Reputation: 5238
Azure Active Directory B2C - Maintaining Users in the Database
I'm transforming a legacy system that stores its users in a database (including credentials) to use Azure AD B2C for authentication.
My first step is to rewrite the frontal API (the API that serves the web client directly)
Because many other systems and database tables depend on the users table and its columns, I've decided on creating a db user for every new azure ad registration.
This is the problem, the user id in the database is the primary key, an auto incremented number.
The id that I extract from the access token claims is a ad object identifier, a GUID.
To be able to relate an ad b2c user entity to a database user entity, I will have to create a new column in the users table, AzureObjectId.
The problem is that now I would have to constantly do the conversion between AzureObjectId which I extract from the access token, to the database users id, because other database tables and other internal APIs that I access expect a database user id.
What would be the right way to tackle this?
What I can thinks of is
- Transforming AzureObjectId to database user id during every interaction with the database or another internal API.
- Once my API creates the database user, use the Azure AD B2C Graph API to add a new claim, database user id, to the user.
Both of these I want to avoid. Is there someway to enrich the access token with the database user id?
Upvotes: 1
Views: 3074
Answers (2)
Reputation: 2287
I would go with second option as its a one time operation and system doesn't need to do the conversion every time.
Update with details
This seems to be a migration scenario as well. Check samples here
You will also need to use Restful api feature of custom policies as well.
During the signup process, execute a restful technical profile which will call an api in contoso (your) service to create user. The contoso service will return the database user id of the newly created user. This new userId can be used as a subsequent claim for the user and AzureADB2C will create the user with that extension property.
The another approach is what we discussed earlier. After signup the user can be created by the service and for the first call, service can insert a claim for itself with new database user Id.
Upvotes: 1
Reputation: 46720
Yes - use custom attributes
You can add custom attributes via the portal and select these to return them as claims in the token.
The Graph API link above shows how to create them programmatically.
So if you populate the database user id into the custom attribute you'll be able to return it in the token.
Upvotes: 1
Related Questions
- User roles in Azure B2C application
- Azure AD and Azure B2C for users
- Azure AD B2C user creation
- Azure AD B2C - how we manage application wise users data ? (single/same tenant)
- Use Azure Active Directory B2C without migrating users
- Azure B2C - Migrating users from SQL Database to B2C tenant
- Migrating our MVC web app user management to Azure AD B2C
- Azure Active Directory B2C
- Active Directory B2C authentication and making/storing user IDs in a DB
- Azure Active Directory B2C User Management