Obtaining the authentication token returned from Azure AD B2C in ASP.NET Core 2.0

This is defiitely something that caught me out. We are using Azure Active Directory Business-2-Consumer (AD B2C) in our latest web app for all user identity including signup / signin / password reset. After configuring and setting up the required policies (specifying what information we wanted returned in the token upon success), I then set about trying to retrieve the JWT token that is returned from Azure AD B2C so that I would know the identity of the logged-in user.

Retrieving this token proved a bit more difficult than I originally thought. I checked the response headers and couldn’t find the token. I checked through the documentation and couldn’t find any examples or explanation of how to retrieve the token.

Using the browser’s built-in debugging tools and Telerik Fiddler, I could see that the token was being posted to the /signin-oidc endpoint (which is the default endpoint for OpenId Connect applications).

I did eventually come across this article[^] which seemed a likely candidate. Unfortunately, when attempting to follow the instructions I got an error when running the application. Our configuration didn’t seem to work with the example code given in the article.

Eventually, I managed to come across this article[^] The important part of the article is the code snippet below.

Hide Copy Code

@{
ViewData["Title"] = "Security";
}
<h2>Secure</h2>
<dl>
@foreach (var claim in User.Claims)
{
<dt>@claim.Type</dt>
<dd>@claim.Value</dd>
}
</dl>

Basically, the returned claims from Azure AD B2C are contained within the user object Claims property.

Hide Copy Code

User.Claims

By iterating through this object I was able to retrieve all the claims that I had configured in our Azure policies.

I don’t know why this critical piece of the jigsaw is so sparsely documented. Without knowing which user has logged into our web app, we are pretty much at a loss as to provide any functionality. Being able to determine the identity of the user is the critical functionality provided by the Identity Provider (any identity provider).

I hope this article helps out at least a few other developers.

A father, cyclist, vegetarian, atheist, geek and multiple award winning technical author. Loves real ale, fine wine and good music. All round decent chap.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store