azure-ad-b2c

I am using Azure B2C and I am using the project at https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-devquickstarts-webapp-dotnet as startup guide. I manage to run this sample fine by replacing the config entries with my client ID, tenant ID, etc. However when I try to add Azure B2C authentication to my current web app (Asp.NET MVC dot net 4.5) it behaves in a very weird way. When I press log in it redirects me to a slightly different url than it does in the working sample. It replaces the And sign after the policy with a question mark /authorize?p=b2c_1_signin**

So I've built and published a new website that uses Azure B2C as the authentication mechanism. What I found was that the login and sign would work fine for a while. But after a period of time, say couple of hours after visiting the site post deployment, I would find that on login or signup, after successful authentication, instead of being redirected back to the return url set up in the b2c configuration, my browser would get caught between an infinite loop between the post authentication landing page that is protected with an authorise attribute and the Azure B2C Login page, before finally

I have a WebAPI creating local account in an AzureAD B2C tenant through the AzureAD Graph API. When users are created, they receive an invitation email with a temporary password. User is created in the Graph API with a password profile to force them to change their temporary password on first login. user.PasswordProfile = new PasswordProfile(); user.PasswordProfile.Password = GetTemporaryPassword(); user.PasswordProfile.ForceChangePasswordNextLogin = true; When the user login for the first time (through a B2C SignIn policy), it is effectively prompted to change its password and everything is

Is there a way we can populate the “Email” field for the user via Graph API in Azure AD B2C. There is a section “Authentication contact info” under the user profile, which has a field “Email” which is a read-only field when accessed via Graph API and cannot be populated programmatically. I am able to use Graph API to populate the “Alternate email”. However for the reset password policy (user clicks the forgot password link), the “Email” field is a required field I am unable to use the “Alternate email” in the reset password policy Only Authentication contact info: Alternate email can be

We have setup our application using Azure AD B2C and OAuth, this works fine, however I am trying to authenticate as a service in order to make service to service calls. I am slightly new to this, but I have followed some courses on Pluralsight on how to do this on "normal" Azure Active Directory and I can get it to work, but following the same principles with B2C does not work. I have this quick console app: class Program { private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"]; //APIClient ApplicationId private static string appKey = ConfigurationManager.AppSettings

I am trying to use Azure AD Auth in Azure AD B2C using the /common Azure AD enpoint. According to How to sign in any Azure Active Directory (AD) user using the multi-tenant application pattern , there needs to be a mechanism to either: Allow multiple issuers, or Specify a list of issuers b2c can validate against. I do not see any possible setting in the custom policies XML that would allow this. I was able to get Azure AD auth created successfully in my TrustFrameworkExtensions.xml file, just not multi-tenant now. In order to support multi-tenant Azure AD, you'll need to configure your

I have set up an Azure B2C tenant and used custom policies to add azure ad as an IDP so that users can sign up with their domain accounts. I can build a custom page where ask them for their email and then redirect them to the proper policy(one for work domain accounts and another for personal emails), so that they do not have to make the choice between work and personal emails. The problem is that I do not want to make the user enter the email once again. Is there a way/option to do this? I basically want to achieve something similar to what the common endpoint of Azure AD does for all

I've got an Azure Active Directory B2C up and running and can sign in with users created in the AD that have the form of @.onmicrosoft.com. So, for example, john.smith@myorganization.onmicrosoft.com , works just fine. But these user names are unacceptable for external use. I've also got basic Microsoft Account logins working, so a user with the name of john.smith@comcast.net will work by redirecting through the Microsoft directory. But I want to allow arbitrary emails for logins. Using the Azure Portal, how do I add a user and give them a login id of john.smith@somecompany.com ? The document

I'm trying to use the Sample Graph API app to change a user's password but I'm getting: Error Calling the Graph API Response: { "odata.error": { "code": "Authorization_RequestDenied", "message": { "lang": "en", "value": "Insufficient privileges to complete the operation." } } } Graph API Request: PATCH /mytenant.onmicrosoft.com/users/some-guid?api-version=1.6 HTTP/1.1 client-request-id: ffd564d3-d716-480f-a66c-07b02b0e32ab date-time-utc: 2017.08.10 03:04 PM JSON File { "passwordProfile": { "password": "Somepassword1$", "forceChangePasswordNextLogin": false } } I've tested updating the user's