Validate Azure B2C access token to Azure AD .Net Core Web API

Waqas Ahmed 1 Reputation point
2023-01-03T16:44:07.297+00:00

Hi,

I have two web API configured with two different authentication process

  1. Azure AD
  2. Azure B2C

I generated an access token using the azure b2c app and now passing this token to call 1st API where this API is connected azure ad, now I want to validate the azure b2c token in my 1st app and vice versa.

Please suggest how I can solve this issue with both access_token in API..

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
776 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,106 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. James Hamil 21,151 Reputation points Microsoft Employee
    2023-01-03T22:06:00.757+00:00

    Hi @Waqas Ahmed , thank you for your question. If you haven't already, I recommend starting with this GitHub sample. My colleague Amanpreet has a detailed writeup of validating an access token here.

    Code for the Web App
    In Startup.cs, below lines of code enables Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School Accounts.

    services.AddMicrosoftIdentityWebAppAuthentication(Configuration, "AzureAdB2C")  
                        .EnableTokenAcquisitionToCallDownstreamApi(new string[] { Configuration["TodoList:TodoListScope"] })  
                        .AddInMemoryTokenCaches();  
    

    - AddMicrosoftIdentityWebAppAuthentication : This enables your application to use the Microsoft identity platform endpoint. This endpoint is capable of signing-in users both with their Work and School and Microsoft Personal accounts.

    • EnableTokenAcquisitionToCallDownstreamApi : Enables the web app to call the protected API ToDoList Api.
    • AddInMemoryTokenCaches: Adds an in memory token cache provider, which will cache the Access Tokens acquired for the Web API.

    Code for the Web API
    In Startup.cs, below lines of code protects the web API with Microsoft identity platform.

     services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)  
             .AddMicrosoftIdentityWebApi(options =>  
    {  
        Configuration.Bind("AzureAdB2C", options);  
    
        options.TokenValidationParameters.NameClaimType = "name";  
    },  
        options => { Configuration.Bind("AzureAdB2C", options); });  
    

    The linked GitHub sample goes further into detail about the required code. Please let me know if you have any questions or if I misunderstood yours, and I can help you firther.

    If this answer helped you please mark it as "Verified" so other users can reference it.

    Thank you,
    James


  2. Waqas Ahmed 1 Reputation point
    2023-01-04T09:22:50.62+00:00

    HI @James Hamil ,

    Thanks for your reply and also thanks for sharing the git repo, this ref I already take and I completed my B2C login successfully my question is different I think you did not pick it correctly, I will explain it again to you.

    see I have two separate .net core API projects one is using Azure AD login successfully and the second one is connected with Azure B2C login.

    1. Azure AD
    2. Azure B2C

    Now the challenge is I will create a token using Azure B2C API and will pass these tokens to my first project which is connected with Azure AD and validate Azure b2c access_token to Azure AD API project, and first project contains some API which are protected by Azure AD and I will get these API data passing Azure B2C token and vice versa.

    Hope you got my question.

    Regards,
    Waqas