0

We have a SPA(Single Page Application) with a .net core web api backend.

We want to use Azure AD for the authentication and authorisation as we will have at least 3 separate clients using AD, but looking online there is no definitive approach and its like piecing together a 50,000 piece jigsaw!

I have setup the azure api with Authentication and Authorisation, as shown in the image below, but is this the right place? as I believe I want this in the web API code, so I can then get the claims (permissions/roles) specific to the application.

enter image description here

There is mention of Identity but do I want to use Identity? as this sounds like it is your own database and not AD.

Should we be using B2C or B2B authentication? and does this support authorisation, as the end goal is to definer custom claims specific to the application, so we can grant and deny specific actions.

Improve this question
4
  • Do you have a pluralsight subscription ? Commented Mar 5, 2020 at 13:22
  • Did you mean how would you set permission the API you have created on your application so that user has to authorize them to access right? Commented Mar 5, 2020 at 13:45
  • I want to know how to get this working, and clarify the approach I should use, Ive updated my question Commented Mar 5, 2020 at 14:42
  • See Microsoft samples and documentation around this area learn.microsoft.com/en-us/azure/active-directory/develop/… Commented Mar 5, 2020 at 16:43

2 Answers 2

Reset to default
1

What you are using now is the built-in authentication for Azure App Service. You can sign in users and access data by writing minimal or no code in your web api. But it is not appropriate for complex scenario.

As you want to custom the application permissions/roles to specific users, it is recommended that you protect your webapi with Azure AD yourself. It is more flexible to custom your authentication. You can refer to this sample,the TodoListService part.

Should we be using B2C or B2B authentication?

Azure AD B2B is not a separate service but a feature in Azure AD.

Azure AD B2C is an independent service for building a consumer application identity repository. If you need a service to handle email or Facebook login – it is there for you.

Based on your description, I guess Azure AD is your option.

Reference:

Add authorization using app roles & roles claims to an ASP.NET Core web app thats signs-in users with the Microsoft identity platform

Compare B2B collaboration and B2C in Azure Active Directory

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I will mark it as the solution if I get it working with what you provided, thank you
0

I watched this video on pluralsight

https://app.pluralsight.com/library/courses/authentication-authorization-aspnet-core/table-of-contents

This helped to make a bit more sense of it, actually near the end he shows that you can just create a .net core web app and then change authentication and choose a multi Azure AD option as shown in the below example. This then just works out the box! Not fully for a Vue Single page app though which is still a problem.

enter image description here

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.