6

I'm using appcenter Auth and Data in my Xamarin forms Application, but microsoft are shutting down these services so i now need to do it myself. Atm these two allowed me to verify my users with ADB2C and then grant them to access there own and shared content in the Cosmos Database.

What i have atm: I can log in via MSAL to my AD B2C. I can access my DB with Microsoft.Azure.DocumentDB.Core.

What i need is: I need to be able to generate Ressource Token and configure the Database so only the User can access their documents.(Only found outdated and poorly described Tutorials)

Or as an alternative: How is it possible to create Azure functions that only User which are logged in via msal can call? And then i would need the user id in the Azure function to check against the db.(All the Tutorials handle the user verification on the api call, this is not possible when calling from application)

Olias
  • 401
  • 5
  • 17

1 Answers1

8

You cannot use the AAD B2C issued user token to access Cosmos DB resource.

Try this link - you will need to pass the B2C token to a AAD B2C protected API which then makes the API call on behalf of the user using client_credentials (AAD service account).
https://codemilltech.com/adding-azure-ad-b2c-authentication-to-azure-functions/

Jas Suri - MSFT
  • 10,605
  • 2
  • 10
  • 20
  • thanks this realy helped... the only thing i'm wondering is, is it possible to get the id of the currently logged in user in the api, so that's impossible for one user to login and then request data as another user? – Olias Feb 11 '20 at 19:04
  • Sure, the objectId be the “sub” claim in the token the user calls the api with. – Jas Suri - MSFT Feb 11 '20 at 21:39
  • found it in the Header under X-MS-CLIENT-PRINCIPAL-ID – Olias Feb 12 '20 at 09:32
  • 4
    Cosmos Resource Token Broker Example https://github.com/1iveowl/CosmosResourceTokenBroker – Olias Feb 25 '20 at 08:43
  • That resource from @Olias looks amazing. I've also been following this one from the author linked in the answer: https://github.com/codemillmatt/MonkeysRefresh – InquisitorJax Jul 06 '20 at 21:18