azure-ad-b2c | 易学教程

Logout does not work when using Microsoft Authentication Library (MSAL)

阅读更多关于 Logout does not work when using Microsoft Authentication Library (MSAL)

问题 I have a Xamarin.Forms iOS/Android app and have to authenticate the user against a Microsoft Azure B2C AD. I have added the Microsoft.Identity.Client NuGet and using this for authentication. Login works fine and I am able to use the returned token to call an Azure hosted service of our own. The trouble is that when I try to logout the user it does not work as expected. If the user logs out and immediately after kills the app, the next time the app is started the login screen is presented as

Azure AD B2C Password Reset

阅读更多关于 Azure AD B2C Password Reset

问题 I am trying to understand how Azure AD B2C password reset is meant to be used. It appears there are a number of ways password reset can be handled. What is the difference between these? Is there is a price difference between these? Are some of these features of Azure AD, whilst some are features of Azure AD B2C? Why does method 3 below not appear to work? Via an Azure B2C user flows (policies). The policy for Sign in v1 goes to AD password reset below. Whilst all other policies go to B2C

In Azure AD B2C, Should the ACR or TFP Claim Have the Policy Name?

阅读更多关于 In Azure AD B2C, Should the ACR or TFP Claim Have the Policy Name?

问题 According to this documentation, the Policy Name should be in the TFP (Trust Framework Policy) claim but it is showing up in the ACR claim. I started with the Starter Pack ID Token w/ ACR Claim containing the Policy Name Also, further down in the documentation it says the ACR is where the Policy Name will be: Related SO Post 回答1: It is recommended you issue the policy ID in the "tfp" claim. If you are creating custom policies, then you can issue this by configuring the "JwtIssuer" technical

Azure AD B2C - Sign out a user from all sessions

阅读更多关于 Azure AD B2C - Sign out a user from all sessions

问题 I have 3 websites using a single B2C tenant. I have been asked to set it up so that when a user signs out of one website, sign out of them all. Likewise if their account is deleted. I thought that I would have to introduce a call to Azure on every request to determine if the user is still logged in, but as far as I can see, there isn't a Graph API endpoint that would allow me to determine the user status. Am I thinking about this the wrong way? Is there a way to do this easily using B2C,

Secure API with Azure AD/B2C users

阅读更多关于 Secure API with Azure AD/B2C users

问题 My use case is: Create users via API with custom fields, nominated password using any email address Update/disable those users via API 'Sign in' to Azure AD app with user details via rest API to obtain token Make authorised requests to Web API when token passed in Http header Can all of this be achieved with straight Azure AD/B2C or should I be looking at some other identity provider e.g. IdentityServer/Auth0? Edit 1 I'm getting very confused between AAD apps/users and B2C apps/users, there

Correct Graph API to manage Azure AD B2C

阅读更多关于 Correct Graph API to manage Azure AD B2C

Am I misinterpreting this -- see image? I go to documentation for managing Azure AD B2C, it tells me to use Azure AD Graph API, not Microsoft Graph API. Then I click the link to go to Azure AD Graph API, it tells me to use the Microsoft Graph API, not the Azure AD Graph API. Two questions: What do I use to manage users in Azure AD B2C? Microsoft Graph API or Azure AD Graph API? What's the easiest and most painless way to interact with the Graph API I should be using -- based on your answer to question #1? Can I use a tool like Postman? If I'm not mistaken, these are RESTful APIs. What do I use

With Azure App Service Easy Auth + Azure AD B2C is it possible to secure a single Web API and have multiple native apps consume it?

阅读更多关于 With Azure App Service Easy Auth + Azure AD B2C is it possible to secure a single Web API and have multiple native apps consume it?

We have a Web API intended to serve multiple business partners, each of which will be customizing a white label version of our native app client. We also have a Web API offering common functions to different apps. We would like to use AD B2C as the identity and auth system, but cannot see how or if it is possible to use AD B2C to secure a common API for multiple apps. Is this achievable? It depends on how you want to your partners usig the account login-in. If you expected that the partners login-in using the consumer account or local account in the Azure AD B2C you own, the answer is yes. The

Azure AD B2C Linkedin claims provider

阅读更多关于 Azure AD B2C Linkedin claims provider

I am implementing the Linkedin sign-up/sign-in via custom policies but when I click on the LinkedinExchange button, I get the following exception from the User Journey Player: An exception was caught when making a request to URL " https://api.linkedin.com/v1/people/~:(id,first-name,last-name,formatted-name,email-address) " using method "Get". The exception status code was "ProtocolError" with the following message: The remote server returned an error: (401) Unauthorized.. The remote server returned an error: (401) Unauthorized. Here is the ClaimsProvider for Linkedin I added: <ClaimsProvider>

Look up user in AAD based on AADB2C attribute value

阅读更多关于 Look up user in AAD based on AADB2C attribute value

If I have a user in Aure AD B2C that was created based on an Azure AD (enterprise) identity (as described here: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom ), is there an attribute stored in AADB2C that will allow me to look up (using Graph API or similar) the user object in AAD? I see that among the AADB2C attributes there is userPrincipalName and issuerUserId but it's not obvious to me if either of these match any value stored in AAD. thanks! Martin For an external account, the external issuer (i.e., Azure AD) and the external user

Token based authentication for both Web App and Web API using Azure AD B2C

阅读更多关于 Token based authentication for both Web App and Web API using Azure AD B2C

Scenario: Both Web application and Web API need to be authenticated and protected from the server side. Requirement: Web application is serving the contents for the browser and browser should be calling Web API directly (i.e. Browser to API). Question: Is it possible to authenticate both Web APP and the API using tokens? Any sample code or clear direction would be highly appreciated. Normally web applications are authenticated using cookies and APIs are authenticated using tokens.There are some sample projects available here but they are either browser to API (SPA token based) or Server side