This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 21%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
I've been pulling my hairs out this week writing down the setup guide for an Azure Function App that uses AD B2C authentication.
This is the sad state of affairs right now to get it set up: https://bifravst.gitbook.io/bifravst/bifravst-on-azure-wip/continuousdeployment
... because it cannot be automated.
Yes, AWS Cognito is a beast as well, but at least it can be deployed through code... which makes the whole setup process a one liner with AWS CDK...
Is there by any chance a "Deploy to Azure" button sample of a Function App with AD B2C authentication that I can have a look at? It must be possible to make it simpler ...
Imagine I want to continuously test the solution in blank Azure Accounts to ensure it works and that the configuring the Function App authentication is done properly for new setups.
How do you achieve that?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 44%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
@Markus Tacker Unfortunately, I do not see any sample for automatic deployment of Azure AD B2C with Function App. I, however, am checking internally with the products team the possibility of automating this along with public availability of any samples for the same.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 17%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDG%3C/text%3E%3C/svg%3E)
I have attached the documentation on how to configure an Azure function for B2C authentication. This documentation should help you to secure your function app with Azure AD B2C authentication.
This is not helpful.
I ask for a way to set up a way that does not involve manually clicking through the Azure Portal.
You provide a solution that asks me to click through the Portal.
I have started to implement end-to-end tests for the solution, where I need to acquire user credentials programmatically to interact with the Function API endpoint programmatically to enable continuous integration of the solution (which is the goal, as mentioned in the initial post).
For that I need to go through yet another manual process to set up programmatic access to AD B2C: https://learn.microsoft.com/en-us/azure/active-directory-b2c/microsoft-graph-get-started?tabs=app-reg-ga
Probably you can do it once with the Portal, then generate a template to provision via ARM API. For more information on ARM Template please refer this document.
No, it is not possible.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 46%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETL%3C/text%3E%3C/svg%3E)
You can check here for an Azure Function using MSAL: https://github.com/Azure-Samples/ms-identity-dotnet-webapi-azurefunctions/tree/master/.
You don't generally want to provision new B2C instances on-the-fly - at worse, have one per environment, at best have one for production and 1-2 for 'kitchen sink'. Yes, you will have to manually setup each tenant, but this takes 2 seconds to do and you generally do once.
You can programmatically interface with B2C via the graph API, like you've mentioned. What's the issue there? Again, you do this once and it's done.
For the user credentials, create an 'integration user' or 'test user' and store those credentials in your CI/CD tool of choice. You cannot retrospectively get user credential in plain-text, this is terrible security.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 28.000000000000004%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
@Tristan Lymbery@MS The problem is that there's no way, with either ARM templates or scripts, to automate the deployment of Azure B2C.
This isn't about wanting to standup and teardown instances in an ad-hoc manner, it's about having the entire infrastructure defined in a way that a new instance can be stood up with 0 manual intervention and is 100% reproducible. This is a crucial part of disaster recovery for a site, not to mention ensuring a way for policies etc to be migrated from dev to test to prod etc.
Are you able to provide any solution for automating the deployment of an Azure B2C tenant?