2

Our App is a public facing app. For sign up and sign in, we set up AD B2C as it provides an easy tool out of the box. Consequently, Azure has created a different tenant where all users will be managed.

We also have setup a Blockchain app, which can be done only in AD tenant (not in AD B2C). Now, we would like users in B2C to interact with the blockchain API. This cannot be done as only users in AD are allowed.

Is there a way to link users in B2C to AD? Other solution?

StuartLC
  • 104,537
  • 17
  • 209
  • 285
FMR
  • 21
  • 1
  • When you say you want external users to `interact with the blockchain API`, do you mean the REST API, or the ABW interactive UI? Deeper into ABW, every 'user' issuing transactions needs to be mapped to an Ethereum/Quorum Address, so you would still either need to create a user account (e.g. via the ABW UI or the REST API) for each user (UserChainMapping). If you build your own API, then you could use a centralized ABW user and track the calling user yourself. – StuartLC Sep 16 '19 at 09:41
  • Indeed we want the B2C users to be able to use the REST API, which is located in AD. – FMR Sep 16 '19 at 09:45
  • AFAIK the RESTapi requires AD. What you could do is use the [messaging API](https://github.com/Azure-Samples/blockchain/blob/master/blockchain-workbench/messaging-integration-samples/CreateContract.md) via Azure Service Bus - it requires only Endpoint security (not user level authentication), however you will need to do the UserChainIdentifier mappings between your B2C users and their ABW UserId – StuartLC Sep 16 '19 at 09:49
  • Many thanks for your input. Seems there is no solution... We are going to use the 'invite API' so users are registered straight in AD. And subsequently avoid B2C. Not ideal as we are not too sure how the UI can be customised. Also would you know what is the limit for number of users in AD? – FMR Sep 16 '19 at 13:01
  • If this was a custom API, you could allow tokens from both AAD and B2C – juunas Sep 16 '19 at 13:52

0 Answers0