Hacking Active Directory User Group Authorization with Azure AD B2C

07/16/2019

Hacking Active Directory User Group Authorization with Azure AD B2C

The good news is, we have an authorization solution for Azure AD B2C using Azure AD groups!

NOTE For anyone looking at this, Microsoft just recently upgraded the directory back-end to Microsoft Graph so the Graph-specific portions of this content are obsolete -- you'll want to implement your own version of group-based authorization with this code base.

For everyone that's been frustrated by Microsoft's progress in getting user membership groups in the claims with AD B2C, we're happy to announce that we've got a simple demo solution for using Azure AD group memberships for authentication in ASP.NET Core using the Azure AD Graph Client API to get this done.

To make this happen, we implement the Microsoft.AspNetCore.Authorization.IAuthorizationService interface, and simply use the service to access the Graph API back end. Because we're running on Linux, we weren't able to use the Microsoft.Azure.ActiveDirectory.GraphClient.ActiveDirectoryClient object like we'd hoped, which would make the code a little cleaner - instead, we rely on the Graph API sample code that we've all been pointed to for getting our code to work.

Take a look and let us know what you think: https://github.com/endpointsystems/Azure.B2C.Demos.GroupAuthorization

Looking for help building or integrating your web application with Azure AD B2C? Contact us for a quote - not only is it free, but we can help you find what you're looking for at a better price than most consulting firms!