azure-ad-b2c

问题 According to my research : Azure AD : is for users within your organization. Azure AD B2C : is for consumers of your enterprise application . Now my aim is to create applications using Xamarin for all platforms and probably a web app as well for the same app. And I want the login experience for my users to be strong text consistent across devices and including my web app version of my application. For example : user should be able to sign up with email or login with social networks as well.

问题 I'm having trouble figuring out the purpose of customState and if/how I can utilize it to pass data to the return url. Specifically I wish to route the user back to their original location after being signed in. I thought I could pass the original url to the parameter customState and have it returned back to me in the return url POST , but it appears to be encoded or perhaps replaced with a different value. Here is what I want to achieve: Anonymous user visits /page/protected which requires

问题 Question: How can I custom brand my Azure AD application login page? (note: NOT my org's login page; see below) I have a web application hosted in Azure where users can log in using accounts that are created and managed within the application. Since my application is used by many big organizations, I have added the capability for customers to also sign in using their account that's managed by their organization (single sign on). This was done using Azure Active Directory, which syncs the

问题 I have a custom attribute which I'd like to use while authenticating. For example, I have another status extension attribute which can have possible values like expired/blocked/inactive/active. While creating the user I will ensure there is a value populated for this. At the time of login I'd like to consider this extension attribute as well. It may be possible that the user is entering the right password, but just because his extension attribute status has a value of expired/blocked/inactive

问题 I'm building an on-boarding webapp to provision users for my LOB app. Most of my customers are "business customers", meaning they will ordinarily be directed to the v1 common endpoint by a custom policy, allowing them to auth against their own AAD tenant. The challenge is new users need follow-on provisioning in the LOB app as well (create db user, assign some permissions, etc). What I'd like to do as part of on-boarding is call graphAPI to create what will become the federated user account

问题 The app only accepts localhost URLs, and anything else will give an error and refuses to save the app. This issue makes the app only works when trying it on the hosting machine, but not on any other device. 回答1: You need to enter a HTTPS url, otherwise you will see this error: "Please enter a valid Url string" You are allowed to use 1 domain name and localhost. This will work: https://my.dummy.site https://localhost This will not work: https://my.dummy.site https://my.other.domain https:/

问题 If I have a user in Aure AD B2C that was created based on an Azure AD (enterprise) identity (as described here: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom), is there an attribute stored in AADB2C that will allow me to look up (using Graph API or similar) the user object in AAD? I see that among the AADB2C attributes there is userPrincipalName and issuerUserId but it's not obvious to me if either of these match any value stored in AAD.

问题 Am I misinterpreting this -- see image? I go to documentation for managing Azure AD B2C, it tells me to use Azure AD Graph API, not Microsoft Graph API. Then I click the link to go to Azure AD Graph API, it tells me to use the Microsoft Graph API, not the Azure AD Graph API. Two questions: What do I use to manage users in Azure AD B2C? Microsoft Graph API or Azure AD Graph API? What's the easiest and most painless way to interact with the Graph API I should be using -- based on your answer to

问题 Scenario: Both Web application and Web API need to be authenticated and protected from the server side. Requirement: Web application is serving the contents for the browser and browser should be calling Web API directly (i.e. Browser to API). Question: Is it possible to authenticate both Web APP and the API using tokens? Any sample code or clear direction would be highly appreciated. Normally web applications are authenticated using cookies and APIs are authenticated using tokens.There are

问题 We are using Azure AD B2C custom policies for our sign up process and we have multiple steps (multiple screens) before actually creating the user in Azure AD B2C using the AAD-UserWriteUsingLogonEmail technical profile. Let's say we have 3 steps defined by the following 3 technical profiles: First step: <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail-FirstStep"> <DisplayName>Email signup</DisplayName> <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers