custom login page with B2C and Azure AD authentication

hi,

i am creating azure website with React js as front end and .net core web api for business layer.

i have two sets of user , internal users which i want to authenticate against azure AD and external users which authenticated against B2C ad

i want to create my own login page, where user will put email-ID and password and on the basis of email-id i want to decide if I need to authenticate against Azure AD or Azure B2C
is this possible to create such custom login page?

1 answer

AmanpreetSingh-MSFT 56,506 Reputation points

2021-12-17T06:50:55.4+00:00

Hi @azure architect with .net expereince • Thank you for reaching out.

Yes, you can create a custom page for your application where you can provide a text box to collect the email address of the user and based on the domain suffix of the email address, you can redirect the user to either B2C or Azure AD tenant for authentication. This is done by passing the domain suffix as domain_hint in the authentication request to facilitate the Home Realm Discovery (HRD).

Please refer to the below custom policy sample for this purpose:
A B2C IEF Custom Policy - A Sign In policy with Home Realm Discovery and a Default Identity Provider

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Please sign in to rate this answer.
AmanpreetSingh-MSFT 56,506 Reputation points

2021-12-20T10:20:31.517+00:00

Hi @azure architect with .net expereince • Just checking if you have any further question.

azure architect with .net expereince 1 Reputation point

2021-12-20T17:50:43.123+00:00

Thanks for the reply,

I am thinking to create custom login page and i will call web api on button click of login page, in API i will implement logic if user login have mail id with same corporate domain i.e. internal user then I will authenticate against azure AD.
if user Login email id is external user i.e. other than corporate domain then i will go for B2C

can I authenticate users against B2C and and against AD through web API by passing username and password?

AmanpreetSingh-MSFT 56,506 Reputation points

2021-12-21T04:53:35.993+00:00

@azure architect with .net expereince • You can use ROPC flow to authenticate users against Azure AD and Azure AD B2C by passing username and password. Please refer to below docs for this purpose:

Azure AD: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc

Azure AD B2C: https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-ropc-policy?tabs=app-reg-ga&pivots=b2c-custom-policy

azure architect with .net expereince 1 Reputation point

2021-12-21T06:57:26.98+00:00

Thanks, but what i found many places it is recommended not to use ROPC for custom login page, is that ok to use or any security issue

AmanpreetSingh-MSFT 56,506 Reputation points

2021-12-21T12:19:30.16+00:00

@azure architect with .net expereince • That is because, in the case of ROPC flow, the client application itself collects the credentials, and then supplies the credentials to the token endpoint to acquire tokens. Whereas, in other flows, the credentials are supplied directly to the authorization server via the authorization endpoint and not the application. If you trust the application that it caches/stores the credentials securely, you can use this flow.

azure architect with .net expereince 1 Reputation point

2021-12-22T17:39:12.283+00:00

can i do azure ad authentication as mentioned in link

https://learn.microsoft.com/en-us/azure/developer/javascript/tutorial/single-page-application-azure-login-button-sdk-msal

and can achieve this with B2C also in similar way?i didnt found that on microsoft site...

please help if possible
Sign in to comment

Share via

custom login page with B2C and Azure AD authentication

1 answer