An ASP.NET Core Web App which lets sign-in users (including in your org, many orgs, orgs + personal accounts, sovereign clouds) and call Web APIs (including Microsoft Graph)
MIT License
1.37k
stars
983
forks
source link
Should app registrations be defined in a B2C Active Directoy for the example found in 4-WebApp-your-API/4-1-MyOrg? #775
In the file named 4-WebApp-your-API/4-1-MyOrg/TodoListService/appsettings.json
This line seems to imply a normal (not B2C) Active Directory should be used because the domain is microsoftonline.com:
"Instance": "https://login.microsoftonline.com/",
However this line seems to imply an app registered in a B2C Active Directory should be used:
"Domain": "[Enter the domain of your tenant, e.g. contoso.onmicrosoft.com]",
In my Azure subscription, my primary Active Directory is named MyDomain.com while my B2C Active Directory is named MyDomain.onmicrosoft.com. That is why I am thinking the "...onmicrosoft.com" requires a B2C registered app.
My specific question about the above configuration is - Should the apps used for the example in the folder 4-1-MyOrg be defined in an Active Directory or a B2C Active Directory or does it matter?
There is another example in the 4-WebApp-your-API folder named 4-2-B2C
The B2C example says to use an Instance domaain ending in "...b2clogin.com":
"Instance": "https://fabrikamb2c.b2clogin.com",
but also says to use a Domain of "...onmicrosoft.com":
"Domain": "fabrikamb2c.onmicrosoft.com",
This example also requires a domain of onmicrosoft.com which seems to add credibility to the idea that the first example is suspect.
It would be very helpful if there was documentation explaining the difference between microsoftonline.com and b2clogin.com and when and where each should be used. As shown in the examples above these domains appear to be used interchangeably - is that correct?
In the examples found here:
https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2
In the file named 4-WebApp-your-API/4-1-MyOrg/TodoListService/appsettings.json
This line seems to imply a normal (not B2C) Active Directory should be used because the domain is microsoftonline.com:
However this line seems to imply an app registered in a B2C Active Directory should be used:
In my Azure subscription, my primary Active Directory is named
MyDomain.comwhile my B2C Active Directory is namedMyDomain.onmicrosoft.com. That is why I am thinking the "...onmicrosoft.com" requires a B2C registered app.My specific question about the above configuration is - Should the apps used for the example in the folder 4-1-MyOrg be defined in an Active Directory or a B2C Active Directory or does it matter?
There is another example in the 4-WebApp-your-API folder named
4-2-B2CThe B2C example says to use an Instance domaain ending in "...b2clogin.com":
but also says to use a Domain of "...onmicrosoft.com":
This example also requires a domain of onmicrosoft.com which seems to add credibility to the idea that the first example is suspect.
It would be very helpful if there was documentation explaining the difference between
microsoftonline.comandb2clogin.comand when and where each should be used. As shown in the examples above these domains appear to be used interchangeably - is that correct?