Upload Azure AAD B2C Premium Policy with Powershell

If you like all of your interactions with Azure to be through Powershell (who doesn’t like to automate), then you’ll want to do the same thing for B2C Policies.

Don’t try this before you have your b2c directory whitelisted to work with the B2C Policy Upload feature. You’ll know if this is possible, if in the Azure Portal you’re able to upload a policy.

Azure AD B2C – Using the graph API

There’s a really good guide for getting started with CRUD operations in a AAD B2C tenant on the Azure documentation site;
https://azure.microsoft.com/en-gb/documentation/articles/active-directory-b2c-devquickstarts-graph-dotnet/

As per usual, I’ve ended up putting some powershell together to make it a bit more repeatable when I have to do this for multiple AAD tenants.

This particular script creates the application in the AAD tenant. I’ll be posting further scripts that show off doing some clever stuff when I’ve finished testing and polishing them.

Azure B2C Unified sign up with Page UI customization

When crafting a new Unified sign-up or sign-in page policy in the Azure Portal I managed to get this error

#error=server_error&error_description=AADB2C90001: The server hosting resource 'https://meetr.azurewebsites.net/account/signinorsignup' is not enabled for CORS requests. Ensure that the 'Access-Control-Allow-Origin' header has been configured.
Correlation ID: 613d1479-d146-4b89-abb8-3264730f5991
Timestamp: 2016-04-13 18:33:30Z

Of course, i’d been a bit quick off the mark and not yet changed my Asp.net website to accept Cross Origin Requests.

Here’s what you’ll need to add to your unified Sign In page to fix the error

Response.AppendHeader("Access-Control-Allow-Origin", "https://login.microsoftonline.com");

Code wise, here’s how the Controller Action and View look;

Azure AD b2c error – could not load file or assembly ‘microsoft.identitymodel.protocol.extensions’

Following the Azure B2C Dev Quickstarts resulted in a build failure…

Could not load file or assembly ‘Microsoft.IdentityModel.Protocol.Extensions’ or one of its dependencies. The located assembly’s manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)

The quick fix is to update the Nuget package reference for the Protocol Extensions from version 1.0.0.0 to 1.0.2.33 using the Visual Studio Nuget package manager.

Subsequently the build then fails with this error;

The following errors occurred while attempting to load the app.
– No assembly found containing an OwinStartupAttribute.
– No assembly found containing a Startup or [AssemblyName].Startup class.
To disable OWIN startup discovery, add the appSetting owin:AutomaticAppStartup with a value of “false” in your web.config.
To specify the OWIN startup Assembly, Class, or Method, add the appSetting owin:AppStartup with the fully qualified startup class or configuration method name in your web.config.

The fix for this one is to check your Startup.cs file for the OWIN assembly declaration.

These few changes should then result in a successful build.