azure-ad-b2c

I have an AspNetCore 2.0 MVC web API secured by an Azure Active Directory B2C tenant. I have been able to use Postman to test the API end points by following this SO posting: Request Access Token in Postman for Azure AD B2C (in particular, the Microsoft documented steps referenced in SpottedMahn's comments: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/azure-ad-b2c-webapi#use-postman-to-get-a-token-and-test-the-api ) Now, I am working on a serverless version of the above - the app is pretty much identical expect that the endpoints have been implemented by Azure functions

I have a Xamarin.Forms iOS/Android app and have to authenticate the user against a Microsoft Azure B2C AD. I have added the Microsoft.Identity.Client NuGet and using this for authentication. Login works fine and I am able to use the returned token to call an Azure hosted service of our own. The trouble is that when I try to logout the user it does not work as expected. If the user logs out and immediately after kills the app, the next time the app is started the login screen is presented as expected. To kill the app on iOS I go to app-switcher with double click home button and the swipe up.

We customised our Azure AD B2C tenant's Combined Sign-Up/Sign-In Policy to serve up our own login page. This worked across all the major browsers when we tested last week, but it stopped working today for some of our users on Chrome and Firefox. We are getting this 404 error when some of our users browse to our home page and they get redirected to the login page (our B2C tenant and custom login URL is redacted but all other query parameters are unchanged): https://login.microsoftonline.com/redacted.onmicrosoft.com/B2C_1_sign_up_in/api/CombinedSigninAndSignup/error?code=UX004&diags=%7B

I created a Native Client App with Web/WebAPI in Azure B2C I want to add multiple reply urls with the same domains for testing and qa etc. e.g. https://site.domain.com https://site-qa.domain.com/ But got error: Cannot update Application: One of the reply URLs provided for application 'My App' is on a domain different from other reply URL(s). Plese make sure all reply URLs other than localhost are on the same root domain. Also note: 'Plese' is miss-spelled It seems to be an issue, I have created a request on the feedback portal . You can vote it and wait for the Development Team to fix it.

My scenario is simple I have a simple Azure Function with B2C authentication on it and I'm writing unit tests but I found an issue, I'm not able to authenticate to the azure functions programmatically. I'm able to access through the browser and even I can grab the token and put it into the unit test and it works fine, but when I try to generate a token using the ClientID, TenantID, etc. I get a token, but 401 Unauthorized response on the Azure functions. Is there a way to generate a valid B2C token programmatically (without login in the browser? The approach I'm using so far: public static

I am trying to understand how Azure AD B2C password reset is meant to be used. It appears there are a number of ways password reset can be handled. What is the difference between these? Is there is a price difference between these? Are some of these features of Azure AD, whilst some are features of Azure AD B2C? Why does method 3 below not appear to work? Via an Azure B2C user flows (policies). The policy for Sign in v1 goes to AD password reset below. Whilst all other policies go to B2C password reset, that allows users to reset their password via their primary email address stored in their

I followed the example in Set up sign-in with a Salesforce SAML provider by using custom policies in Azure Active Directory B2C and was able to successfully SSO from Salesforce into Azure B2C. However, I would also like to retrieve the value of the NameID element from the SAML Assertion as a claim. Is this possible? For example, say that the incoming SAML 2.0 Assertion posted to B2C's assertion consumer endpoint looks something like this simplified XML. <saml:Assertion> <saml:Issuer>https://mytestinstance-dev-ed.my.salesforce.com</saml:Issuer> <saml:Subject> <saml:NameID>emp99999</saml:NameID>

We are using Azure AD B2C custom policies for our sign up process and we have multiple steps (multiple screens) before actually creating the user in Azure AD B2C using the AAD-UserWriteUsingLogonEmail technical profile. Let's say we have 3 steps defined by the following 3 technical profiles: First step: <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail-FirstStep"> <DisplayName>Email signup</DisplayName> <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" /> <Metadata> <Item Key=

Our Sys Admins want to be able to search for users and identify them by their Given Name and Surname, both of which we are collecting/requiring when they sign up. We are NOT allowing users to specify a "Display Name" value when they create an account. The management portal uses the "Display Name" as one of the three columns displayed in the "Users" pane. It would be useful for Systems Administrators to be able to see the values given for Surname and Given Name in the user management portal to be able to identify the correct account. I do know that there is a filter/search that I can type