I have created an Azure B2C. I have multiple .Net web apps that are calling this B2C to allow internal and external users to login and access our apps. What I need is a way to be able to assign a user to an app for example John Doe would have access to WebApp1 but not WebApp2 and his role for WebApp1 would be Admin. Whereas Jane Doe has access to WebApp1 and WebApp2 and her role is a user for both of the apps. I need this authorization piece. Does anyone know of a way to do this? I know that normal Azure has groups and roles but B2C doesn't seem to allow you to create any of that as far as I have been able to find.
Asked
Active
Viewed 451 times
1 Answers
0
Under Features not applicable in Azure AD B2C tenants Application roles are Not currently available for Azure AD B2C.
As B2C is used for consumer accounts or identities, they sign-up to create the accounts,and Administrator should not be able to add their accounts to the app assigning the roles to their identities.in such cases you can make use of standard Azure AD .
However we can make use of custom claims in B2C where the consumer selects required role while sign up.
So that required role has to go through authorization process.For that app must be configured with roles.
For example in .net, you can configure extension role for particular controller actions for the users.For example, create a custom attribute named AADRole. Assign a value(which means its role access to certain apps)to different users and then get the claim from id token after B2C users sign in.
services.AddAuthorization(options =>
{
options.AddPolicy("Admin", policy =>
policy.RequireClaim("extension_Role", "Admin"));
});
by using authorize attribute
[Authorize(Policy = "Admin")]
References :
kavyaS
- 8,026
- 1
- 7
- 19