Azure AD Internal and B2C Logon for Single Web App?

0
votes

An Azure web application used the Express AD method to authenticate internal AD tenant users. We now have added AADB2C, and changed the auth URL to point to the B2C tenant, and now FB and LinkedIn users can connect to the web app. But now internal users cannot authenticate.

What is the right way to combine internal auth along with B2C auth for the same Azure web app?

No code changes have been done, all of the work has done in the GUI to make sure that developers do not have to rebuild and re-QA any code.

Thanks.

1
azure-web-app-serviceazure-ad-b2c

1 Answers

0
votes

Azure AD B2C unfortunately doesn't support Azure AD as an IDP at this time (ironic, eh?). It is certainly on the roadmap, but there's no timeframe for it.

The closest thing you can achieve is to integrate both Azure AD B2C & Azure AD into your app, separately. You would have to ask the user in your application to choose which they needed to sign in with.

I've written an (extremely low-quality) sample showing how to do this in .NET here: https://github.com/dstrockis/AAD-B2C-Hybrid. You could take a similar approach in other languages.