Introduction:
This blog comes under my series of blogs based on Integrating Azure AD B2C with ASP.NET MVC Web application.
Please go through my blog on Azure AD B2C integration with ASP.NET MVC Web application, before going through this blog
Integrate Azure AD B2C with ASP.NET MVC Web Application – Gowtham K (gowthamcbe.com)
This blog will give a complete idea about how to handle and to use the claims from the Azure B2C tokens in your ASP.NET MVC Web application.
I started writing this series based on my reader’s request.
Azure AD B2C Claims:
In Azure AD B2C, “claims” refer to specific details regarding a user, shared during their engagement with the identity provider. Such details can encompass the user’s identity attributes, like their name, email, contact number, age, and membership tier, among others. These pieces of information are crucial for applications to authorize access to various resources or to tailor the user interface and functionalities according to the individual’s characteristics.
Upon a user logging into an application via Azure AD B2C, the service verifies the user’s identity and subsequently issues a token to the application. This token is embedded with claims related to the user. The application can leverage this information for multiple purposes, such as showing the user’s name or assessing if the user holds a premium subscription.
In Azure AD B2C, you have the flexibility to tailor which claims are embedded in the tokens issued to your applications. This customization is achieved by setting up the identity experience framework policies within Azure AD B2C. These policies map out the user’s navigation through your applications, detailing the processes for user registration, login, and profile management.
Step 1: Login to Azure AD B2C tenant
Step 2: Under the Policies blade, select user flows
Step 3: Select the targeted user flow to update the claims configuration, for demo purpose I have selected my SignIn_SignUp Flow
Step 4: Select Application claims, and select the claims that should be included in the token. Make sure you don’t include unnecessary information in the claims.
Step 5: Save the changes
Handling AD B2C Claims in ASP.NET MVC Application
Step 1: Open the MVC Client application created in my last blog
Step 2: Open _LoginPartial.cshtml file, you will find a code to get a Name from the user context, in our case it’s always null.
Welcome, @User.Identity.NameStep 3: Let’s get the Name from the claims, use below code snippet below to get a Claims Information.
var identity = HttpContext.Current.User.Identity as System.Security.Claims.ClaimsIdentity;
var name = identity.Claims.First(claim => claim.Type == "name").Value;Step 4: Run the application
Summary:
This article explores the integration of Azure Active Directory B2C (Azure AD B2C) with an ASP.NET MVC application, focusing on the management and utilization of user claims. Azure AD B2C serves as a robust identity management solution, enabling applications to provide secure sign-up, sign-in, and profile management capabilities.
A significant portion of the article is dedicated to explaining how to access and manipulate user claims post-authentication. This involves retrieving the token issued by Azure AD B2C, extracting claims from the token, and using these claims within the application, for example, to display the name.
Click here to get a Source Code.
