In this article, let’s have a look at how to enable authentication in .NET Core WPF application.
For following all steps in this article, we will need Azure Subscription. If you don’t have an Azure subscription, create a free account before you begin.
Below is the list of those posts which explains all the steps to get there:
You should have Azure AD B2C instance, let’s say
samplead.b2clogin.com and user flows
B2C_1_SignUpSignIn for signing up or signing in the application.
Azure AD B2C
In this section, let’s register the application in Azure AD B2C tenant. The WPF application is not created yet. We will create it in next step.
Login to Azure Portal and switch to the Azure AD B2C instance you want to use. Next search for
Azure AD B2C in top navigation search box and then go to App registrations screen. On this new screen, click on New registration.
On the new registration panel, enter below details:
- Name, a display name for app registration
- Supported account types, to configure which accounts would be used for logging in. Let’s keep this input to default for now.
- Redirect URIs, this is interesting input. We have discussed little bit more in the next subsection. For now, we just have to select
Public client/native (mobile and desktop), option from the dropdown. Also, enter
http://localhostin redirect URIs.
- Permissions, grant admin permissions for
offline_accesspermissions. This should be kept default. Please note that you need to be administrator to grant these permissions.
Then click on Register button to complete the registration.
The redirect URI is an interesting input here. As we know, we are trying to register a WPF application, not a web application. So, how can it have an URI ?
- UWP, for these applications, the redirect URI should be set to
- .NET Framework, for these applications, the redirect URI should be set to the return value of
- .NET Core, this should be set to
http://localhost. If you specify anything apart from loopback address, the client application (WPF) will throw an exception during log in.
If you use .NET framework application, the application opens a popup which shows login screen from Azure AD B2C. But things are not the same for .NET Core application.
For .NET Core application, the system browser is used for redirecting user to Azure AD B2C login screen. It means when we create WPF application, and we click on login button from our application, it will open the default browser on our machine (either edge or chrome, or Mozilla, whatever is the default browser is).
I am talking about Microsoft.Identity.Client v4.14.0. And as per documentation, for .NET Core, we are setting the value to the local host to enable the user to use the system browser for interactive authentication since .NET Core does not have a UI for the embedded web view at the moment.
Additional limitations are documented here.
How does it work ?
So, in app registration, we can specify
http://localhost in the redirect URI without any port in it. Then while setting up the Public Client Application, we need to specify the same.
MSAL will find the random available port and will use it.
This was not working with B2C until few days back, but this is available now.
Create a .NET Core WPF application using Visual Studio.
Add references to below NuGet packages:
- Microsoft.Identity.Client, this is MSAL.NET library
- System.IdentityModel.Tokens.Jwt, for parsing the JSON token and show its contents
- Newtonsoft.Json, this is for handling JSON objects/parsing.
The application needs details of :
- Azure Active Directory B2C authority
Client IDwhich we got from previous step of app registration
- User flow names for sign in
The WPF application creates the instance of PublicClientApplication, at the startup, in the
Sign in and Sign out
All of the sign in and sign out related code is located in
MainWindow.xaml.cs. The actual location of this code may vary depending on the design of your application.
In summary, the application tries to acquire token using AcquireTokenInteractive API, which should open an instance of default browser and should redirect user to the login screen.
This below token cache implementation is attached to the PublicClientApplication instance.
This implementation caches the token in the form of file. In the execution directory (where exe file is located), a new file is created with name
B2CWPFApp.dll.msalcache.bin, which holds the token.
Run and Verify
When we run the application and click in sign in button, the default browser will open. This browser will show Azure AD B2C tenant’s login screen. After successful login, the WPF application will show the token JSON in the text box as shown in below image.
The system browser usage in the authentication flow may not last long for .NET Core and I think there may be update to change this behavior.
I hope you enjoyed the article. Let me know your thoughts.