Merge pull request #686 from Azure-Samples/fix-b2c-claim-issue

Update B2C sample to use the unique sub claim as todo owner

Author: derisen

4-WebApp-your-API/4-2-B2C/Client/Views/TodoList/Create.cshtml

@@ -16,11 +16,6 @@
                 <input asp-for="Title" class="form-control" />
                 <span asp-validation-for="Title" class="text-danger"></span>
             </div>
-            <div class="form-group">
-                <label asp-for="Owner" class="control-label"></label>
-                <input asp-for="Owner" class="form-control"  value="@Html.DisplayTextFor(model => model.Owner)"/>
-                <span asp-validation-for="Owner" class="text-danger"></span>
-            </div>
             <div class="form-group">
                 <input type="submit" value="Create" class="btn btn-primary" />
             </div>

4-WebApp-your-API/4-2-B2C/TodoListService/Controllers/TodoListController.cs

@@ -46,20 +46,21 @@ public class TodoListController : Controller
         public TodoListController(IHttpContextAccessor contextAccessor)
         {
             this._contextAccessor = contextAccessor;
+            string owner = this._contextAccessor.HttpContext.User.Claims.FirstOrDefault(x => x.Type == "sub")?.Value;
 
             // Pre-populate with sample data
             if (TodoStore.Count == 0)
             {
-                TodoStore.Add(1, new Todo() { Id = 1, Owner = $"{this._contextAccessor.HttpContext.User.Identity.Name}", Title = "Pick up groceries" });
-                TodoStore.Add(2, new Todo() { Id = 2, Owner = $"{this._contextAccessor.HttpContext.User.Identity.Name}", Title = "Finish invoice report" });
+                TodoStore.Add(1, new Todo() { Id = 1, Owner = owner, Title = "Pick up groceries" });
+                TodoStore.Add(2, new Todo() { Id = 2, Owner = owner, Title = "Finish invoice report" });
             }
         }
 
         // GET: api/values
         [HttpGet]
         public IEnumerable<Todo> Get()
         {
-            string owner = User.Identity.Name;
+            string owner = User.Claims.FirstOrDefault(x => x.Type == "sub")?.Value;
             return TodoStore.Values.Where(x => x.Owner == owner);
         }
 
@@ -80,8 +81,10 @@ public void Delete(int id)
         [HttpPost]
         public IActionResult Post([FromBody] Todo todo)
         {
+            string owner = User.Claims.FirstOrDefault(x => x.Type == "sub")?.Value;
             int id = TodoStore.Values.OrderByDescending(x => x.Id).FirstOrDefault().Id + 1;
-            Todo todonew = new Todo() { Id = id, Owner = HttpContext.User.Identity.Name, Title = todo.Title };
+
+            Todo todonew = new Todo() { Id = id, Owner = owner, Title = todo.Title };
             TodoStore.Add(id, todonew);
 
             return Ok(todo);

4-WebApp-your-API/4-2-B2C/TodoListService/Startup.cs

@@ -8,6 +8,7 @@
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Identity.Web;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
+using System.IdentityModel.Tokens.Jwt;
 
 namespace TodoListService
 {
@@ -25,17 +26,15 @@ public void ConfigureServices(IServiceCollection services)
         {
             // This is required to be instantiated before the OpenIdConnectOptions starts getting configured.
             // By default, the claims mapping will map claim names in the old format to accommodate older SAML applications.
-            // 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role' instead of 'roles'
+            // For instance, 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role' instead of 'roles' claim.
             // This flag ensures that the ClaimsIdentity claims collection will be built from the claims in the token
-            // JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
+            JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
 
             // Adds Microsoft Identity platform (AAD v2.0) support to protect this Api
             services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                     .AddMicrosoftIdentityWebApi(options =>
             {
                 Configuration.Bind("AzureAdB2C", options);
-
-                options.TokenValidationParameters.NameClaimType = "name";
             },
             options => { Configuration.Bind("AzureAdB2C", options); });