I started writing an Azure B2C user admin app from scratch. This app has been rolling around my head for the past year. I found in the past couple of years that there isn't a good way for a business end users who are not part of an Azure admin group to update user information. And if those users are part of the Azure admin group the non-tech people need to learn the Azure portal dashboard. This is path is easy for a developer or devops person familiar with the Azure portal interface. But for a regular user who hasn't spent much time in Azure this can become a pain and can be confusing.
On top of the user needing to be a granted appropriate rights in Azure, there isn't a graphical interface that supports updating user custom properties and extension properties. Anytime I want to update or view a custom property for Azure B2C user I need to get the keys, create an access token and view/update the users via Postman requests. This takes time and knowledge of the MS Graph API, not to mention having to have the correct permissions to be able to get the client secret for the particular Graph API application making the request.
Because of these reasons I've decided to create a new product that will allow users to manage their Azure B2C users from a easy to use management dashboard. The same type of user dashboards that .net developers have been building with ASP Membership providers and lately the Identity provider for years. Instead of having to spin one up and code it yourself, this product will be turn key and ready to go.
These are the two biggest questions I'm rolling around in my head while I build the code base for this app:
- On-prem or SaaS? Should the application be an on-prem installable IIS instance in the client environment or will users trust this application and allow a SaaS app to store their client credentials for authentication?
- Build the full application or create a client library that is accessible from Nuget and allow the purchaser to build the HTML and user interface. Or can this application be built as an API to allow the backend functionality but keep the interface open to the client?
To start I'm I've been writing the app as an on-prem IIS instance using .Net Core MVC. This will allow me to build out the entire functionality in a separate C# service while I try to answer the questions above.