Reputation: 10765
AzureAD B2C Auth in Xamarin Forms Mobile Application with Microsoft Authenticator App
Development: Visual Studio 2019, Xamarin Forms Mobile Application targeting .Net 5, written in C#.
Architecture: Public facing mobile application, Azure hosted API, Azure hosted sql server instance.
I've been learning mobile application development in my spare time so that I can begin doing mobile work for my employer. I would appreciate any guidance or design help on this based on the requirements.
Requirements: Employee logs into the mobile application via AzureAD B2CAuthentication and has to do multi factor authentication via the Microsoft Authenticator app. I believe I have found all I need to make this part work: azure-ad-b2c using the MSAL library and the example project on GIT at XamarinFormsMFASample. Once authenticated, the user would then receive a token which they could then use to make API calls, the API should be able to authenticate the user via the token received in the Authentication piece. The API would then sit between the mobile application and the database, this way no connection strings or sensitive data is stored within the mobile application code.
Am I on the right track here? I thought I read that in Azure configuration, I could add my API as a hosted service and then have the authentication piece send back a token for the API?? Or will I be able to leverage some library to read the authentication token received in step 1 in my API to ensure the user is authenticated and part of our domain?
Am I on the right track for the authentication piece? Has anyone used this kind of authentication before? The user would input their sAMAccount name and password and be authenticated via that against AzureAD and then complete MFA via the Microsoft Authenticator Application.
Upvotes: 0
Views: 603
Answers (1)
Reputation: 1934
Here's how an authentication request would flow, from a mobile client that needs to access a REST API - both of which are members of the same AD B2C Tenant.
1. Invoke the Sign-In Policy
When using MSAL - this will automatically display a login page (in a WebView) that will let the user authenticate with the allowed providers for that policy.
2. AD B2C Returns a Token (and any other user info)
Using OAuth 2.0 - AD B2C will return an access token that the app will eventually send on to the REST API it wants access to. AD B2C also will send back any information about the user (such as display name) that the policy allows.
3.Mobile Client Sends Access Token To REST API
The mobile client will send the newly acquired access token to the REST API as a bearer token in the request to get whatever information its after.
4.REST API Check Token Against AD B2C
Now it's the REST API's turn to use the AD B2C to check the access token - to make sure it's a valid token.
5.REST API Sends a Response
Finally - the REST API either sends the information requested - if the authorization was good - or it sends a 401 response. Generally speaking - it should send the information back, because the user was already authenticated. Unless the user was trying to access a resource they weren't authorized to use and authorization is a whole other blog post.
To make it more clear, I simply drew a diagram:
Upvotes: 1
Related Questions
- Xamarin User Authentication using AD B2C
- Azure B2C Login on Xamarin forms app with Face/TouchId/Fingerprint/Keychain integration with API
- How to connect with mobile application to AD B2C
- Sign in with Azure AD B2C to Xamarin Android app
- Azure AD B2C Authentication with Xamarin.Forms Not working
- How to develop a multi-user Xamarin.Forms app with Azure AD B2C authentication
- Authenticating Web Api using Azure B2C and MSAL in Xamarin Mobile App
- Xamarin.Forms app using Azure AD B2C only showing Microsoft login
- Azure Mobile Apps custom authentication
- Azure Mobile App Authentication using Xamarin