Integration of Azure AD B2C with .NET desktop applications

1. Introduction Using Azure Active Directory (Azure AD) B2C, powerful self-service identity manageme

1. Introduction

Using Azure Active Directory (Azure AD) B2C, powerful self-service identity management features can be added to desktop app in a few short steps by software companies India.

This article shows how to create a .NET Windows Presentation Foundation (WPF) app that includes user sign-up, sign-in, and profile management. This app includes support for sign-up and sign-in by using a user name or email. It supports sign-up and sign-in by social accounts such as Facebook and Google.

 2. Get an Azure AD B2C Directory

Before using Azure AD B2C, we must create a directory, or tenant. A directory is a container for all of your users, applications, groups, and more. If you don't have directory already then create a B2C directory.

3. Create an Application

  • Next we need to create application in B2C Directory. It gives Azure AD information that need to securely communicate with application. For creating an application in B2C directory follow these steps.
  • Make sure to: 
    • Include a native client in the application.

    • Copy the Redirect URI urn:ietf:wg:oauth:2.0:oob. It's the default URL for application.
    • Copy the Application ID that is assigned to your app. we will need it later.

4. Create a policies

  • In Azure AD B2C, every user experience is denoted by a policy. We need to create a policy for each type(Sign-in, Sign-up and Edit-profile).

  • When you create the policies, be sure to:
    • Choose either User ID sign-up or Email sign-up in the identity providers blade.

    • Choose Display name and other sign-up attributes in your sign-up policy.

    • Choose Display name and Object ID claims as application claims for every policy.

    • Copy the Name of each policy after creating. It should have the prefix b2c_1_.

5. Build a Windows desktop app

Step 1: Creating WPF Project

  • Add a new WPF application named "AzureADB2CDesktopApp"

  • Install the needed NuGet Packages to Configure the MVC App
    Install-Package Microsoft.Identity.Client -IncludePrerelease
  • Create a class file Globals.cs, open the file and add property values. his class is used throughout AzureADB2CDesktopApp to reference commonly used values.

  • Create a class file FileCache.cs for simple persist cache implementation of desktop app.

  • Create the PublicClientApplication

The primary class of Microsoft Authentication Library (MSAL) is PublicClientApplication. This class represents your application in the Azure AD B2C system. When the app initializes, create an instance of PublicClientApplication in MainWindow.xaml.cs. This can be used throughout the window.

  • Check for tokens on App Start

  • Sign-up flow

When a user opts to signs up, you want to initiate a sign-up flow that uses the sign-up policy you created. By using MSAL, you just call pca.AcquireTokenAsync(). The parameters you pass to AcquireTokenAsync() determine which token you receive, the policy used in the authentication request, and more.

  • Sign-in flow

You can initiate a sign-in flow in the same way that you initiate a sign-up flow. When a user signs in, make the same call to MSAL, this time by using your sign-in policy:

  • Edit-profile flow

Again, you can execute an edit-profile policy in the same behavior:

In all of these cases, MSAL either returns a token in AuthenticationResult or throws an exception. Each time you get a token from MSAL, you can use the AuthenticationResult.User object to update the user data in the app, such as the UI.

  • Sign-out flow

Finally, we can end a user's session with the app when the user selects Sign out. When using MSAL, this is accomplished by clearing all of the tokens from the token cache:


Step 2: Run WPF Project

  • Click on Sign In button, it will open Azure AD B2C Tenant Sign In browser window and enter the credential.

  • If the credentials provided are valid then a successful authentication will take place and a token will be obtained and stored in the claims identity for the authenticated user and navigate to main window.

 6. Conclusion

By using Azure Active Directory (Azure AD) B2C, ASP.NET software development companies can add powerful self-service identity management features to desktop application.


Integration of Azure AD B2C with .NET web app

1. Introduction 2. How to create an Azure AD B2C Directory? 3. How to register your application? 4.

1. Introduction

Azure Active Directory B2C is a cloud identity management solution for consumer-facing web and mobile applications recommended by software companies in India. Its highly available global service that scales to hundreds of millions consumer identities. It is built on an enterprise-grade secure platform, Azure Active Directory B2C keeps your applications, your business, and your consumers protected.

It offers a better way to integrate consumer identity management into their applications with the help of a secure, standards-based platform and a rich set of extensible policies.

Using Azure Active Directory B2C, consumers can sign up for applications by using their existing social accounts (Facebook, Google, Amazon, LinkedIn) or by creating new credentials (email address and password, or username and password).

This supports authentication for a various modern application architectures. All of them are based on the industry standard protocols OAuth 2.0 or OpenID Connect. It also helps to understand the high-level scenarios before starting build an applications.

In this blog, let us understand how to integrate Azure AD B2C with .NET web app with an example.


2. How to create an Azure AD B2C Directory?

Step 1 : Create an Azure AD B2C tenant

  • Sign in to the Azure classic portal as the Subscription Administrator. This is the same work or the same Microsoft account that you used to sign up for Azure.
  • Click  New > App Services > Active Directory > Directory > Custom Create



  • Enter the NameDomain Name and Country or Region for your tenant.
  • Check the option that says This is a B2C directory.



  • Click the check mark to complete the action.
  • Your tenant is now created and will appear in the Active Directory extension. You are also made a Global Administrator of the tenant. You can add other Global Administrators as required.

Step 2 : Navigate to the B2C features blade on the Azure portal

  • Navigate to the Active Directory extension on the navigation bar on the left side.
  • Find your tenant under the Directory tab and click it.
  • Click the Configure tab.
  • Click the Manage B2C settings link in the B2C administration section.



  • The Azure portal with the B2C features blade showing will open in a new browser tab or window.
  • Pin this blade to your Startboard for easy access. (The Pin tool is marked in red at the upper-right corner of the features blade.)


3. How to register your application?

  • On the B2C features blade on the Azure portal, click Applications.



  • Click +Add at the top of the blade.


  • Enter a Name for the application that will describe your application to consumers. For example, you could enter "IfourTestApp".



  • If we are writing a web-based application, toggle the Include web app / web API switch to Yes. The Reply URLs are endpoints where Azure AD B2C will return any tokens that your application requests. For example, enter https://localhost:63722/.
  • If you are writing a mobile application, toggle the Include native client switch to Yes. Copy down the default Redirect URI that is automatically created for you.
  • Click OK to register your application.
  • Click the application that you just created and copy down the globally unique Application Client ID that you'll use later in web application.



4. Build a ASp.NET Web App

Step 1 : Creating MVC Web App Project

  • Add a new ASP.NET Web application named "AzureADB2CApp", then add new MVC ASP.NET Web application, the selected template for the project will be "MVC", and do not forget to change the "Authentication Mode" to "No Authentication" check the image below:



  • Once the project has been created, click on its properties and set SSL Enabled to True, copy the "SSL URL" value and right lick on project, select Properties, then select the Web tab from the left side and paste the "SSL URL" value in the Project Url text field and click Save. We need to allow https scheme locally once we debug the application. Check the image below: