Obtaining the authentication token returned from Azure AD B2C in ASP.NET Core 2.0
This is defiitely something that caught me out. We are using Azure Active Directory Business-2-Consumer (AD B2C) in our latest web app for all user identity including signup / signin / password reset. After configuring and setting up the required policies (specifying what information we wanted returned in the token upon success), I then set about trying to retrieve the JWT token that is returned from Azure AD B2C so that I would know the identity of the logged-in user.
Retrieving this token proved a bit more difficult than I originally thought. I checked the response headers and couldn’t find the token. I checked through the documentation and couldn’t find any examples or explanation of how to retrieve the token.
Using the browser’s built-in debugging tools and Telerik Fiddler, I could see that the token was being posted to the /signin-oidc endpoint (which is the default endpoint for OpenId Connect applications).
I did eventually come across this article[^] which seemed a likely candidate. Unfortunately, when attempting to follow the instructions I got an error when running the application. Our configuration didn’t seem to work with the example code given in the article.
Eventually, I managed to come across this article[^] The important part of the article is the code snippet below.
Hide Copy Code
@{
ViewData["Title"] = "Security";
}
<h2>Secure</h2><dl>
@foreach (var claim in User.Claims)
{
<dt>@claim.Type</dt>
<dd>@claim.Value</dd>
}
</dl>
Basically, the returned claims from Azure AD B2C are contained within the user object Claims property.
Hide Copy Code
User.ClaimsBy iterating through this object I was able to retrieve all the claims that I had configured in our Azure policies.
I don’t know why this critical piece of the jigsaw is so sparsely documented. Without knowing which user has logged into our web app, we are pretty much at a loss as to provide any functionality. Being able to determine the identity of the user is the critical functionality provided by the Identity Provider (any identity provider).
I hope this article helps out at least a few other developers.
