Consider the situation where you are developing an ASP.NET Core application that needs to support Azure B2C. Following the official Microsoft Document, you implement the Microsoft.Identity.Web library and three built-in User Flows. All is working well, but you also need to implement a Custom Policy. You find the following documentation which shows how to make a request with the B2C policy specified: https://learn.microsoft.com/en-us/azure/active-directory-b2c/enable-authentication-web-application-options#pass-the-azure-ad-b2c-policy-id You try to implement this guidance. Everything…
Read MoreUse logging to troubleshoot Azure AD protected Web API Authentication or Authorization errors
The sample web API application in this blog uses .Net 6 Framework and Microsoft.Identity.Web nuget package to Azure AD protect the Web API. I use Serilog framework for logging the debug output both to the console window and to the local file. This sample assumes you already have a web API application registered in Azure AD. If you are not familiar with how to do that refer to my previous…
Read MoreUpdate Asp.Net or Asp.Net Core app session to last longer than Azure AD tokens
Azure AD tokens (ID tokens, access tokens, and SAML tokens) by default last one hour. Asp.Net and Asp.Net Core Middleware sets their authentication ticket to the expiration of these tokens by default. If you do not want your web application to kick the user out redirecting them to Azure AD to sign-in again, you can customize the Middleware authentication ticket. This can also help resolve AJAX issues (getting CORS error…
Read More