Azure B2C: Allowing an authenticated user to access the Microsoft Graph API

Jared Romano 6 Reputation points
2020-09-29T22:19:12.09+00:00

I am trying to get delegated scopes for Microsoft graph to allow an authenticated user to log in and search for other users in an Azure B2C tenant, but can't get it to work.

I have an Asp.net Core application that is configured to use a Multi-tenant app registration in an Azure B2C tenant. I am using the Microsoft.Identity.Web library for authentication . I have been following the tutorials in https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2, however, there doesn't seem to be a tutorial oh how to use the Graph API specifically for using Azure B2C. The tutorials are not helpful since you cant setup delegate permissions in a multi-tenant application. Are there any examples I can use or guidance to get this to work?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,579 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,742 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Alfredo Revilla (Ex-MSFT) 26,756 Reputation points
    2020-09-30T18:36:20.473+00:00

    MS Graph operations are available only trough standard Azure AD (Non B2C) app registrations. The best is to create them under the Azure Active Directory node. Only Azure AD (Non B2C) users will be able to request such pernmissions.

    --
    Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.

    1 person found this answer helpful.