2

I am a bit confused about things around Azure B2C auth for a Web API.

I saw a lot of example to add a bearer token in the swagger UI. I think I understand that part. The Azure B2C environment and the Web API seem well configured with the "easy auth solution". But if I don't want that "easy auth solution", how can I generate the bearer token?

Do I need openiddict or IdentityServer or there are other way to get the bearer (mostly for debug/testing purpose) ?

Thanks, Adrien

pellea
  • 359
  • 3
  • 21

1 Answers1

0

But if I don't want that "easy auth solution", how can I generate the bearer token?

If you want to use Azure AD to protect you web API, there is no necessary to generate the bearer token by ourselves.

In the application which use claims-based identity, the app normally will get the token from STS. And in this scenario, the Azure AD will provide the STS for the application. So we will get the bearer token from Azure AD and use the token to request the protected resource.

Here is a video which helpful to understand claim-based application though it is talking about ADFS. And this video is helpful to developing with web API protected by Azure AD.

Also you may interested in Azure AD developing and Azure AD B2C, you can refer the links below:

Azure Active Directory B2C

Azure Active Directory

Fei Xue
  • 14,369
  • 1
  • 19
  • 27
  • the samples/video are either not compatible with ASP.NET Core or use the Management API... – pellea Oct 24 '16 at 08:15
  • If you were looking for the code sample for ASP.NET core, you can refer [here](https://github.com/Azure-Samples/active-directory-dotnet-webapp-webapi-openidconnect-aspnetcore). However this code sample is using the Azure AD. – Fei Xue Oct 24 '16 at 09:31
  • 1
    I will clarify my question: How can I authorize a Web API (bearer/token ?) when testing it using Swagger UI (protected by Azure AD B2C)? – pellea Oct 24 '16 at 13:50
  • Thanks for the clarifying. The issue that using OAuth in Swagger UI seems to be very common. However I am not find the real solution for it. Here are the links may be helpful.[link1](https://github.com/swagger-api/swagger-ui/issues/818), [link2](https://github.com/swagger-api/swagger-ui/issues/2047). – Fei Xue Oct 25 '16 at 07:54
  • @Adrien, did you find a solution? I am also trying to do the same thing but have come up empty with google/bing. all the examples seem to be .NET Core /AzureAD (not B2C) or Classic ASP.NET (not .NET Core) / Azure AD B2C. I've pieced together a some swagger config but haven't been able to get it to work. – Azure Terraformer Oct 26 '17 at 00:57
  • @emseetea I set up IdentityServer (that uses the AD B2C). With IdentityServer you can test Swagger using the `services.AddSwaggerGen(options => { options.AddSecurityDefinition("test", new OAuth2Scheme { Type = "oauth2", Flow = "implicit", ... })})` – pellea Oct 26 '17 at 10:07
  • @Adrien is the IdentityServer only used for your testing environment or do you intend to replace AAD with IdentityServer? I'm confused by why you would want / need IdentityServer if you are using AAD B2C... sorry for my ignorance, I'm not super familiar with IdentityServer but thought it was an open source Identity Provider much like AAD B2C or Microsoft / Google Accounts are... – Azure Terraformer Oct 26 '17 at 17:35
  • @emseetea I deployed IdentityServer in Azure and I use AD-B2C as an authentication provider (I could have used Facebook/Google/Twiiter provider). It's IdSrv that create/refresh auth tokens. I decided to go with AD-B2C because of the signin/singup pages customizations capabilites, 2FA. – pellea Oct 27 '17 at 13:26