设置Azure B2C的正确方法?

时间:2018-09-18 19:25:49

标签: angular azure .net-core azure-ad-b2c msal

因此,我一直试图围绕很多不同的事情来尝试在我的项目中设置Azure的B2C。我的问题是:设置B2C到底需要什么?

我的项目使用的是Angular 5和.Net Core。

我一直在阅读有关ADAL,MSAL,Microsoft Graph API,Azure AD Graph API,自定义B2C策略...

我是否正确理解MSAL是授权使用Graph API的对象?然后我正在使用Microsoft Graph API登录,创建帐户等吗?根据我的研究,似乎已经逐步淘汰了ADAL。.Azure AD实际上是与Azure B2C不同的服务。

我不认识男人,帮帮我。

2 个答案:

答案 0 :(得分:0)

This sample in GitHub seems to have the necessary steps documented in the readme: https://github.com/Azure-Samples/active-directory-b2c-javascript-angular2.4-spa.

The Angular version is different but for the Azure part it is valid. It also has links to relevant documentation regarding Azure setup. I have not played with this particular sample but I hope it helps you forward.

答案 1 :(得分:0)

I have two Angular 6 applications running in production that uses Azure AD B2C.

When I started with the first project, it was Angular 2 (I also do the operation for these project thus they are up to date) it felt like MSAL wasn't far enough and I wasn't able to find an NPM package for it. So I decided to use the open source angular-oauth2-oidc component from Manfred Steyer and I don't regret it. The component is OpenID Connect certified and easy to use (except for Azure AD B2C ).

In order to use the component with Azure AD B2C you have to provide a config with some values that you can take from the discovery document (e. g. https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=b2c_1_sign_in). This is how my config looks like:

export const aadB2cNoDiscoveryConfig: AuthConfig = {
  'clientId': '<GUID>',
  'redirectUri': window.location.origin,
  'loginUrl': 'https://login.microsoftonline.com/<TENANT>.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1_signin',
  'logoutUrl': 'https://login.microsoftonline.com/<TENANT>.onmicrosoft.com/oauth2/v2.0/logout?p=b2c_1_signin',
  'scope': 'openid https://<TENANT>.onmicrosoft.com/<TENANT>.api/user_impersonation',
  'oidc': true,
  'issuer': 'https://login.microsoftonline.com/<GUID>/v2.0/',
  'tokenEndpoint': 'https://login.microsoftonline.com/<TENANT>.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1_signin',
  'responseType': 'id_token token',
  'clearHashAfterLogin': true,
  'disableAtHashCheck': true,
  'showDebugInformation': true,
  'strictDiscoveryDocumentValidation': false,
  'jwks': {
    'keys': [
      {
        kid: "X5eX....",
        nbf: 14....,
        use: "sig",
        kty: "RSA",
        e: "AQAB",
        n: "tV......"
      }]
  }
}

To login I invoke something like this inside the constructor of my app.component:

this.oauthService.configure(aadB2cNoDiscoveryConfig);
this.oauthService.tokenValidationHandler = new JwksValidationHandler();
this.oauthService.tryLogin()

If I have to implement another web application with Azure AD B2C I would consider trying MSAL again but wouldn't hesitate to fall back to angular-oauth2-oidc.

Note: If you use a .NET Core middleware to serve the Angular SPA you could simply add an OpenID Connect middleware. This is a good starting point for that.

相关问题
最新问题