Is it possible to use Azure Mobile App and Azure AD B2C to authenticate localhost web?

Question

I know that local debugging using tokens is possible using http://www.systemsabuse.com/2015/12/04/local-debugging-with-user-authentication-of-an-azure-mobile-app-service/. Would it be possible to go to thesite.com/.auth/login/aad and login and use that cookie for localhost (for testing the web app - not the mobile app)?

I am currently using the .auth/login/aad cookie to authenticate Nancy. I do by generating a ZumoUser out of the Principal.

        Before.AddItemToEndOfPipeline(UserToViewBag);

and

    internal static async Task<Response> UserToViewBag(NancyContext context, CancellationToken ct)
    {
        var principal = context.GetPrincipal();

        var zumoUser = await ZumoUser.CreateAsync(context.GetPrincipal());

        context.ViewBag.User = zumoUser;
        context.Items["zumoUser"] = zumoUser;

        var url = context.Request.Url;
        if (zumoUser.IsAuthenticated)
        {
            _logger.DebugFormat("{0} requested {1}", zumoUser, url.Path);
        }
        else
        {
            _logger.DebugFormat("{0} requested {1}", "Anonymous", url.Path);
        }

        return null;
    }

Answer 1

Would it be possible to go to thesite.com/.auth/login/aad and login and use that cookie for localhost (for testing the web app - not the mobile app)?

No, this is impossible. The JWT token verification is based on the stand protocol(OpenId connect or Oauth 2) we can follow. But there is no official document or SDK about the the cookie issued by the Easy Auth verification.

Answer 2

Yes. You need to read "the book" as it is a complex subject. The book is available open source at http://aka.ms/zumobook and the content you want is in Chapter 2.