Architecting a cloud solution with Azure Active Directory B2C

Question

I'm currently starting a new .NET Core project, will use Azure Active Directory for authentication and authorization. The app is going to have two roles and type of accounts something similar to LinkedIn (Account to publish jobs and account for job seekers).

I got confused about how to implement that with Azure Active Directory B2C

I have implemented the flow of sign-up and sign-in, but the idea is how would I be able to handle the Job Seeker registration to mark this profile as a job seeker or a Business Owner profile, or I should implement this on my project's side not on the Azure AD side?

Answer 1

You will have to have implementation in both application and Azure AD B2C.

You can have Custom Sign up page similar to this this -

Where you ask user about his role (job seeker or a Business Owner). This can be saved in DB and Azure AD B2C after Sign Up as custom user attributes.

You can then verify by querying the user in Graph Explorer and check that these attributes are saved in B2C. Hence, after subsequent sign ins, you retrieve custom Attribute (Let us say role) from the claims that are passed on to your application by B2C and then redirect user to their own view pages after Sign in.

Answer 2

It depends on your business requirement and the type of Azure AD licensing you have.

For eg: Azure AD Custom Roles licensing requirement is:

Required license plan Using this feature requires an Azure AD Premium P1 license. To find the right license for your requirements, see Comparing generally available features of the Free, Basic, and Premium editions.

Your organization may already have this and it may not be an additional cost. If not, it will be an additional cost which you should consider.

Reference: Azure Active Directory Custom Roles

If the additional licensing cost is an issue, you may want to consider implementing the RBAC (Role based access control) on your app side. It is really a question of build vs. buy.