How to integrate an older ASP.NET site with Azure AD B2C?

Question

We have an older CMS (Kentico 11), which is ASP.NET-based (not Core, not Blazor, not MVC) with a target framework of .NET Framework 4.6.1. For various reasons we can't just replace it any time soon. As part of the process of replacing our web offerings gradually we would like to build in a piece that will authenticate against our Azure AD B2C tenant so the old CMS content and the new pieces we roll out can be using the same authentication authority.

Obviously this older code base does not include any support for more recent Microsoft Identity interactions. The problem we've had is, we are rank beginners at this, and all of the documentation and tutorials are based on .NET Core/Blazor, and assume you have or can upgrade to the most recent SDKs. We are quite happy to begin working at a lower level of abstraction than the Microsoft.Identity libraries but have been unable to find any documentation of anything below that.

Where can we find documentation of the specifications for interacting with Azure B2C (what do we need to send in the auth hand-off, and what can we expect to see in an OpenID token)? If that's deliberately not published for some reason, what other possibilities are there for tying an older code base to B2C?

Answer 1

ASP.NET 4.6.1 will use a OWIN library to authenticate with AD. I assume B2C works the same way. OWIN is a standard for plugging in libraries that are not part of the .NET framework. You'll uses the global.asax to configure and register the OWIN library. While MVC examples are more common the actual pattern is the same for any ASP.NET application.

https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-asp-webapp
https://learn.microsoft.com/en-us/azure/active-directory-b2c/openid-connect