Reputation: 103
How can I federate Azure AD B2C to Azure AD to protect an API?
I have the need to incorporate Azure AD B2C into an web app that is already working with Azure AD. I found the poor Microsoft documentation an says that i have to federate Azure Ad B2C to Azure AD (https://learn.microsoft.com/en-us/azure/active-directory-b2c/faq?tabs=app-reg-ga). next I found this article that tries to explain the process https://medium.com/the-new-control-plane/connecting-azure-ad-b2c-to-azure-ad-via-the-b2c-custom-identity-provider-42fbc2832e32 but sadly it´s not clear enough.
If I create 2 different tenants which one should I use to protect my .Net 5 API and which one should I use to authenticate my web Angular 11 App?
Upvotes: 0
Views: 351
Answers (2)
Reputation: 398
Why can't you add AAD B2C to AAD as an external identity provider via SAML? This would allow you to federate. I've never tried it but it should work, in principle.
Upvotes: 0
Reputation: 11315
You have two options
- User AAD B2C to federate to AAD using OIDC. Your apps will trust AAD B2C. You need to change the metadata URLs in the APIs to trust B2C tokens.
- Have your application and APIs trust both tokens, and through the app allow users to login via AAD B2C or AAD accounts.
I would recommend option 1. https://learn.microsoft.com/en-us/azure/active-directory-b2c/code-samples#web-apps-and-apis
Upvotes: 0
Related Questions
- Federated Identity Management using Azure B2C
- Using Active Directory B2C to secure a Blazor WASM app and Web API
- Can I use Azure Active Directory B2C to secure an API contained in a non-B2C directory?
- How to implement client API access to resources protected by Azure AD B2C
- How do I secure Azure API Management APIs using Azure B2C
- Azure B2C secure API MFA
- Azure AD B2C integrating with corporate AD Federated Services
- Securing Web API with Azure-b2c
- Securing Calls to APIs | Azure AD Apps in Different Directory
- how to federate between Azure B2B and B2C