0

I am quite new to the wonderful world of Azure development. I currently work on a Xamarin.Form project with an Azure backend. After researching a lot, I found this post: https://azure.microsoft.com/en-in/resources/samples/active-directory-b2c-xamarin-native/ that explain how to do signIn in Azure from XF2.4.

But I am a little bit lost in all the portal offered by Microsoft. I create my backend on the portal.azure.com and at first I create the application in the portail.azure too. But I rapidly understand that I need to use the new apps.dev.microsoft.com to create the application. Now I am able to Singin from my XF project correctly.

My question: it is the correct way to do that? Now I try to add some Admin and "Normal user" application roles, then assigned roles to users. But the application created in the apps.dev.microsoft.com is not listed in the AzurePortal and the configuration available in apps.dev.micorosft.com is very simple.

How I can do that? Thanks

Nan Yu
  • 26,101
  • 9
  • 68
  • 148
Pierre-D Savard
  • 529
  • 3
  • 16

1 Answers1

0

To register an app that works with the v2.0 endpoint, you must use a new app registration portal: apps.dev.microsoft.com . And refer to document :

The v2.0 endpoint does not support issuing role or group claims in ID tokens.

The workaround would be add users to different groups , use microsoft graph api in you application to get user's group membership , then model Role based access control on top of Security Groups.

In addition .If you want to use Azure AD B2C , you should register the app in b2c application blade . And refer to this thread for how to manually retrieve these claims the group claims(need register a separate application) and inject them into the token.

Nan Yu
  • 26,101
  • 9
  • 68
  • 148
  • ouf complicated... Maybe I start with the wrong tutorial... I will revise my code to see why I need to user V2.0... I am lots between MobileApp, SQl, Ressource group that we crate in Azure Portal and the application created in the app.dev. If I need to consume backend service from azure portal, I think is simpler to keep the application in this portal to, using old connection scheme? – Pierre-D Savard Oct 17 '17 at 16:02
  • The big difference is the v2.0 endpoint make apps accept sign-in from both Microsoft Accounts and Azure AD account . See [document](https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-compare) and make choice based on your own scenario . If the microsoft account is not the key point in your scenario , then better use v1.0 endpoint , since not all Azure Active Directory scenarios & features are supported by the v2.0 endpoint. – Nan Yu Oct 18 '17 at 01:16
  • Thanks, I start to understand a little bit more the Azure AD 2.0.. Now I am able to log and retreive groups. The last think I need to do: How to setup Authentication to my appService hosted in portal.azure.com to use te same Application created in Azure AD 2.0 so the my native app that log in AD2.0 can consume service on AppService? Thanks – Pierre-D Savard Oct 18 '17 at 15:15
  • You can [call web api from web app](https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-devquickstarts-webapp-webapi-dotnet) in azure ad v2.0 . Since that's a different question , i would suggest you end this thread and start a new thread with tag :azure-active-directory and azure-web-sites . – Nan Yu Oct 19 '17 at 02:29
  • If my answer helps you ,please [accept as answer](https://meta.stackexchange.com/a/5235) which may helps who meet same problem . – Nan Yu Oct 19 '17 at 02:31