question

adminpadisch-5654 avatar image
0 Votes"
adminpadisch-5654 asked adminpadisch-5654 commented

azure B2C set-up for blazor server project security with @context.User.Identity.Name

g'day

how do i set-up a azure b2c tenant for a blazor/ASP project with user login security to filter/select data only for the logged in user?
in a default SQL set-up this works with the email field/column but in azure b2c the system is using the column file "NAME" which is not secure!

i have a b2c project up and running and all works fine. but, not the security part. this is because a ASP project is using this code to identify a user (@context.User.Identity.Name) and in b2c this code is using the column field "NAME" which is not unique and not verified or proofed like the email.

this azure b2c set-up is not secure for a public web app to grant access data only for his on data and only for the logged in user.
how is this possible in azure b2c?
thanks, marcel

azure-ad-b2cdotnet-aspnet-core-blazorazure-webapps-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ADefWebserver avatar image
1 Vote"
ADefWebserver answered adminpadisch-5654 commented

Code like this will provide the unique GUID for the Azure B2C user:

 var authState = await AuthenticationStateProvider.GetAuthenticationStateAsync();
 var user = authState.User;
 UserID = user.Claims.FirstOrDefault(
                     c => c.Type == 
                     "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier")?
                     .Value;

See: Blazor Azure B2C User And Group Management


· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

g'day
sorry but i do not see how the logged in user will be tracked and selected by this code in B2C.


example, in a blazor server project you need to track the logged in user in the field (created by and modified by) for selecting and grant access only for this user to his own data in the app. by default this works with the code (User.Identity.Name) in a SQL version but it does not work in a B2C version because the code is not using the email instead it uses the field "NAME" which is not secure and not verified etc...

the set-up of B2C must be somehow configured that the column "NAME" has the same value like the column "email" automatically at registration and not edited maually!

how is this possible? what is the workflow from microsoft for this?
thanks for your help, marcel

0 Votes 0 ·

Check @ADefWebserver blog post that he referenced @adminpadisch-5654. Instead of User.Identity.Name you're using the Microsoft Graph nuget packages that includes AuthenticationStateProvider which is how you'll get access to the logged in user from B2C. It's a rather good step-by-step walkthrough.

2 Votes 2 ·

You may need to set the options like this:

146898-image-e05d3a32-f0cc-4560-ae2d-ad39ab8d0430.png

See: Creating A Blazor Server Azure B2C App


0 Votes 0 ·

g'day and many thanks for your feedback.

is this workflow also possible with VS 1019? and .NET 5.0? because of my evaluation project for a live production.

and the registration form should only include the email and PW input box, does the system works out like this for the security part for local accoounts and (MS, LinkedIn and google)?
regards, marcel

0 Votes 0 ·

the registration form should only include the email and PW input box

See: Creating A Blazor Server Azure B2C App


0 Votes 0 ·