Azure AD B2C Now Supports ADXStudio Portals v7

Azure Active Directory B2C is a new Azure service that is targeted at helping your organization utilize consumer based identities within your sites and applications.  Until recently ADXStudio Portals version 7 required custom code modification to properly support Azure B2C as a login provider but now with a recent change by the Azure AD B2C team it can be configured directly through site settings.

ADXStudio Portals implementation of ASP.NET Identity is perhaps one of the best identity implementations in a CMS.  It supports such a wide array of protocols and token formats making it easy to integrate with various identity platforms and supports a single profile with many identities.  Previously ADXStudio Portal integrated with Azure ACS (Access Control Service) which provided a way to integrate with social identity providers like Google, Facebook or Microsoft Windows Live ID (at the time) if you wanted a common STS that managed all your consumer identity providers.  The ADXStudio Community site actually still uses Azure ACS for its authentication.  Azure ACS is being retired and replaced by various new Azure services (creating new ACS directories has been blocked, but existing directories continue to function), for the consumer identity side that replacement is Azure AD B2C which comes with a wealth of new features that many have been long asking for in Azure ACS.

With ADXStudio Portals implementation of standards based protocols like OpenID Connect and the same standards based protocols implemented in Azure AD B2C you would think it was an easy match.  Unfortunately ADXStudio Portals v7 ASP.NET Identity OWIN implementation expected a certain claim to be populated and Azure AD B2C was not supporting that claim…until recently.

The claim required by ADXStudio Portals ASP.NET Identity:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier

And until recently Azure AD B2C would populate that claim with “Not supported currently. Use oid claim.”.  Since ASP.NET Identity mapped the nameidentifier claim to the login key and ADXStudio Portal the login key to the username field in CRM, no matter who you logged in as on the Azure AD B2C side you would always be the same contact in ADX/CRM.  The error in the nameidentifier claim from Azure AD B2C was directing the application to instead use the OID claim:

http://schemas.microsoft.com/identity/claims/objectidentifier

And to use this claim value as the username, but this required some custom code to override the existing ASP.NET Identity logic within the ADXStudio Portal login controller callback method.

Now new Azure AD B2C policies are populating nameidentifier with the same value as objectidentifier which allows ADXStudio Portal to be configured with a Sign Up and Sign In policy just through portal site settings.  There is still some functionality that will required to you modify the ADX code base, sign out that including signing out of Azure AD B2C, if you want to incorporate profile edits that sync with CRM attributes, and if you wanted to use separate policies from registration and sign in.

Note, if you have existing Azure AD B2C tenant with existing policies, the nameidentifier claim may still not show in those policies.  Re-creating your policies should enable the nameidentifier claim.

To learn more about configuring ADXStudio Portals with Azure AD B2C I will follow this up with a guide shortly showing the configuration end to end.

Microsoft Ignite Dynamics CRM Highlights

Microsoft Ignite the re-envisioning of Microsoft TechEd now includes a lot of the technical components of the old Microsoft Convergence conference, was held just this last week in Atlanta.  This was the first time Microsoft Dynamics was part of this conference and it was great to have it there.  Both myself and a college were down in Atlanta representing Adoxio and were able to learn a lot while networking with a lot of great Microsoft engineers, partners, and vendors.  There was such a wealth of information available at all of the sessions that it is hard to condense it into a single post but I have outlined some of my top highlights below with links to the recorded sessions.

  • CRM Editable Grid – with much fan fair this was publicly announced and coming this fall you will be able to edit your records within a CRM view not having to drill directly into the record allowing you to quickly edit multiple records.  This has been available in the past as an ISV solution from various partners but now it is coming as a native control for both views and sub grids.  The feature was created by the Project and Field Service team (checkout the CRM Field Team blog) out of their own internal need and has been brought into the CRM product.  The configuration options are astounding, and it even comes with an API!  Watch Matt Barbour’s session, Evolve with Microsoft Dynamics CRM platform and online to hear and see the editable grid in action! See time index, 1:00:45.
  • Application Lifecycle Management and Developer Tool Improvements – Visual studio developers rejoice, there are tons of improvements coming that will help you manage your CRM customizations within Visual Studio and with your source control system.  There are also a lot of application platform changes and improvements being made in recent releases and upcoming ones.  Watch Matt Barbour And Brandon Kelly’s session, Learn the essentials of application lifecycle management for Dynamics CRM to get a deep dive and demo of all the latest functionality.  See time index 36:25 for a demo of the developer tools from Brandon.
  • Server to Server Authentication – We have seen it in the new CRM Portal with the fact that records are owned by SYSTEM, no longer will you need to have a service account to interact with Dynamics CRM from an application and have a user license used.  Client ID and Secret functionality will be coming to CRM this Fall, you can see more in  Learn the essentials of application lifecycle management for Dynamics CRM from Matt Barbour and Brandon Kelly.  See time index 29:57 to hear about authentication in CRM from Matt.
  • Azure Service Bus and CRM Service Endpoint – In multiple sessions the Dynamics CRM product team stressed the use of the Service Endpoint functionality.  With the extremely easy to configure Service Endpoint to an Azure Service Bus, be it a Queue, Topic or Event Hub this is a great way to offload processing from the CRM system.  If you want to learn how to use the Service Endpoint with the Azure Service Bus head over my blog post about using it with Azure Event Hubs.  You can also watch Matt Barbour’s session, Evolve with Microsoft Dynamics CRM platform and online where he gives a full demo of configuring a Service Endpoint with an Azure Service Bus Queue; see time index 35:42.
  • Lifecycle Services – This has been a major pillar of Dynamics AX online and now a lot of functionality is coming to Dynamics CRM.  Currently the data loader is available and in private preview is the Metadata migration.  Lifecycle Services will also be making moving to the cloud from your CRM 2011 and above on premise installations a lot less painful.  For those looking to move to the cloud this is a must look.  Watch Simon Matthews’ session, Migrate metadata and data to CRM OL with Lifecycle Services accelerators.
  • CRM Portal – The product continues to evolve and just get more great functionality with new portals for Event Management and Project Service coming in preview after the fall release of Dynamics CRM.  The team also has worked hard to enhance the existing portals with more functionality including conditional entity actions and much more.  Check out the session, Engage external communities with Microsoft Dynamics CRM Portals from Shan McArthur and Dileep Singh.
  • Microsoft Flow and Azure Logic Apps – This is the Microsoft workflow engine of the future and it is only going to get better with Dynamics CRM.  Coming in the future (Spring/Summer 2017) is a real-time connector with Dynamics CRM, meaning you will no longer have to poll at an interval and will be event based making integrations that much better for performance.  Watch Matt Barbour’s session, Evolve with Microsoft Dynamics CRM platform and online for a live demo of both Microsoft Flow; see time index 30:31.

These were just the highlights for Dynamics CRM!   Ignite is such a huge conference now blurring the lines between IT Pro and Developer roles, and covering information available for almost all Microsoft products.

On a side note, also born out of this conference was Alan the Unicorn.  If you haven’t seen the exploits of Alan Unicorn from Microsoft Ignite you can checkout Twitter with the hashtag #alantheunicorn to see all the session knowledge that was gain and fun times that he had.  Look out for Adoxio’s #alantheunicorn at future conferences!

Note: This post also appears on Adoxio Business Solutions Team Blog.

Update: Added details about Project and Field Service team as authors of the CRM Editable Grid.