{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 戒情不戒烟 的问题《Preventing access to applications in Azure AD B2C》','https://www.manongdao.com/q-834897.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have what seems on the face of it a simple requirement when using Azure AD B2C. I have two applications (App A and App B) registered in Azure AD B2C. I want to restrict access so that User 1 can access both App A and App B, but User 2 should only be able to access App A.
I can register appRoleAssignments and assign them to a user via the Azure AD Graph API with a zero id as per this question When a user logs in, I can then query these and restrict access myself, but it feels like I'm reinventing the wheel and this should be provided by B2C.
Is this something Azure AD B2C is able to provide out of the box?
Azure AD B2C does not currently have first class support for application assignments.
As you've indicated, you'll need to implement this yourself.
You can request this feature in the Azure AD B2C Feedback Forum
I think the way you are doing it is the correct way, eventually Azure B2C will support role and group claims and this extra step wont be needed.