azure-ad-b2c

问题 I have an AspNetCore 2.0 MVC web API secured by an Azure Active Directory B2C tenant. I have been able to use Postman to test the API end points by following this SO posting: Request Access Token in Postman for Azure AD B2C (in particular, the Microsoft documented steps referenced in SpottedMahn's comments: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/azure-ad-b2c-webapi#use-postman-to-get-a-token-and-test-the-api ) Now, I am working on a serverless version of the

问题 Our Sys Admins want to be able to search for users and identify them by their Given Name and Surname, both of which we are collecting/requiring when they sign up. We are NOT allowing users to specify a "Display Name" value when they create an account. The management portal uses the "Display Name" as one of the three columns displayed in the "Users" pane. It would be useful for Systems Administrators to be able to see the values given for Surname and Given Name in the user management portal to

问题 As per Azure AD B2C documentation we can configure SSO for Azure AD B2C application. We want our user to do self-registration for the application thus opted for AD B2C. However after creating B2C tenant account and configuring all the policies. I am unable to find option to configure SSO. Since after 30th Nov 2017, Active Directory will only be available in new portal. Kindly provide reference wrt new portal. . Any help will be appreciated. Thanks in advance. 回答1: As the document in the your

问题 I use the following PowerShell to create B2B users for an app that doesn't allow self signup. The tenant allows self service password resets and requires MFA. # B2C allows you to sign in either with your user name or email address (not both for some reason) $SignInNames = @( (New-Object ` Microsoft.Open.AzureAD.Model.SignInName ` -Property @{Type = "userName"; Value = $UserName}), (New-Object ` Microsoft.Open.AzureAD.Model.SignInName ` -Property @{Type = "emailAddress"; Value = $EmailAddress}

问题 I am trying to collect user details using LocalAccountSignUpWithLogonName custom policy.I have added <OutputClaim ClaimTypeReferenceId="email" /> to LocalAccountSignUpWithLogonName as outputclaim. I want to make the email field optional, but if user enter the email I want to enable the restrictions.Below is my email claim <ClaimType Id="email"> <DisplayName>Your Email Address</DisplayName> <DataType>string</DataType> <DefaultPartnerClaimTypes> <Protocol Name="OpenIdConnect" PartnerClaimType=

问题 I'm working on a system with a few Angular 4 SPAs each talking to a separate Asp.NET Core 2.0 WebAPI. Azure AD B2C is being used as the identity service for each SPA/API, and MSAL.js as part of our Angular SPAs. We want to support Single Sign-on to prevent the user needing to re-enter credentials when switching from one SPA to another. Is it possible to get single sign-on behavior using msal.js v0.1.7? 回答1: SSO with MSAL.js is possible. For browser-based apps you achieve SSO through cookies

问题 I don't understand how the 'Scopes' in Azure B2C are supposed to be used. They are associated with an API, but not a user. I'm sure I'm missing something, but I see no practical use for something associated with an API. I've used and implemented Claims-based authentication based on a user's role in the database. For example: ordinary users of an API should not have the authority to delete an object, but administrators should have the authority. Does someone have a practical example of how

问题 We are using AD B2C for authentication on our web app. Last week we started receiving a 403.76 when calling our APIs that are hosted in Azure and locked down by Active Directory using our AD B2C tenant. We haven't changed any config settings in AD when the change occurred. We rolled back all of our code which didn't help. We verified that our token is valid in jwt.io. We confirmed that our audience is correct and permissions was set properly in app registrations. We can see the easy auth

问题 Almost have this working. Almost. My set up is that I have an Azure B2C Tenant set up, and some modified example code that I've changed to reflect the Tenant information. This all works fine locally, with a localhost uri. My remote set up is a Ubuntu 16.01 server, with a Nginx 1.10.0 webserver acting as a reverse proxy to a .NET Core 1.0.4 and all with a LetsEncrypt SSL cert. The proxy serves .NET projects fine, however when I hit the sign in it takes me over to the B2C login with an

问题 The scenario is this: we have added Microsoft iDP to our app. The user can click the Microsoft Account button and use their MSA account to sign-up\sign-in. When the user signs up we'd like to validate the e-mail against our database. If the user's email is in our database, let them proceed and signup; otherwise we'd like to prevent them from signing up and display an error message. This would prevent creating a User in our Azure B2C AD. I used the following TechnicalProfile :