AzureAD.UI is Dead, Long Live...Microsoft.Identity.Web.UI?

11/11/2020

AzureAD.UI is Dead, Long Live...Microsoft.Identity.Web.UI?

Yet another package upgrade/migration for Azure AD B2C developers. But not without its benefits.

Welp, it's official - the AspNetCore.Authentication.AzureAD.UI and Microsoft.AspNetCore.Authentication.AzureADB2C.UI are now obsolete, having been consolidated into Microsoft.Identity.Web (for the auth bits) and Microsoft.Identity.Web.UI (for the UI bits).

Here's what this means for Azure AD B2C developers.

If you thought you were consolidating features, you were only partially correct. As the configuration for Azure AD leverages AzureAd in its appsettings.json file, you'll be using AzureAdB2C as below:

{
  "AzureAdB2C": {
   "Instance": "https://fabrikamb2c.b2clogin.com",
     "ClientId": "fdb91ff5-5ce6-41f3-bdbd-8267c817015d",
     "Domain": "fabrikamb2c.onmicrosoft.com",
     "SignedOutCallbackPath": "/signout/B2C_1_susi",
     "SignUpSignInPolicyId": "b2c_1_susi",
     "ResetPasswordPolicyId": "b2c_1_reset",
     "EditProfilePolicyId": "b2c_1_edit_profile", // Optional profile editing policy

  },
...
}

Honestly, the documentation doesn't deep dive too far into the differences between Azure AD and Azure AD B2C, at least the way you'd like it to. So here's a snippet from one of their only sample projects for the Startup file, which if you've ever been through startup sequence hell, comes in pretty handy:


using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Identity.Web;
using Microsoft.Identity.Web.UI;

namespace WebApp_OpenIDConnect_DotNet
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.Configure<CookiePolicyOptions>(options =>
            {
                // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
                // Handling SameSite cookie according to https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
                options.HandleSameSiteCookieCompatibility();
            });

            // Configuration to sign-in users with Azure AD B2C
            services.AddMicrosoftIdentityWebAppAuthentication(Configuration, "AzureAdB2C");

            services.AddControllersWithViews()
                .AddMicrosoftIdentityUI();

            services.AddRazorPages();

            //Configuring appsettings section AzureAdB2C, into IOptions
            services.AddOptions();
            services.Configure<OpenIdConnectOptions>(Configuration.GetSection("AzureAdB2C"));
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }

            app.UseHttpsRedirection();
            app.UseStaticFiles();
            app.UseCookiePolicy();

            app.UseRouting();
            app.UseAuthentication();
            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllerRoute(
                    name: "default",
                    pattern: "{controller=Home}/{action=Index}/{id?}");
                endpoints.MapRazorPages();
            });
        }
    }
}

Looking at the Startup.cs, not a whole lot has changed. You're still most likely going to want to look at doing your own thing for group authorization; the only caveat there MIGHT be this change regarding Endpoints and HttpContext though I don't think it's going to be an issue.

For Azure AD B2C developers, I don't see this NuGet package change as having any real benefits, at least in the short term. It looks like there's been a change in the Microsoft Graph back end in B2C, one that puts our group authorization solution to an end for sure...

Looking for help building or integrating your web application with Azure AD B2C? Contact us for a quote - not only is it free, but we can help you find what you're looking for at a better price than most consulting firms!