Transitioning from SQL Database to Custom Attributes for Azure Blob Storage User Access in B2C User Flow

hampton123 1,030 Reputation points
2024-04-16T14:46:03.98+00:00

I have an API that allows B2C users to upload/download files from Azure Blob Storage containers. Currently, I use an SPA with an Azure Function that sends the upload or download request to the Azure Blob Storage container that the user has access to (users only have access to one container).

The Azure Function takes in the user's B2C token, and based on the B2C user's object ID, checks the SQL database to cross-reference what container they have access to based on the SQL table. However, I want to remove the SQL database functionality and instead assign containers using custom attributes in my user flow. Can someone guide me on how to do this?

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,287 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,436 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,648 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ryan Hill 25,826 Reputation points Microsoft Employee
    2024-04-19T15:41:10.9166667+00:00

    Hey @hampton123,

    If you want to use a custom attribute in your B2C tenant user flow, you can set it up by:

    1. Create a Custom Attribute: Sign in to the Azure portal as the global administrator of your Azure AD B2C tenant. Navigate to Azure AD B2C. Select User attributes and then click Add. Provide a Name for the custom attribute (e.g., “ContainerAccess”). Choose a Data Type (String, Boolean, or Int). Optionally, enter a Description for informational purposes. Click Create to create the custom attribute.
    2. Use the Custom Attribute in Your User Flow: In your Azure AD B2C tenant, select User flows. Choose the relevant policy (e.g., “B2C_1_SignupSignin”) to open it. Under User attributes, select the custom attribute you created (e.g., “ContainerAccess”). Click Save. Next, under Application claims, select the same custom attribute. Click Save again.
    3. Assign Container Access Using Custom Attributes: When a user signs up or signs in, the custom attribute value (e.g., the container name) will be available in the token. Your Azure Function can then extract this value from the token and use it to determine which container the user has access to. No need to query the SQL database; the custom attribute provides the necessary information directly.

    The majority of these steps are outlined in Define custom attributes in Azure Active Directory B2C | Microsoft Learn. As far as assigning the custom attribute, you can use the graph API. The second answer on https://stackoverflow.com/questions/77569205/adding-a-custom-claim-in-azure-b2c-using-user-flows is a good walkthrough of working with the custom attribute.