Connecting Azure AD B2C to identityserver4 via the B2C custom identity provider

Rory Braybrook
Nov 21, 2018 · 3 min read
Image for post
Image for post

This completes the series I’ve been working on.

The previous posts were:

It’s worth reading those posts as I go into the background in greater detail.

I’ve come across two reasons to do this “connection” lately.

  • A customer that had credentials in a database on a Linux server and wanted these “internal” users to access B2C as well. idsrv4 is .NET Core that runs on Linux. The usual “external” users use local accounts in B2C.
  • A customer that had credentials in a SQL Server database on a Windows server and wanted these “internal” users to access B2C as well. The usual “external” users use local accounts in B2C.

B2C OOTB can’t integrate with an external database.

Adding idsrv4 to the mix in both the above examples provided the desired solution. Via the extensions, idsrv4 can integrate to any database.

For the purposes of this post, I need an internet accessible version of idsrv4. This is so B2C can access it. Running on my PC under localhost won’t work. I thought about deploying my sample to Azure App services but then remembered there is already an Azure demo. site at:

https://demo.identityserver.io/

Image for post
Image for post

I’m going to use the authorisation code grant flow.

Clicking on the “discovery document” link takes us to:

Image for post
Image for post

So over to B2C and let’s add another Identity provider:

Image for post
Image for post

We’ve added the “Metadata URL” and the client id of “server.code” and the secret of “secret” from the idsrv4 screen above.

I used these claims mappings:

Image for post
Image for post

Remember to add the Identity provider to the policy:

Image for post
Image for post

Click “Run now” on the B2C policy.

Image for post
Image for post

Select “idsrv4B2C”.

Image for post
Image for post

Login with “bob” / “bob”.

Image for post
Image for post

Allow.

And back to jwt.ms. (This is because I set the B2C policy reply URL to this).

Image for post
Image for post

Success!

I really like the fact that B2C allows you to do these integrations via the custom Identity provider and that idsrv4 (being open source) allows you to do pretty much anything via the extensions.

All good!

Rory Braybrook

Written by

NZ Microsoft Identity dude and MVP. Azure AD/B2C/ADFS/Auth0/identityserver. StackOverflow: https://bit.ly/2XU4yvJ Presentations: http://bit.ly/334ZPt5

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Rory Braybrook

Written by

NZ Microsoft Identity dude and MVP. Azure AD/B2C/ADFS/Auth0/identityserver. StackOverflow: https://bit.ly/2XU4yvJ Presentations: http://bit.ly/334ZPt5

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store