azure-ad-b2c | 易学教程

Azure AD B2C with custom policies: Unable to authenticate user with temporary password

阅读更多关于 Azure AD B2C with custom policies: Unable to authenticate user with temporary password

问题 I have configured Azure AD B2C with custom policies but I am unable to authenticate with a new user created in the Azure portal. The user has a temporary password. Azure AD B2C returns the error text Invalid username or password , even though the username and password is correct. I have confirmed that it is possible to login with the new user and temporary password in Azure AD B2C using non custom policies. After logging in, the user gets prompted to change their password. The problem can be

Find a User by Email Address

阅读更多关于 Find a User by Email Address

问题 I'm trying find out if an email address is already taken in my Azure AD B2C directory. var token = await this.GetTokenAsync(); var client = new HttpClient(); var id = HttpUtility.UrlEncode("adrian_mydomain.com#EXT#@xxxxxxxxx.onmicrosoft.com"); ////var id = HttpUtility.UrlEncode("adrian@mydomain.com"); // This also fails. ////var id = HttpUtility.UrlEncode("adrian_mydomain.com#EXT#"); // This also fails. ////var id = "xxxx-xxxx-xxxxxxxx-xxxxxxxxxx"; // This also fails (user object id). var

Can Azure-AD B2C use a mobile telephone number as a username?

阅读更多关于 Can Azure-AD B2C use a mobile telephone number as a username?

We have a mobile app and website. We would like to use Azure AD-B2C for authentication. We are not going to allow any third party authentication, but instead just use Azure AD in a separate domain. We would prefer to use the user's telephone number. My research suggests that this feature is requested , but does not exist at this time. Are there any workarounds for this, or has this feature been implemented and I missed it? This can be implemented as a custom policy , from the SocialAndLocalAccountsWithMfa starter pack where the end-user's phone number is stored as a sign-in name, with the

Azure active directory limit registration according to an email address pool or pre register account

阅读更多关于 Azure active directory limit registration according to an email address pool or pre register account

In azure active-directory B2C, is there a way to limit registration according to an email address pool? Or can i pre register account, then user would have to choose password or use google or facebook account? There is no built-in mechanism in Azure AD B2C to limit registration to a specific set of users / emails . You can request this via the Azure AD B2C feedback forum . However, you can implement this yourself by: Having a custom attribute to determine whether a user is "approved" or not . You would let users sign up by themselves and you would create an experience or flow that queries the

Azure B2C GetOwinContext().Authentication.Challenge creates wrong url with Question mark instead of And sign

阅读更多关于 Azure B2C GetOwinContext().Authentication.Challenge creates wrong url with Question mark instead of And sign

问题 I am using Azure B2C and I am using the project at https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-devquickstarts-webapp-dotnet as startup guide. I manage to run this sample fine by replacing the config entries with my client ID, tenant ID, etc. However when I try to add Azure B2C authentication to my current web app (Asp.NET MVC dot net 4.5) it behaves in a very weird way. When I press log in it redirects me to a slightly different url than it does in the

Unable to retrieve user email from Azure AD B2C using GraphAPI

阅读更多关于 Unable to retrieve user email from Azure AD B2C using GraphAPI

问题 I have created an Azure AD B2C tenant and configured local account with username as the login method. I created a signup policy and did a signup through Azure AD B2C signup screen. In the signup screen, I entered an email address and Azure AD B2C sent an email for validation. Once signup succeeded, I was trying to get the signed up user's details through the Graph API. Graph API URL used to retrieve user details: https://graph.windows.net/<tenantid>/users?api-version=1.6 I was able to get all

Azure B2C: How do I get “group” claim in JWT token

阅读更多关于 Azure B2C: How do I get “group” claim in JWT token

In the Azure B2C, I used to be able to get a "groups" claim in my JWT tokens by following Retrieving Azure AD Group information with JWT : Open the old-school Azure manager ( https://manage.windowsazure.com ) Register my application with B2C Download the B2C manifest for the application In the manifest, change the "groupMembershipClaims" entry to "groupMembershipClaims": "SecurityGroup", Upload the changed B2C manifest again The problem This has worked well in the past (about a month ago, I believe...) but it doesn't anymore. See below for details... What I've tried sofar Plan A: Use Azure

Can Azure-AD B2C use a mobile telephone number as a username?

阅读更多关于 Can Azure-AD B2C use a mobile telephone number as a username?

问题 We have a mobile app and website. We would like to use Azure AD-B2C for authentication. We are not going to allow any third party authentication, but instead just use Azure AD in a separate domain. We would prefer to use the user's telephone number. My research suggests that this feature is requested, but does not exist at this time. Are there any workarounds for this, or has this feature been implemented and I missed it? 回答1: This can be implemented as a custom policy, from the

Custom B2C Policy for Username based Local Accounts

阅读更多关于 Custom B2C Policy for Username based Local Accounts

问题 What do I have to change in the custom policy starter pack to make my sign-in/sing-up's policy username based not email based? 回答1: Add this technical profile to TrustFrameworkExtensions.xml to write the user to Azure AD <TechnicalProfile Id="AAD-UserWriteUsingLogonName"> <Metadata> <Item Key="Operation">Write</Item> <Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">true</Item> </Metadata> <InputClaims> <InputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="signInNames.userName"

Add claims into token Azure B2C

阅读更多关于 Add claims into token Azure B2C

问题 What are ways to include custom claims (user subscriptions or roles list as example) in a token before issuing it in Azure AD B2C, provided that claims are stored somewhere on own server (not available in B2C)? Goal to have claims in the token to avoid additional round trip to the storage on every request. Investigation on the topic brought me to following ways: Add custom attribute via Graph API, configure to include in JWT. Attribute values should be kept in sync with our datastorage.