Implementing the BFF Security Pattern with EntraId (B2c)

To make your web application more secure, it is recommended to migrate token handling to the server-side rather than the client-side. Unfortunately, to many organisations, this may seem rather complex. But it doesn’t have to be.

Complete the following three steps to implement the BFF Security Pattern with AzureAd:

1. Create an App Registration in Azure.
2. Create an aspnetcore API
3. Build a BFF

Step 1.) Create an App Registration in Azure (B2c)

To be able to authenticate users via Azure Active Directory, you must create an App Registration. Go to https://portal.azure.com, and follow these steps:

• Create an app registration
• Create a secret
• Create an Application ID URI and a scope
• Request API permissions for the scope, and grant it

1. Create an app registration

• Navigate to Azure Active Directory, and click App registrations in the menu on the left (or click here).
• Click + New registration, and fill out the form as displayed in the screenshot:

• Make sure to register the…