This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 2%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
I am trying to get delegated scopes for Microsoft graph to allow an authenticated user to log in and search for other users in an Azure B2C tenant, but can't get it to work.
I have an Asp.net Core application that is configured to use a Multi-tenant app registration in an Azure B2C tenant. I am using the Microsoft.Identity.Web library for authentication . I have been following the tutorials in https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2, however, there doesn't seem to be a tutorial oh how to use the Graph API specifically for using Azure B2C. The tutorials are not helpful since you cant setup delegate permissions in a multi-tenant application. Are there any examples I can use or guidance to get this to work?
MS Graph operations are available only trough standard Azure AD (Non B2C) app registrations. The best is to create them under the Azure Active Directory node. Only Azure AD (Non B2C) users will be able to request such pernmissions.
--
Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.
Ah, so clearly I'm approaching it wrong. Would a better approach be to get the user data using a background service and just expose the user's display names to authenticated B2C users? Essentially I would like a way for customers to log in using their preferred identity provider, pay for a product, search for other customers and invite them to share the product.
I followed the instructions on the Azure B2C for using Microsoft.Graph https://learn.microsoft.com/en-us/azure/active-directory-b2c/manage-user-accounts-graph-api, but I'm worried about security. Not that we would have sensitive information in the attributes, I just don't want a way for the information to be exposed easily.
Client (application) credentials flow is the way to go. You would be in control not only of what attributes to display but also to retrieve.