Can I create an Azure AD B2C custom policy that returns yes/no as to whether the user is logged in?

Lewis Ollerenshaw 20 Reputation points
2023-09-25T08:20:15.4+00:00

Hello, I am wondering if it is possible to create a Azure AD B2C custom policy that simply returns a yes/no as to whether the user that initiated the flow is logged in?

Here is my scenario:

I have 2 single page applications both guarded by B2C. Site A is for signing the user in and session creation, and Site B is the main application they will use when they are signed in and have a valid session. If a user lands on Site B without being logged in, instead of being shown a login page, I want them to be redirected to Site A.

I am using MSAL library in both UI applications. What I have achieved is using the ssoSilent method on Site B app load, if successful, then acquire an access token and allow them into the app. If not successful, redirect them to Site A, from there they login and are successful the next time they are redirected Site B from A.

The problem with this is that ssoSilent will not work if the user has 3rd party cookies disabled, which leads me to my question.

Can I create a custom policy in Azure AD B2C that Site B can redirect to on site load, with the responsibility of simply checking if the user is logged in or not? No login page, no interaction, just returned back to Site B with a yes/no to determine whether to try and acquire an access token, or redirect them to Site A.

I hope this makes sense, please let me know if anything is unclear. Thank you

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,469 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 29,741 Reputation points Microsoft Employee
    2023-09-26T07:44:01.26+00:00

    Hi @Lewis Ollerenshaw ,

    Thanks for reaching out.

    Yes, it is possible to create a custom policy in Azure AD B2C that can check if the user is logged in or not. You can use the "IsAuthenticated" claim type to check if the user has an active session or not.

    <TechnicalProfile Id="CheckIsAuthenticated">
      <DisplayName>Check if user is authenticated</DisplayName>
      <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="isAuthenticated" DefaultValue="false" />
      </OutputClaims>
      <OutputClaimsTransformations>
        <OutputClaimsTransformation ReferenceId="CheckIsAuthenticated" />
      </OutputClaimsTransformations>
    </TechnicalProfile>
    
    
    

    You can use this technical profile to add in your user journey to call the flow accordingly.

    Alternatively, you can call the REST API to check the user's session and based on scenario call in your user journey to redirect to site A or site B.

    https://learn.microsoft.com/en-gb/azure/active-directory-b2c/api-connectors-overview?pivots=b2c-custom-policy

    Hope this will help.

    Thanks,

    Shweta


    Please remember to "Accept Answer" if answer helped you.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.