1

We are currently implementing the Authentication and Authorization flow for the company using B2C and Active Directory and we are having some issue around different user roles.

The company is going to give different level of access :

  • Guest Users
  • External registered users with custom email
  • Staff with SSO

We would like to understand a bit better how to integrate B2C with our custom .NET Core 3.1 API hosted on Azure App Service. The SSO for company is working well but registering external users into the platform with custom permission is getting a bit confusing; so we are using ‘Custom Claims’ as a work around.

How does one achieve proper Authorization?

ΩmegaMan
  • 29,542
  • 12
  • 100
  • 122
Mahesh
  • 11
  • 3

1 Answers1

1

External registered users with custom email are actually B2C users.

In Azure AD, we can use App roles or Group claims to control the user's permission. But in Azure B2C, App roles or Group claims are not supported currently.

The recommended method is to use directory extension optional claims, which is also known as "Custom Claims" you mentioned. Simple implementation listed in this answer.

Another method is manually retrieving the group claims and inject them into the token. Detailed steps are listed in this answer.

Allen Wu
  • 15,529
  • 1
  • 9
  • 20
  • If my answer is helpful for you, you can accept it as answer( click on the check mark beside the answer to toggle it from greyed out to filled in.). See https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work. This can be beneficial to other community members. Thank you. – Allen Wu Nov 09 '20 at 05:59