This course teaches Developers how to work with the Azure AD B2C service, how to integrate it into their applications, and how to customize its appearance and behavior. Developers will learn how to create and configure an Azure AD B2C tenant and how to produce complex, real-world B2C applications through the use of custom policies.
Key Learning Areas
- Identity Management Concepts
- Creating and configuring an Azure AD B2C tenant
- Azure AD B2C custom policies
- The custom policy starter pack
- Incorporating Multi-Factor Authentication (MFA) into a B2C app
- The Azure AD B2C custom policy samples
- Customizing Azure AD B2C appearance and behavior
- Writing an ASP.NET framework B2C client
- Writing an ASP.NET Core B2C client
Azure AD B2C Service Introduction
A prerequisite to working with Azure AD B2C in a production environment is knowledge of authentication concepts and the techniques for properly creating and configuring a tenant and identity providers. This introductory module presents this prerequisite information, along with a general overview of B2C and how to create policies through the use of user flows.
- Azure AD B2C Service Overview
- Core Authentication Concepts
- Provisioning an Azure AD B2C Tenant
- Application Registration
- Configuring and Selecting Identity Providers
- Introduction to user flows
Introduction to Custom Policies
Microsoft recommends that developers employ the built-in user flows to address most common identity tasks because they are easy to create and maintain. However, for complex, real-world scenarios, custom policies are often required since they are fully customizable to any situation. Custom policies are defined using xml configuration files that specify the identity experience by constructing a user journey through a series of orchestration steps. This module introduces custom policies, with a thorough discussion of the components of a policy file and a demonstration of how to upload and run custom policies through the Identity Experience Framework (IEF) of the B2C tenant.
- Overview/Introduction to Custom Policies and the IEF
- Getting Started with Custom Policies
- Building Blocks – Claims, Transformations, Content Definitions
- Claims Providers – Introducing Technical Profiles, Claims Transformation & Self-Asserted (UI) Technical Profiles
- User Journeys
- Relying Party Specification
HTTP REST and Validation
Many identity management implementations require integration with external services or business logic, such as validating input by verifying a user’s information in a database. The IEF, which underpins Azure AD B2C, supports this integration through RESTful calls from B2C custom policies. This module discusses the techniques for invoking a RESTful service and validating information.
- Making HTTP Requests
Authenticating User Credentials
The primary purpose of Azure AD B2C is authenticating users. IEF in B2C requires additional configuration steps in the form of applications that must be registered to support authentication and custom policy UI definitions. This module demonstrates the steps involved in registering the required applications and presents the custom policy infrastructure necessary to display a login page, store user credentials and authenticate users based on those credentials.
- Create & register the IdentityExperienceFramework and ProxyIdentityExperienceFramework apps
- Working with Azure AD Storage and OpenID Connect Endpoints
- Storing claims in Azure AD
- Reading claims from Azure AD
- OpenID Connect and UI technical profiles
This module covers the additional custom policy prerequisites that developers must know in order to work with the starter pack and B2C samples covered in the subsequent sections of the course. The heart of the content is the discussion of policy file hierarchies, which allow a custom policy implementation to be split across multiple xml files arranged in a hierarchical structure. The procedure for storing user data at the application level through extension properties is also presented. The module concludes with a discussion of debugging techniques using Application Insights.
- Working with custom attributes
- Policy file hierarchies
- Troubleshooting with application insights
Custom Policy Starter Pack
The starting point for any real-world B2C development project is the Microsoft-provided B2C custom policy starter pack. An introduction to the starter pack is presented, with detailed information about the content of the starter pack files, and how to download, configure, and run the policies contained in the files.
- Introduction to the custom policy starter pack
- Starter pack scenarios
- Local accounts
- Social accounts
- Local and social accounts
- Local and social accounts with MFA
- Downloading, configuring and running the starter pack files
Multi-Factor Authentication (MFA)
MFA provides an additional layer of authentication protection that has been proven to substantially lower the likelihood that an account will be compromised. An introduction to MFA is presented, followed by detailed coverage of the technical profiles provided in the starter pack for local and social accounts with MFA.
- Introduction to MFA
- MFA features
- One-time passcodes
- MFA starter pack technical profiles
The B2C team at Microsoft spends considerable time and resources to provide a comprehensive set of samples that cover many of the scenarios that developers need to implement. These samples act as a form of documentation and serve as a best practice model for the scenarios that they encompass. Customizing email verification through the use of a display control is an example of an often requested B2C feature, for which a sample is provided. This module starts with a survey of the available samples, discusses how to incorporate them into the starter pack, and concludes with a case study of the display control sample.
- Getting started with the AAD B2C samples
- B2C sample scenarios
- Real world coding with the starter pack and B2C samples
- Case study: the DisplayControl sample
- How the B2C UI is integrated into HTML
- Using Predefined Page Templates
- Company Branding
- Custom Page HTML
Day 4 Topics
Writing B2C client code with ASP.NET Framework
Custom policies are only one component of a full B2C implementation. In order to deploy the policies, they must be integrated with a client application. This module presents the code to call an ASP.NET framework web api secured by B2C from an ASP.NET framework web app.
- Registering and writing an ASP.NET framework web api that uses B2C
- Registering and writing an ASP.NET framework web app that uses B2C
- Calling from a B2C web app to a B2C web api using ASP.NET Framework
Writing B2C client code with ASP.NET Core
This module represents the analogue of the previous module, but for ASP.NET Core rather than ASP.NET framework.
- Registering and writing an ASP.NET Core web api that uses B2C
- Registering and writing an ASP.NET Core web app that uses B2C
- Calling from a B2C web app to a B2C web api using ASP.NET Core
The Graph API allows developers to programmatically manage B2C resources and represents an essential tool for building a real-world B2C application. Since B2C extension attributes cannot be viewed and modified in the Azure portal, one of the most common use cases for the Graph API is to manage extension attributes defined in custom policies. This module demonstrates how to register and write a .NET application that uses the Graph API to perform CRUD operations on the resources in the B2C directory.
- What is the Graph API?
- Registering a Graph API management application
- Writing .NET code to use the graph API to perform operations on B2C resources
- Using the Graph API to manage extension attributes
This course is for Azure application developers who are looking for guidance and best practices associated with using the Azure AD B2C service to support the identity and access control needs of their applications.
This course is for application developers who are planning to use the Azure AD B2C service for their applications’ identity needs. Although not required, developers will benefit from prior experience working with Azure and modern identity protocols.