Azure Active Directory B2C is a separate service that enables customers to securely interact with your application. If you want to know the difference between AD, AD B2B and AD B2C, you can find a really good summary here: https://predica.pl/blog/azure-ad-b2b-b2c-puzzled-out/. Let’s assume that you’ve decided to create a separate B2C tenant, so your customers can register and log in to the application with any email address. App Service offers an out of the box authentication solution that allows you to connect to the Active Directory without writing a single line of code in your application. Here is a quick tutorial how to setup a very basic connection with only local accounts.
Register an application in AAD B2C
Azure B2C has a separate blade in the Azure portal which is called “Azure AD B2C”. Go to the “applications” section and configure your app. For a single page application enable implicit flow. Your reply URL should be constructed from the application URL and an AD callback path (.auth/login/aad/callback).
Add user flow
Under “User flows” section you will find several options that enable users to sign up, sign in, modify the profile or reset account password. Create “sign in & sign up” flow with the email signup as identity provider. Click on the run user flow button, set the domain to “your-tenant.b2clogin.com” and copy the URL from the very top. This will be your issuer URL.
Configure authentication in the App Service
The last step is to connect the authentication module to the newly created application in B2C tenant. Go to your application in App Service and in the Authentication section enable Active Directory option. Remember to enforce AAD login for anonymous users. In the advanced tab you can provide custom connection parameters. The client ID is the application ID from B2C tenant. The issuer URL is the URL copied from the user flow. Optionally you can provide secret generated in the previous screen. By default both client ID and application URL are provided as allowed audiences, so in the last section you do not have to provide anything, unless you have some custom audiences that need to be added.
When you navigate to your website you should see a generic login screen. No application code was touched during this process!