Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,909 questions
How to access Azure AD B2C user data through Azure Functions
Bruno Caruso
41
Reputation points
Hello everyone
I have a SPA Angular app with AD B2C auth, in sign up flow i need to verify if the user to register company already exists on my app.
It occurs to me to do it this way: checking if the requesting user email domain if are on one of the users of my AD B2C registered users.
Example, a new user registers with:
user1@org1.com
The register will continue, and then logon, because org1.com doesn't exists in any user.
But after this, a new user:
user2@org1.com
Tries to register, AD B2C would reject the register and say: "An admin of your company org1.com needs to approve the register or you need to be invited." or something fail text.
To do this, i'm trying to create a custom policy on my AD B2C tenant on signup to connect to my Function App REST API with Azure Functions, but the authentication in my FunctionApp is configured to authenticate with Microsoft, so all the functions need auth, i need to create a new Function App with anonymous access?? i think that's a bad practice.
Any idea? thanks!
{count} votes
-
James Hamil 25,396 Reputation points Microsoft Employee2022-11-08T23:07:15.413+00:00 Hi @Bruno Caruso , have you looked into using the Graph API? It may server your needs better. If you don't want to go this route I can help you with Azure Functions. Please let me know and I can help you further!
Thank you,
James -
Bruno Caruso 41 Reputation points
2022-11-09T11:52:36.373+00:00 Hi James, yes i can use Graph API but the good way will be through a Azure Function, right? I guess i can't reach Graph API endpoint directly from AD B2C Custom Policies, because AD B2C waits for 200 or 409 with custom responses for error messages
-
Bruno Caruso 41 Reputation points
2022-11-09T18:54:40.573+00:00 Hi @James Hamil yes i'm tried with Graph API with the /users endpoint and filter query param to search user emails domains but i have a B2C tenant and the $count command is not supported, also the $filter command doesn't supports endsWith function in B2C tenants.
Any idea? I'm consider to create a new Azure Function that would execute when finishes the register and save the registered email domain on a non-relational DB and then query this DB on the next register to verify if the domain already exists.
Sign in to comment
Sign in to answer