{"id":36904,"date":"2017-10-17T12:36:10","date_gmt":"2017-10-17T19:36:10","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/aspnet\/?p=22096"},"modified":"2017-10-17T12:36:10","modified_gmt":"2017-10-17T19:36:10","slug":"user-accounts-made-easy-with-azure","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/user-accounts-made-easy-with-azure\/","title":{"rendered":"User accounts made easy with Azure"},"content":{"rendered":"<p>One of the most common requirements for web applications is for users create accounts for the purpose of access control and personalization. While ASP.NET templates have always made it easy to create an application that uses a database you control to register and track user accounts, that introduces other complications over the long term. As laws around user information get stricter and security becomes more important, maintaining a database of users and passwords comes with an increasing set of maintenance and regulatory challenges.<\/p>\n<p>A few weeks ago I tried out the new <a target=\"_blank\" href=\"https:\/\/azure.microsoft.com\/en-us\/services\/active-directory-b2c?ref=microsoft.com&amp;utm_source=microsoft.com&amp;utm_medium=docs&amp;utm_campaign=visualstudio\" rel=\"noopener noreferrer\">Azure Active Directory B2C<\/a> service, and was really impressed with how easy it was to use. It added user identity and access control to my app, while moving all the responsibility for signing users up, authenticating them, and maintaining the account database to Azure (and <a target=\"_blank\" href=\"https:\/\/azure.microsoft.com\/en-us\/pricing\/details\/active-directory-b2c?ref=microsoft.com&amp;utm_source=microsoft.com&amp;utm_medium=docs&amp;utm_campaign=visualstudio\" rel=\"noopener noreferrer\">it\u2019s free to develop with<\/a>).<\/p>\n<p>In this post I\u2019ll briefly walk through how to get up and running with Azure B2C in a new ASP.NET Core app. It\u2019s worth noting it works just as well with ASP.NET apps on the .NET Framework with slightly different steps (<a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory-b2c\/active-directory-b2c-devquickstarts-web-dotnet-susi?ref=microsoft.com&amp;utm_source=microsoft.com&amp;utm_medium=docs&amp;utm_campaign=visualstudio\">see walkthrough<\/a>). I\u2019ll then include some resources that will help you with more complex scenarios including authenticating against a backend Web API.<\/p>\n<h2>Step 1: Create the B2C Tenant in Azure<\/h2>\n<ul>\n<li>To get started, you\u2019ll need an Azure account. If you don\u2019t have one yet, <a target=\"_blank\" href=\"https:\/\/azure.microsoft.com\/free?ref=microsoft.com&amp;utm_source=microsoft.com&amp;utm_medium=docs&amp;utm_campaign=visualstudio\" rel=\"noopener noreferrer\">create your free account now<\/a><\/li>\n<li><a target=\"_blank\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory-b2c\/active-directory-b2c-get-started?ref=microsoft.com&amp;utm_source=microsoft.com&amp;utm_medium=docs&amp;utm_campaign=visualstudio\" rel=\"noopener noreferrer\">Create an Azure AD B2C Directory<\/a><\/li>\n<li>Create your policies (this is where you indicate what you need to know about the user)\n<ul>\n<li><a target=\"_blank\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory-b2c\/active-directory-b2c-reference-policies#create-a-sign-up-or-sign-in-policy?ref=microsoft.com&amp;utm_source=microsoft.com&amp;utm_medium=docs&amp;utm_campaign=visualstudio\" rel=\"noopener noreferrer\">Create a sign-up or sign-in policy<\/a>\n<ul>\n<li>Choose all of the information you want to know about the user under \u201cSign-up attributes\u201d<\/li>\n<li>Indicate all the information you want passed to your application under \u201cApplication Claims\u201d (note: the default template uses the \u201cDisplay Name\u201d attribute in the navigation bar so you will want to include that)\n<a href=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2017\/10\/clip_image00226.jpg\"><img decoding=\"async\" width=\"511\" height=\"685\" title=\"clip_image002\" alt=\"clip_image002\" src=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2017\/10\/clip_image002_thumb17.jpg\" border=\"0\" \/><\/a><\/li>\n<\/ul>\n<\/li>\n<li><a target=\"_blank\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory-b2c\/active-directory-b2c-reference-policies#create-a-profile-editing-policy?ref=microsoft.com&amp;utm_source=microsoft.com&amp;utm_medium=docs&amp;utm_campaign=visualstudio\" rel=\"noopener noreferrer\">Create a profile editing policy<\/a><\/li>\n<li><a target=\"_blank\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory-b2c\/active-directory-b2c-reference-policies#create-a-password-reset-policy?ref=microsoft.com&amp;utm_source=microsoft.com&amp;utm_medium=docs&amp;utm_campaign=visualstudio\" rel=\"noopener noreferrer\">Create a password reset policy<\/a><\/li>\n<li><strong>Note: <\/strong>After you create each policy, you\u2019ll be taken back to the tab for that policy type which will show you the full name of the policy you just created, which will be in the form \u201cB2C_1_&lt;name_you_entered&gt;\u201d.  You\u2019ll need these names below when creating your project.\n<a href=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2017\/10\/image911.png\"><img decoding=\"async\" width=\"647\" height=\"623\" title=\"image\" alt=\"image\" src=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2017\/10\/image_thumb889.png\" border=\"0\" \/><\/a><\/li>\n<\/ul>\n<\/li>\n<li><a target=\"_blank\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory-b2c\/active-directory-b2c-app-registration?ref=microsoft.com&amp;utm_source=microsoft.com&amp;utm_medium=docs&amp;utm_campaign=visualstudio\" rel=\"noopener noreferrer\">Register your application<\/a> (follow the instructions for a Web App)\n<ul>\n<li><strong>Note<\/strong>: You\u2019ll get the \u201cReply URL\u201d in the next step when you create the new project.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Step 2: Create the Project in Visual Studio<\/h2>\n<ul>\n<li>File -&gt; New Project -&gt; Visual C# -&gt; ASP.NET Core Web Application\n<a href=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2017\/10\/clip_image00416.jpg\"><img decoding=\"async\" width=\"871\" height=\"619\" title=\"clip_image004\" alt=\"clip_image004\" src=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2017\/10\/clip_image004_thumb11.jpg\" border=\"0\" \/><\/a><\/li>\n<li>On the New ASP.NET dialog, click the \u201cChange Authentication\u201d button on the right side of the dialog\n<a href=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2017\/10\/image909.png\"><img decoding=\"async\" width=\"1183\" height=\"773\" title=\"image\" alt=\"image\" src=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2017\/10\/image_thumb887.png\" border=\"0\" \/><\/a><\/p>\n<ul>\n<li>Choose \u201cIndividual User Accounts\u201d<\/li>\n<li>Change the dropdown in the top right to \u201cConnect to an existing user store in the cloud\u201d<\/li>\n<li>Fill in the required information from the B2C Tenant you created in the Azure portal previously<\/li>\n<li>Copy the \u201cReply URI\u201d from the \u201cChange Authentication\u201d dialog and enter it into the application properties for the app you previously created in your B2C tenant in the Azure portal.<\/li>\n<li>Click OK\n<a href=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2017\/10\/clip_image00611.jpg\"><img decoding=\"async\" width=\"939\" height=\"730\" title=\"clip_image006\" alt=\"clip_image006\" src=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2017\/10\/clip_image006_thumb8.jpg\" border=\"0\" \/><\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Step 3: Try it out<\/h2>\n<p>Now run your application (ctrl+F5), and click \u201cSign in\u201d in the top right:<\/p>\n<p><a href=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2017\/10\/clip_image00812.jpg\"><img decoding=\"async\" width=\"940\" height=\"180\" title=\"clip_image008\" alt=\"clip_image008\" src=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2017\/10\/clip_image008_thumb8.jpg\" border=\"0\" \/><\/a><\/p>\n<p>You\u2019ll be navigated to Azure\u2019s B2C sign-in\/sign-up page:<\/p>\n<p><a href=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2017\/10\/clip_image0105.jpg\"><img decoding=\"async\" width=\"939\" height=\"490\" title=\"clip_image010\" alt=\"clip_image010\" src=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2017\/10\/clip_image010_thumb5.jpg\" border=\"0\" \/><\/a><\/p>\n<p>The first time, click the \u201cSign up now\u201d at the bottom to create your account. Once your account is created, you\u2019ll be redirected back to your app and you\u2019re now signed in. It\u2019s as easy that.<\/p>\n<p><a href=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2017\/10\/clip_image0123.jpg\"><img decoding=\"async\" width=\"940\" height=\"176\" title=\"clip_image012\" alt=\"clip_image012\" src=\"https:\/\/msdnshared.blob.core.windows.net\/media\/2017\/10\/clip_image012_thumb3.jpg\" border=\"0\" \/><\/a><\/p>\n<h2>Additional Resources<\/h2>\n<p>The above walk through provided a quick overview for how to get started with Azure B2C and ASP.NET Core. If you are interested in exploring further or using Azure B2C in a different context, here are a few resources that you may find useful:<\/p>\n<ul>\n<li>Create an ASP.NET (.NET Framework) app with B2C\n<ul>\n<li><a target=\"_blank\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory-b2c\/active-directory-b2c-devquickstarts-web-dotnet-susi?ref=microsoft.com&amp;utm_source=microsoft.com&amp;utm_medium=docs&amp;utm_campaign=visualstudio\" rel=\"noopener noreferrer\">Walkthrough<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/Azure-Samples\/active-directory-b2c-dotnet-webapp-and-webapi\">Sample on GitHub<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/github.com\/Azure-Samples\/active-directory-b2c-dotnetcore-webapp\">ASP.NET Core GitHub sample<\/a>: This sample demonstrates how to use a web front end to authenticate, and then obtain a token to authenticate against a backend Web API.<\/li>\n<li><strong>If you are looking to add support to an existing app<\/strong>, you may find it easiest to create a new project in Visual Studio and copy and paste the relevant code into your existing application. You can of course use code from the GitHub samples mentioned above as well<\/li>\n<\/ul>\n<h2>Conclusion<\/h2>\n<p>Hopefully you found this short overview of Azure B2C interesting. Authentication is often much more complex than the simple scenario we covered here, and there is no single \u201cone size fits all\u201d, so it should be pointed out that there are many alternative options, <a href=\"https:\/\/docs.microsoft.com\/en-us\/aspnet\/core\/security\/authentication\/community\">including third-party and open source options<\/a>. As always, feel free to let me know what you think in the comments section below, or <a href=\"https:\/\/twitter.com\/AndrewBrianHall\">via twitter<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>One of the most common requirements for web applications is for users create accounts for the purpose of access control and personalization. While ASP.NET templates have always made it easy to create an application that uses a database you control to register and track user accounts, that introduces other complications over the long term. As [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":58792,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[197],"tags":[],"class_list":["post-36904","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aspnet"],"acf":[],"blog_post_summary":"<p>One of the most common requirements for web applications is for users create accounts for the purpose of access control and personalization. While ASP.NET templates have always made it easy to create an application that uses a database you control to register and track user accounts, that introduces other complications over the long term. As [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/36904","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/comments?post=36904"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/36904\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media\/58792"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media?parent=36904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/categories?post=36904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/tags?post=36904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}