Hello folks! Today I’m happy to announce the release of a new auth provider for DNN Platform, that leverages all the power of Azure Active Directory B2C to any DNN based website. In short, this allows you to use a common and centralized identity service across all your customer facing applications, including the integration of your DNN website.
And is Open Source and available on GitHub!
Azure AD and B2C
Some of you probably may be thinking about the difference between this new provider and the other DNN Azure AD Auth Provider already available. Let’s say that the previous one supports Azure AD and this new one supports Azure AD B2C. So what’s the difference?
From Tomasz Onyszko answer at StackOverflow:
“Azure AD is a directory service with the goal of serving organisations and their needs for identity management in the cloud. You develop against Azure AD, you can secure your applications with it - their users in Azure AD tenants can use it. Your application is targeted for a specific organisation or multiple organisations using Azure AD (Office 365).
Azure AD B2C is another service built on the same technology but not the same in functionality as Azure AD. Azure AD B2C target is to build a directory for consumer applications where users can register with e-mail ID or social providers like Google, FB, MSA, known as Federation Gateway. The goal for Azure AD B2C is to allow organizations to manage single directory of customer identities shared among all applications i.e. single sign-on.”
I recommend to read his blog post about the differences between Azure AD, B2B and B2C for better understanding.
But in summary, if you:
- are planning a website where your users are part of your own O365/Azure AD tenant, so let’s say they are internal users accessing an intranet zone, you should be using the Azure AD Auth provider;
- are planning a website where your users are external users and optionally want to allow them to use the ability to login with 3rd party identity providers such as Facebook, Google, Microsoft accounts, etc. then use the Azure AD B2C provider;
BTW, the new DNN Azure AD B2C provider has some new powerful features that hasn’t been implemented yet on the DNN Azure AD provider, such as JWT auth, so you will be in any case interested on using the B2C in the most of your DNN based websites.
For this initial release, the number of features is much greater than in the other provider:
- Provides DNN Platform - Azure AD B2C integration by portal, so each portal on a DNN installation can setup their own Auth settings
- Allows auto-redirection, so users are automatically redirected to the Azure AD B2C login without seeing the DNN login page
- Supports the following policies (user flows):
- Sign up/Sign in: users can register on Azure AD B2C and then login, or just login
- Profile: users can update their user profile when clicking on the DNN user profile link
- Reset password: users can initiate the reset password flow by clicking on the "forgot password" link available on the login screen
- When a user login on Azure AD B2C, the B2C profile and roles are synchronized with DNN profile and DNN roles. If a role doesn't exist, is created in the process
- Supports User profile picture synchronization as part of the profile synchronization
- Supports JWT authorization. If enabled, developers can get a JWT auth token directly from Azure B2C login using the "Resource Owner" policy, and then use that token to call any DNN WebAPI Controller with the Auth scheme "JWT".
- Supports for 3rd party WebAPI integration through API Resource and scopes implementation
And included with the release, there are some code samples to show some advanced integration features with other non DNN apps, such as mobile apps, JWT auth, etc.
- Hello sample: simple console App, that allows you to login with a username and password into Azure AD B2C, and then call a DNN WebAPI controller
- External Webpp and WebAPI with B2C: slight modified version of the sample available on the Microsoft Azure B2C repo samples, with a webapp and a webapi consuming Azure AD B2C. Modification to setup CORS, to allow the DNN module example work with the webapi.
- MVC/SPA DNN module with WebAPI client: a To-do list DNN module example, that calls an external WebAPI by using B2C JWT tokens.
This is the first release of the module, so expect new features coming soon. If you see any missing feature, let me know or just do a pull request. Any help is welcome!