File Collaboration and MS Identity Platform

Overview

  • Protection against bots and automated abuse through integration with Google reCAPTCHA.
  • Add multiple social identity providers to Azure AD B2C sign up/in flow
  • Azure AD B2C user account management
    - Call Microsoft graph API to list the profile of sign in user
    - Delete the Azure AD B2C user through Microsoft graph API

Project Requirement

Here is the hypothetical use case, individuals who are outside of your organization need to do file collaboration with you. For example, download document or photos through user friendly web UI.

Solution Options

Building Your Own

In the spirit of exploring more about MS identity platform and coding, we developed SPA with MSAL for Angular, Azure AD B2C user sign-in sign-up flow, Azure AD B2C protected .NET API and user account management through Microsoft graph API.

SaaS

We briefly explored SharePoint Online which provides rich feature of file collaboration. SharePoint online supports email OTP, or enabling Azure AD B2B integration.

Architecture Diagrams

Azure AD B2C Sign-Up Sign-In

File Collaboration and User Management

Infrastructure Architecture

Implementation

App Registration

There are three app registration in the Azure AD B2C tenant.

Product Features

The web UI is like following:

References

https://github.com/Azure-Samples/active-directory-b2c-node-sign-up-user-flow-captcha
https://docs.microsoft.com/en-us/azure/active-directory-b2c/add-api-connector-token-enrichment?pivots=b2c-user-flow
https://docs.microsoft.com/en-us/answers/questions/676467/how-to-get-groups-claim-in-azure-ad-b2c-access-tok.html
https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-overview
https://github.com/azure-ad-b2c/samples/tree/master/policies/invite
c# — How to view access token generated by Azure AD in ASP.NET Core API? — Stack Overflow
https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-instantiate-confidential-client-config-options

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cloud Journey

Cloud Journey

All blogs are strictly personal and do not reflect the views of my employer, focus on cloud networking, cloud security and API security.