393/how-to-deploy-a-asp-net-core-web-application-to-azure-b2c-tenant) I would really appreciate if you can take a look. So, what I did was to create a web app within the B2C tenant and deployed my code there. The only difference from your video, is that on the b2c application, on reply urls section, instead of using localhost:44390/signin-oidc, I used mywebappname.onmicrosoft.com/signin-oidc; but still does not work =/ . Also it would be great if you can do a video about this , I believe I am not the only one having this problem
I want to customize the UI (HTML & CSS) of sign in and sign up page (default templates, eg. ocean_blue template), need tutorial on same, if you provider any reference related to that, it will helpful
@real-codingfreaks
4 жыл бұрын
Customization is planned for another part. I'm currently too busy to produce it but I will try it in the next 3-4 weeks.
How to add login with multiple organizations? Imagine a SaaS where clients can login automatically via their tenant. What method should I use? Thanks =)
@real-codingfreaks
Жыл бұрын
Hi. This would only require one Open ID provider per wanzent organization. In my videos I showed how to do this with AAD.
10:49 / i can see all thing. fix it
@Andris1991HUN
4 жыл бұрын
still not fixed :(
use 10 minutes mail for demo emails
Hi Alexander - Great video. I have a question. You created a B2C domain name of codingfreaks.onmicrosoft.com. What is the purpose of this domain name? What is is used for?
@real-codingfreaks
4 жыл бұрын
Sorry for the late response. This is just a tenant name I choose. You have to create a new domain/tenant in order to use B2C. ".onmicrosoft.com" is the suffix you always get from Azure. In B2C (other than in default AAD) you could not create a custom domain.
I have been watching this for five minutes now, and I am still waiting to find out what the fuck B2C means
@real-codingfreaks
3 жыл бұрын
B2C is the standard acromyme for business to customer.
Did you get my last comment?
Are you teaching B2C or Coding101? You fly through the B2C illustrations but then you spend such a lot of time in the Visio coding interface???WTF? And who the hell is this "HE" you keep referring to?
@real-codingfreaks
4 жыл бұрын
Hi Janes! I'm trying to do both because B2B is not conceivable without coding and former casts of mine where criticized for jumping over some points. It's hard to satisfy all of the viewers. I don't prep my videos like for instance people do on pluralsight so I can understand the complain of some wrong weightings in terms of time spent. I don't know what you mean with "HE" (can you give me a time frame maybe) but maybe this confusion comes out of the fact that my home-language is German and sometimes I mix it up a little bit.
@DanielMlodecki
4 жыл бұрын
@@real-codingfreaks Janes Beets is referring to the way you say "he" instead of "it" when referencing, for example, the Azure web interface. This is a very common misstep for people coming to english from other languages and does not affect the (excellent) quality of this video. Janes Beets is being a pedantic turd and he should go sit in the corner for a few minutes and think about trying to be polite to people who are helping us all learn something new for free. Also, Janes Beets has mixed up Visio (used for making flowcharts) and Visual Studio (used for making programs like Visio), which of course are two completely different Microsoft products. A lesser person than you or I could find some amusement in someone making such a comically inept mistake in a shitpost calling out someone else's trivial error.
@poloska9471
2 жыл бұрын
Don't worry about the dickheads Alexander, there will always be dissatisfied buttholes out there and they go through life all entitled and end up in ruin because of their attitude eventually. Your tutorial is great and it was very informative for me.
Mi serve numero contatto della ditta . easy.b2c
Great tutorial. Much clearer than any of the Microsoft videos and documentation on the same subject. Looking forward to viewing more in the series.
Great! Thanks!!!