CODEWITHSUNDEEP
asp.netazureazure-active-directoryopenid-connectazure-ad-b2c
Mihai
Mihai

Reputation: 2760

Azure AD B2C - Multiple sub domains

Can I setup Azure Active Directory B2C to work with multiple sub domains ? Here's what I've done so far:

  1. Setup one B2C directory
  2. Created one web application: mytest.com - authentication and authorization in this app work fine.
  3. I have created another app: subdomain.mytest.com - which uses the same Azure B2C Active directory

Now, what I want is this: when I log in to "mytest.com" to also be logged in to "subdomain.mytest.com"

Is this possible ?

My applications are ASP.NET MVC apps using OpenId Connect I can provide more detailed info if needed.

Thanks

Upvotes: 6

Views: 2564

Answers (2)

Jivago
Jivago

Reputation: 76

The line that makes it work:

app.UseCookieAuthentication(new CookieAuthenticationOptions() { CookieDomain = ".mytest.com" });

I figured it out when I read this article: https://auth0.com/blog/2014/01/27/ten-things-you-should-know-about-tokens-and-cookies/ (Section 3)

public void ConfigureAuth(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions() { CookieDomain = ".mytest.com"});

        var options = new OpenIdConnectAuthenticationOptions
        {
            ClientId = clientIdb2c,
            RedirectUri = redirectUri,
            PostLogoutRedirectUri = redirectUri,
            Notifications = new OpenIdConnectAuthenticationNotifications()
            {
                MessageReceived = (context) =>
                {

                    //AADB2C90091: The user has cancelled entering self-asserted information.
                    if (!string.IsNullOrEmpty(context.ProtocolMessage.ErrorDescription) && !context.ProtocolMessage.ErrorDescription.StartsWith("AADB2C90091:", StringComparison.OrdinalIgnoreCase))
                    {
                        if (context.ProtocolMessage.ErrorDescription.StartsWith("AADB2C99002", StringComparison.OrdinalIgnoreCase))
                        {
                            throw new SecurityTokenValidationException("User does not exist. Please sign up before you can sign in.");
                        }
                    }

                    return Task.FromResult(0);
                },
                RedirectToIdentityProvider = OnRedirectToIdentityProvider,
                AuthenticationFailed = AuthenticationFailed,
                SecurityTokenValidated = (context) =>
                {
                    //Create the logic to redirect here.
                    context.AuthenticationTicket.Properties.RedirectUri = "https://sub1.mytest.com";

                    return Task.FromResult(0);
                }
            },
            Scope = "openid offline_access",
            ResponseType = "id_token",

            // The PolicyConfigurationManager takes care of getting the correct Azure AD authentication
            // endpoints from the OpenID Connect metadata endpoint.  It is included in the PolicyAuthHelpers folder.
            ConfigurationManager = new PolicyConfigurationManager(
                String.Format(CultureInfo.InvariantCulture, aadInstance, tenant, "/v2.0", OIDCMetadataSuffix),
                new string[] { SignUpPolicyId, SignInPolicyId, ProfilePolicyId }),
        };

        app.UseOpenIdConnectAuthentication(options);
    }

Upvotes: 5

Vikram
Vikram

Reputation: 21

As long as both the applications share the same tenant. Single Sign on is enabled by default at the tenant level and applies to all application objects defined in the tenant.

Upvotes: 0

Related Questions