[MSDN Redirect] AAD B2C Web App Authentication

Question

Hey all,

Newbie programmer here. Helping a client of mine set up AAD B2C to authenticate an ASP.NET Web App (C#) hosted inside App Service. It's a pretty static site that doesn't have to make any Web API calls, so I figure

His goal is to have his users authenticate with an OTP. I followed the official documentation to register the app, set up the SUSI, SSPR, and Profile Editing user flows, and uploaded custom policies from the Custom Policies Starter Pack. And to get started on the web app, I used snippets from https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi.git. Since the App doesn't need to make any calls to a Web API, I basically commented out anything that referenced the API app (like TaskServiceURL).

Initially in the B2C tenant, I put the redirect URI as https://azureb2capp-test.azurewebsites.net/. This led directly to the website without prompting for authentication. Below is a snippet of the initial web.config:

<add key="ida:Tenant" value="DistCompliance.onmicrosoft.com"/>  
<add key="ida:TenantId" value="113b6b7c-44c1-41e4-96f5-70773a102689"/>  
<add key="ida:ClientId" value="e04ee585-e9c1-4bcd-881e-a9619e3bf83e"/>  
<add key="ida:ClientSecret" value="redacted"/>  
<add key="ida:AadInstance" value="https://DistCompliance.b2clogin.com/tfp/{0}/{1}"/>  
<add key="ida:SignUpSignInPolicyId" value="B2C_1A_SignUpOrSignInWithPhoneOrEmail"/>  
<add key="ida:EditProfilePolicyId" value="B2C_1A_ProfileEditPhoneEmail"/>  
<add key="ida:ResetPasswordPolicyId" value="B2C_1A_PasswordResetEmail"/>  
<add key="ida:RedirectUri" value="https://azureb2capp-test.azurewebsites.net/"/>  
<!-- add key="api:TaskServiceUrl" value="https://azureb2capp-test.azurewebsites.net/"/>  
 

I then changed the Redirect URI in web.config to "https://distcompliance.b2clogin.com/DistCompliance.onmicrosoft.com/oauth2/authresp" and matched it in the B2C tenant:

<add key="ida:Tenant" value="DistCompliance.onmicrosoft.com"/>  
<add key="ida:TenantId" value="113b6b7c-44c1-41e4-96f5-70773a102689"/>  
<add key="ida:ClientId" value="e04ee585-e9c1-4bcd-881e-a9619e3bf83e"/>  
<add key="ida:ClientSecret" value="redacted"/>  
<add key="ida:AadInstance" value="https://DistCompliance.b2clogin.com/tfp/{0}/{1}"/>  
<add key="ida:SignUpSignInPolicyId" value="B2C_1A_SignUpOrSignInWithPhoneOrEmail"/>  
<add key="ida:EditProfilePolicyId" value="B2C_1A_ProfileEditPhoneEmail"/>  
<add key="ida:ResetPasswordPolicyId" value="B2C_1A_PasswordResetEmail"/>  
<add key="ida:RedirectUri" value="https://distcompliance.b2clogin.com/DistCompliance.onmicrosoft.com/oauth2/authresp"/>  
<!-- add key="api:TaskServiceUrl" value="https://azureb2capp-test.azurewebsites.net/"/>  

This directed me to a login page, but after authentication, I get a 404. Am I doing something wrong or out of order? And how can I figure out if it's something that went wrong with my B2C setup, or if it's a problem with the application logic itself?

Answer 1

@Anonymous

The URL has to be the application URL which is https://azureb2capp-test.azurewebsites.net/ in your case. The URL https://distcompliance.b2clogin.com/DistCompliance.onmicrosoft.com/oauth2/authresp, is used by exertnal IDPs such as Facebook, Google, another Azure AD tenant etc. to redirect back to Azure AD B2C once the the authentication is performed by those IDPs.

I tried accessing https://azureb2capp-test.azurewebsites.net/ from my computer and I got redirected to B2C authentication page. May be in your case it is performing SSO using cookies. Please try accessing this url with a browser in in-private/incognito mode.

-----------------------------------------------------------------------------------------------------------

Please "Accept as answer" wherever the information provided helps you to help others in the community.