Microsoft Azure AD B2C

Key Learning Areas

• Identity Management Concepts
• Creating and configuring an Azure AD B2C tenant
• Azure AD B2C custom policies
• The custom policy starter pack
• Incorporating Multi-Factor Authentication (MFA) into a B2C app
• The Azure AD B2C custom policy samples
• Customizing Azure AD B2C appearance and behavior
• Writing an ASP.NET framework B2C client
• Writing an ASP.NET Core B2C client

Course Outline

Azure AD B2C Service Introduction

A prerequisite to working with Azure AD B2C in a production environment is knowledge of authentication concepts and the techniques for properly creating and configuring a tenant and identity providers. This introductory module presents this prerequisite information, along with a general overview of B2C and how to create policies through the use of user flows.

• Azure AD B2C Service Overview
• Core Authentication Concepts
• Provisioning an Azure AD B2C Tenant
• Application Registration
• Configuring and Selecting Identity Providers
• Introduction to user flows

Introduction to Custom Policies

Microsoft recommends that developers employ the built-in user flows to address most common identity tasks because they are easy to create and maintain. However, for complex, real-world scenarios, custom policies are often required since they are fully customizable to any situation. Custom policies are defined using xml configuration files that specify the identity experience by constructing a user journey through a series of orchestration steps. This module introduces custom policies, with a thorough discussion of the components of a policy file and a demonstration of how to upload and run custom policies through the Identity Experience Framework (IEF) of the B2C tenant.

• Overview/Introduction to Custom Policies and the IEF
• Getting Started with Custom Policies
• Building Blocks – Claims, Transformations, Content Definitions
• Claims Providers – Introducing Technical Profiles, Claims Transformation & Self-Asserted (UI) Technical Profiles
• User Journeys
• Relying Party Specification

HTTP REST and Validation

Many identity management implementations require integration with external services or business logic, such as validating input by verifying a user’s information in a database. The IEF, which underpins Azure AD B2C, supports this integration through RESTful calls from B2C custom policies. This module discusses the techniques for invoking a RESTful service and validating information.

• Making HTTP Requests
• Validation

Authenticating User Credentials

The primary purpose of Azure AD B2C is authenticating users. IEF in B2C requires additional configuration steps in the form of applications that must be registered to support authentication and custom policy UI definitions. This module demonstrates the steps involved in registering the required applications and presents the custom policy infrastructure necessary to display a login page, store user credentials and authenticate users based on those credentials.

• Create & register the IdentityExperienceFramework and ProxyIdentityExperienceFramework apps
• Working with Azure AD Storage and OpenID Connect Endpoints
• Storing claims in Azure AD
• Reading claims from Azure AD
• OpenID Connect and UI technical profiles

Additional Concepts

This module covers the additional custom policy prerequisites that developers must know in order to work with the starter pack and B2C samples covered in the subsequent sections of the course. The heart of the content is the discussion of policy file hierarchies, which allow a custom policy implementation to be split across multiple xml files arranged in a hierarchical structure. The procedure for storing user data at the application level through extension properties is also presented. The module concludes with a discussion of debugging techniques using Application Insights.

• Working with custom attributes
• Policy file hierarchies
• Troubleshooting with application insights

Custom Policy Starter Pack

The starting point for any real-world B2C development project is the Microsoft-provided B2C custom policy starter pack. An introduction to the starter pack is presented, with detailed information about the content of the starter pack files, and how to download, configure, and run the policies contained in the files.

• Introduction to the custom policy starter pack
• Starter pack scenarios
  • Local accounts
  • Social accounts
  • Local and social accounts
  • Local and social accounts with MFA
• Downloading, configuring and running the starter pack files

Multi-Factor Authentication (MFA)

MFA provides an additional layer of authentication protection that has been proven to substantially lower the likelihood that an account will be compromised. An introduction to MFA is presented, followed by detailed coverage of the technical profiles provided in the starter pack for local and social accounts with MFA.

• Introduction to MFA
• MFA features
• One-time passcodes
• MFA starter pack technical profiles

B2C Samples

The B2C team at Microsoft spends considerable time and resources to provide a comprehensive set of samples that cover many of the scenarios that developers need to implement. These samples act as a form of documentation and serve as a best practice model for the scenarios that they encompass. Customizing email verification through the use of a display control is an example of an often requested B2C feature, for which a sample is provided. This module starts with a survey of the available samples, discusses how to incorporate them into the starter pack, and concludes with a case study of the display control sample.

• Getting started with the AAD B2C samples
• B2C sample scenarios
• Real world coding with the starter pack and B2C samples
• Case study: the DisplayControl sample

UI Customization

An essential requirement of production B2C implementations is the ability to customize the user interface to minimally include company branding with a customized background and logo. More complex customization scenarios involve localization and the execution of custom JavaScript code. This module begins by discussing how B2C content is incorporated into an HTML page, how a custom B2C HTML page is specified, and how localization and JavaScript are enabled.

• How the B2C UI is integrated into HTML
• Using Predefined Page Templates
• Company Branding
• Custom Page HTML
• Localization
• Using JavaScript

Day 4 Topics
Writing B2C client code with ASP.NET Framework

Custom policies are only one component of a full B2C implementation. In order to deploy the policies, they must be integrated with a client application. This module presents the code to call an ASP.NET framework web api secured by B2C from an ASP.NET framework web app.

• Registering and writing an ASP.NET framework web api that uses B2C
• Registering and writing an ASP.NET framework web app that uses B2C
• Calling from a B2C web app to a B2C web api using ASP.NET Framework

Writing B2C client code with ASP.NET Core

This module represents the analogue of the previous module, but for ASP.NET Core rather than ASP.NET framework.

• Registering and writing an ASP.NET Core web api that uses B2C
• Registering and writing an ASP.NET Core web app that uses B2C
• Calling from a B2C web app to a B2C web api using ASP.NET Core

Graph API

The Graph API allows developers to programmatically manage B2C resources and represents an essential tool for building a real-world B2C application. Since B2C extension attributes cannot be viewed and modified in the Azure portal, one of the most common use cases for the Graph API is to manage extension attributes defined in custom policies. This module demonstrates how to register and write a .NET application that uses the Graph API to perform CRUD operations on the resources in the B2C directory.

• What is the Graph API?
• Registering a Graph API management application
• Writing .NET code to use the graph API to perform operations on B2C resources
  • Read
  • Select
  • Page
  • Index
  • Filter
  • Delete
  • Create
  • Update
• Using the Graph API to manage extension attributes

Who Benefits

This course is for Azure application developers who are looking for guidance and best practices associated with using the Azure AD B2C service to support the identity and access control needs of their applications.

Prerequisites

This course is for application developers who are planning to use the Azure AD B2C service for their applications’ identity needs. Although not required, developers will benefit from prior experience working with Azure and modern identity protocols.