stackoom
  简体   繁体   中英

Authenticate Azure AD User Using Azure B2C

 原文  2021-12-11 16:35:20       azure/ azure-active-directory/ azure-ad-b2c

Question

First of all let me explain the scenario.

Dev Technology

  • Blazor ( Any SPA)
  • .Net Core API

  1. I have Azure B2C tenant. My application authentication and authorization is configured using Azure B2C.

  2. Now there is some busines related requirement in which external azure active directory user needs to add Azure B2C and at the same time it will get authenticate using external Azure AD.

Is this valid scenario and is this possible?

Update

Let me give some more insight and example.

  1. I have b2c tenant name mytenantpoc.

  2. I am working in pocorganization and they have Azure AD tenant and my user is there with like user1@pocorganization.com. This is work account.

  3. Now If I invite this user1@pocorganization.com to B2C tenant then it will land as a external active directory user and if I assign some role then it is also possible that user manage Azure B2C tenant.

Now I am working on one Blazor application and it required some authentication. So I have registered application B2C.

Problem: If I now try to login with user1@pocoranization.com then it is not working.

What is working: If I create new user in B2C then it is working.

What I am looking for: I want to use Azure AD user in B2C and their authentication will perform.

3 answers

solution1
 0  2021-12-11 16:43:21

I think you can invite external AD users as guest on tour tenant and then permit login to local accounts on your B2C

solution2
 0  2021-12-11 19:09:01

When you invite a user to B2C, they become an admin. user NOT a local user.

In this scenario, you need to use federation ie add the azure AD instance as an external provider .

solution3
 0  2021-12-12 09:11:33

You do not need to invite this account to your AAD B2C. Inviting an account only does what you stated, for the purpose of managing admin tasks in the Azure Portal for your B2C tenant.

You need to add Azure AD as a federated identity provider to your B2C user flow. That will allow users to login from other AAD's.

https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant?pivots=b2c-custom-policy

If you want to restrict logins to specific accounts from another AAD, then you want to apply some sort of RBAC solution or attribute based RBAC.

https://github.com/azure-ad-b2c/samples/blob/master/policies/relying-party-rbac

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Authenticate a user on Azure AD B2C using Graph API Azure AD B2C to authenticate corporate Azure AD accounts SPA + WebAPI authenticate using Azure AD B2C and Azure AD Using both Azure AD and Azure AD B2C to authenticate with SSO Azure AD B2C user creation Configuring an Azure Static Web App to authenticate using Azure AD B2C Using Azure AD B2C with Bot User needs to re-authenticate with Azure AD B2C after the user closes and reopens the browser Create user using Azure AD Graph API in Azure AD B2C User and organization management in Azure AD and Azure B2C
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM