azure-ad-b2c

问题 I have the following setup for my B2C custom policy: <TechnicalProfile Id="SM-AAD"> <DisplayName>Session Mananagement Provider</DisplayName> <Protocol Name="Proprietary" Handler="Web.TPEngine.SSO.DefaultSSOSessionProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" /> <PersistedClaims> <PersistedClaim ClaimTypeReferenceId="objectId" /> <PersistedClaim ClaimTypeReferenceId="signInName" /> <PersistedClaim ClaimTypeReferenceId="email" /> <PersistedClaim

问题 How do I use LocalStorage with MSAL.js? According to this, there's a property, cacheLocation, I need to set to 'localStorage'. The following is still using sessionStorage: var clientApplication = new Msal.UserAgentApplication(applicationConfig.clientID, applicationConfig.authority, function (errorDesc, token, error, tokenType) { // Called after loginRedirect or acquireTokenPopup }); clientApplication.cacheLocation = 'localStorage'; 回答1: Looks like the documentation is slightly out of date,

问题 Using the extension API documented here: https://msdn.microsoft.com/en-us/library/azure/ad/graph/howto/azure-ad-graph-api-directory-schema-extensions in conjuction with the B2C Graph Client sample: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet I created a custom attribute via the AD Graph API for directory schema extensions using this API: POST https://graph.windows.net/contoso.onmicrosoft.com/applications/<applicationObjectId>

问题 I have an existing application "A" using an Azure AD B2C tenant. During registration users have been asked to enter a number (specific for this application "A") that is stored in a Claim with the name "NumberA". Now I want to create an new application "B" and I want the existing users of my tenant to be able to log into the application "B". But before they can use it they have to be prompted to enter a new number (specific for application "B") that is stored in a Claim with the name "NumberB"

问题 I'm following this guide and using the jwt.io chrome addin but I can't find my key so that I can manually verify the signature. JWT Header { "typ": "JWT", "alg": "RS256", "kid": "c9HOlAkfaBs4YSKZ7RoMnZlKrVzdkXHB2QoLv1fETQ8" } The OpenID Connect metadata document leads me to https://login.microsoftonline.com/common/discovery/v2.0/keys but that response not have this kid. I've also referenced this blog post. 回答1: The URL to retrieve your Azure AD B2C tenant's keys has the following format:

问题 Setting up a custom policy in Azure AD B2C to connect to an ADFS Identity Provider. This requires a SAML metadata endpoint as specified in the documentation at the link below. https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-setup-adfs2016-idp#configure-an-adfs-relying-party-trust The error being encountered is: AADB2C90022: Unable to return metadata for the policy [my-policy] in tenant [my-tenant].onmicrosoft.com. and is being encountered when I go to

问题 So I am trying to set up an application on azure AD that can, among other things delete users. I have the application registered and use the client id and secert to gain teh access token. I was able to give the application permissions to create users and that works fine, but when i go to delete over the graph API i get a 403 Insufficient privileges to complete the operation. I am trying this over the graph rest API. The user that i am attempting to delete was made through the rest call as

问题 We have a Web API intended to serve multiple business partners, each of which will be customizing a white label version of our native app client. We also have a Web API offering common functions to different apps. We would like to use AD B2C as the identity and auth system, but cannot see how or if it is possible to use AD B2C to secure a common API for multiple apps. Is this achievable? 回答1: It depends on how you want to your partners usig the account login-in. If you expected that the

问题 I have an asp.net web application that authenticates via Azure AD B2C tenant. I have a sign-up-sign-in policy [login is using username instead of email] with MFA turned on. I have also setup Custom UI login page [unified.html] and MFA page [phonefactor.html] in a storage blob that the policy points to. I am able to authenticate the user via the custom login page and login with MFA. The issue is when I create a new user and force the user to change the password at their first login, instead of

问题 I am creating B2C users with Social Identity Providers with the help of a Sign-up policy but we have a requirement to add some user attributes (extended properties) to this new user. For example set "AccountId" for the user. If i add "AccountId" as a Sign-up Attribute and enter some value it works fine, when I check the user properties via Graph API the "AccountId" is correct. But in this case the "AccountId" should not be editable or visible to the user, I just want the Sign-up policy to add