1. 技术文章
  2. Invalid usename or password when sigining local account with Azure AD B2C Custom Policy

Invalid usename or password when sigining local account with Azure AD B2C Custom Policy

若如初见. 提交于 2019-12-04 15:52:31

问题


Scenario:

When I started to do a test with AAD B2C Custom policy, I used this sample: active-directory-b2c-custom-policy-starterpack/SocialAndLocalAccounts/

I referred to this documentation to get started.

I followed those steps and changed some values in the samples and have double checked the client_id and resource_id. When I tried to run the signup or signin policy,I failed to signin with a local account with error:(Though I can signin with soical account)

Invalid username or password

I used Fiddler to catch the traffic, here is the request and response when I came across the error:

Request:

POST



https://login.microsoftonline.com/yangsa.onmicrosoft.com/B2C_1A_signup_signin/SelfAsserted?tx=StateProperties=eyJUSUQiOiI1NjMyNTc1OS1lZjFiLTRhNzctYmRkOS1jOGRjZmZhZmUxZGEifQ&p=B2C_1A_signup_signin HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
X-CSRF-TOKEN: RUF6Zk1MMFBHcVQxeHlNV2x0K2dnN21SVy9aMlN3M1R1WmxSOWdOUXhFTitDaGxOTFJoVGgwWFNLT0lKZ2JCcHdETFR1aUxtNFVDMmp0R2NkOE1RNXc9PTsyMDE4LTA3LTEyVDEwOjMzOjMyLjMyNjM0MTJaOy9IY3JiQmxESUhEcEQ4SWd1SXp6Q1E9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==
X-Requested-With: XMLHttpRequest
Referer: https://login.microsoftonline.com/yangsa.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_signup_signin&client_id=cec7ec64-0a28-4914-ab1a-8f951fd27b1d&nonce=defaultNonce&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=openid&response_type=id_token&prompt=login
Accept-Language: en-US,en;q=0.8,zh-Hans-CN;q=0.5,zh-Hans;q=0.3
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: login.microsoftonline.com
Content-Length: 69
Connection: Keep-Alive
Cache-Control: no-cache
x-ms-RefreshTokenCredential: eyJhbGciOiJIUzI1NiIsICJjdHgiOiJ3ejBCZW9uc0NWNkE4bVRNQURzZ29hcnl1bWV5VlFzbyJ9.eyJyZWZyZXNoX3Rva2VuIjoiQVFBQkFBQUFBQURYelozaWZyLUdSYkRUNDV6TlNFRkVoQWRiOXlnU2RyMjVfdzBtUzZaQTB3U2dlWmFNWUNzQmlxUTUyQnBzZ0w5ZUZqeXpPZXduX3MzblFsSnFyUWNsRTNzM205QVEzd0VsRC1OVDNFQ2VDank5SDFFQnVmLTFyRVd6T2JKTFNnc240ODc3SFY3UU15ZUlOZmhfWnFYWE1kMDFSRjUtZVJBWEl1TElmUTA1Ym9sa21wMmM2OTBZdmtzZFE0SEhjOTF2eXh2c2xqcUU2N3RVQ0l4a012Q2Z5UG9fUldLTlRtNUMwOXhVUzRBRFFXWlZLQVdETDJSU1dsT1BHcXBCQnR3Y2ZmTW1HdldZSll2RTZfQU5BQkduNGwwdm9neHB5ek8yVmY1V0hFdUVvUEgzWXcxenQ3UUd3T0lFZWlJMFRneFBtN0ZYempFWUVGd2lwckFYSmxYY3JMQ2M3Q0JpY3ktckRoQmRJaFBaLXFDbWU2SlVhU19HQjZRZzR1QnFzdmlVZjgwRWxoUmZZVnZISXp6R0tEQ1lWOXhmVkd3c3VLOFJaLVQ5dlZ1bGdGX0dqS1J3aWI1NWd2SVo2TkhjRWRXaEtoLXBtRVNRVnpHd3pxWXp3cXVxVUROMFU4ZTh0WmdmY0dsNGR2M2Vrc0NBR3lzSHdqa2RvRGRlc19FemZ2NllpdU1XcUFHbE5rWVFjQnBaRnFacEtjUHlocjhhdzFVSjRHcUtVU29wX2wzblZTVkpCNFpzR1FTaE05ck1RMDhwUFBwOU5DNkF2ZkVxSk14NzNNcHNSUHVEakRBZXlCdDNVNGtxNmpfYk9OaDBRMUVIa09vdlQyTVlsM2h1eFV1SVlZaTlMSFpwX2Z4YkthTEZiMGVmT3ZlN24yM2lzdklCd3FYQk1KdE9HeTZhZ3h4cEFWWUdtMmNQSlk2SVBnNHJVQ0o3MzJueWI4V2NwMVJXSjNnT3BoRXdXVmpNTHNSN0treENBd2pQLWt3d3c1bmxabDJsRk03VXFKRVBhYi1qUlQ3amlCcl9XZ0IyNHRibFlwMkZ6a3dHVWtqRVN2QzlNbk16a1JrV2ZTTUdvUGE5Wk9Hek1adHF5WXA2d0w4VmVENmdoQmlLQ295RE83X3g0ZUcybDhQb0RMdldjUjJJd3RSZ0lQNFVueXRjRXRIbEVRelJuQnBLOEFlVmUzb2p0UklQU00zZTRUUEdBYXc2eEdpTnNMQ09vMVMzUGdiTUxCSUNWUExtSjl5N2EtcktnRmtsVnNJUFlHVmZsZndweG1PQ2dZMS1KWmVWM0NkM2liQU9ydkhmcEdCS1BQdThfeDlwNVF2UExHNXZRbWoyUngtbmUzVUVPSFh1bXp0OXR3TUgyemo5MEt5U3AwZU0tT3dSV3Y1UmVhYm1TV2o0WlJsZWhqbWc1SDlVcjdXaVdCNFFNdXBNMk1nandVYzU5ZVN5bFFENlZIcnVFNUFYNUdDQkQzbDhidTRYTFJIYWtDem5HMW9ENDBrYnowR3dmOWZjSEhDUWlhSTlNZk8zU2ZQbnJ0RjBnc0p1UkhyLXI5LWsxMHJIREY1emdoX1d0ekp2Q2NzOGtJY0VoVmlLRFBraUxuMWdJX0RDYkhJcjBGQzlLejc1SUF4blhZZnVYZkwySUFBIiwgImlzX3ByaW1hcnkiOiJ0cnVlIiwgImlhdCI6IjE1MzEzOTE2MjEifQ.Gg4EVoJVWmdpOHZOzOkfSibkrh0sYLpnhobh9vtDbeU
Cookie: buid=AQABAAEAAADXzZ3ifr-GRbDT45zNSEFEoFnVsZyiuDhk01_58h3gTuhxkuN4glzV70KOD4qXb3cul77hhZKHSKMCSE9cqbRZg3g4zUtg_rpagH16M-Nu5FB4y5bgt6lMhCIu7-Ki4X0dKeAmsUrlZRq405IXm2RLetetoIpHe0MgEOTC8JwY2eCfdKjf_Bhx0dL_nTimHn4gAA; CCState=Q3VJRENqOTJMWGRoZVhsaGJrQnRhV055YjNOdlpuUXVZMjl0ZkdGd2NEcGpORFJpTkRBNE15MHpZbUl3TFRRNVl6RXRZalEzWkMwNU56UmxOVE5qWW1SbU0yTVNrd013Z2dHUEJna3Foa2lHOXcwQkJ3T2dnZ0dBTUlJQmZBSUJBREdDQVVnd2dnRkVBZ0VBTUN3d0ZURVRNQkVHQTFVRUF4TUtUVk5KVkNCRFFTQmFNZ0lUVmdCUUQyeTQ1d2cwQlZuMkNBQUFBRkFQYkRBTkJna3Foa2lHOXcwQkFRRUZBQVNDQVFDTzlidFlmbkFKL2lSL3Q2VWNSNS9Wd3BTRk1RQzI1cE5iS2ZLMWY2ZGh1c3lpQkxMVkpKQ3BTMUd0RUNUVEl4WVRWUDdFaDVJQnRUVWxkbnNzcU42SDJVSHh5R2FCa1V3TmdzSGVJbnFyNTRmQldWZGZUeFpDOGN2bHNOVlRGODlrQ21SSVZPSFBpcmZ4d3c2RVU0dm9wdTFXUThPWXJOWmZSTXVaM0pYejZlQW9vVUxMVzBUTmF2MUdoMTRZbTFPTVdMQ25RV2JYR2pZWlNSTWpOYlBqYjUyL1E2Q3VJSFJjS1dLSm1xSjVHU0U1Q1JocTFpaWdRUjlyUXQ1RU83QWxEVjFJOTQwVHVDazVTcXExdWg0cnBLMzgvc1dicVA3K29Pd09HekpmVVZtYjZoZFJkTitnNHJFbUtQZVl3eko3QStVNWR2SlVzbG90aURvOVJhKzlNQ3NHQ1NxR1NJYjNEUUVIQVRBVUJnZ3Foa2lHOXcwREJ3UUlsRDhyYm9QMjFUYUFDRUUvU2pRMGlHaHFHZ2tKRjArTnlCTG4xVWdTRWdvUWYrUVFJMXhGaUVXbHh4VmhOOFZQS2hvSkNSZXRYWHNUNTlWSQ==; ESTSAUTHPERSISTENT=AQABAAQAAADXzZ3ifr-GRbDT45zNSEFE1D-i4sTI4bxMS3YG2_xDXp4yTXqZSiUHyY4ul731zw7SXGGIFxbywIo1SPbnI4jt3--AWzXxi_t3TOAUSTHcP7GmFG5M_XmldgDdZwx3po9Gr51ZGKrG8XoWYd26XFqopxJ1h-q7oWvXdN-5T0odxC-f4qwnqOodnM9QS7nU1m-gKtYqZS9PIvMoNw1Eb1Lv4Cb9Rctu6N2q85C1nYaLEbjtnCkAHrTOgCNDM8C-zYIGLOzZ7DR0rFEfnV8o0niSO0oUO-e9t3fXssDHYMaUqhDLTt8hDUR1KqU2lPew5JAAzqh1pTiiDY7IYV7SE5lqH-dNGeavEkwMqde1rtUGJTQPCvimMnNGoDysrW4yXzPmnAQPc8Sn8Glx7mMwbPzntQ8kYB6sTijcbH_no0QyTuiCn0528glk6Z6p1TXLdky0mmCB0AxlVM0Xccm8oqlti5AzMulnsEDUdM7gLi1PgA_uPxJ1UTM-DO0RxUY5-Q6scRf-VSzwQnMlkTWH9PRiesxnSODFvQs-aIojw1tC0ahuX7ZfcvEXQmZG4VOQ04nnqcWje-6510jAK-lx5VtMw3JKTQzydei_mXydArKXlKmBYD-GgN2iCfKcm6Sx22jFFSM34979ZtTY0xcBtpxbrtvt_o4LkwxJqKhC_cb9vALt3YguankBPShoBSzBPq6_sfyb8nxGdOPv7bTcZ9h1RFt0fXcMvuhwfdnbjfL6HnNYMajoOOmk3cRlyE4gPmkFOSotod4467QrCms-NcOIrQenzv6xwUx3SPlyCoPuTyifP0PdMZk7aASltHP5PkFQKXm5ebZviQ_mThAYdAHmCdDnX3faBWaNZmgKCNodrOOwxQA_VNGUoniXLOnX4oQgACAAQAAQAgAA; x-ms-cpim-csrf=RUF6Zk1MMFBHcVQxeHlNV2x0K2dnN21SVy9aMlN3M1R1WmxSOWdOUXhFTitDaGxOTFJoVGgwWFNLT0lKZ2JCcHdETFR1aUxtNFVDMmp0R2NkOE1RNXc9PTsyMDE4LTA3LTEyVDEwOjMzOjMyLjMyNjM0MTJaOy9IY3JiQmxESUhEcEQ4SWd1SXp6Q1E9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==; x-ms-cpim-cache:wvcyvhvvd0q92cjc_6_h2g_0=m1.S3dACHsvLvIU9jhT.XNaZIn7mQAXBmNMOG0OeZw==.0.qqrYwNxX97Mf7xsSucScE/lnsINSDQQEECciCSWF7lWoCSaJE4jE3k8gamxe27Y2LDYWRgAUQpLIwaq7Sy4bzHmpz6RW/6Eb0A+2EGYcOzEaCFdnyLgaYAAHJYSgFIi07woKxFS8XlaRNBPFhiN/oa9Cpx5FlKflK0zFI5kFlcCzs4ezScCoAGF37FqMhgF7bzMvEVlat7nFioDK5PujkHHasjBUx5GzIHcs/N+TKCGF2Q1laAXaQIqXRmAtsoW+c1W1jU2RgGOcEQumixZgr1V00CYan/Gl2CZrKcIzyieb0ZbLxInF4SKSzy2o4IGbAPD175IFRCvFVNx87OB3mi0BG7dRmJqVFIM/No+QhAg1Bn3rWc279ggANB5W2WqPBum4UCnbwGGdUncuaiMvzYzNGBEehbDhA2HMGyNSSB+/pyGlFQfrfAB1u6FMYaLRYrjistDBAtnDuc0vwbCru4UTZpL2tSsaZ9G3C1hRNEcyr3KPVdwbp4LWKCec7RXY0CMq+eDO0TDZytaZODlN; x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjU2MzI1NzU5LWVmMWItNGE3Ny1iZGQ5LWM4ZGNmZmFmZTFkYSIsIlQiOiJ5YW5nc2Eub25taWNyb3NvZnQuY29tIiwiUCI6IkIyQ18xQV9zaWdudXBfc2lnbmluIiwiQyI6ImNlYzdlYzY0LTBhMjgtNDkxNC1hYjFhLThmOTUxZmQyN2IxZCIsIlMiOjEsIk0iOnt9LCJEIjowfV0sIkNfSUQiOiI1NjMyNTc1OS1lZjFiLTRhNzctYmRkOS1jOGRjZmZhZmUxZGEifQ==; x-ms-gateway-slice=001-000; stsservicecookie=cpim_te

request_type=RESPONSE&signInName=547541640%40qq.com&password=Password**

Response:

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/json; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: x-ms-cpim-cache:wvcyvhvvd0q92cjc_6_h2g_0=m1.9B2iQNUwazd7FQjw.OrYhfYGEvwJJcMYqrEutbg==.0.l5lu5FOyolu+69ukoegFq67IOmYbXgaWseDNzRfZ5twroAiil6LBDW95AdlAFxN7fOAry+gJtt8222nEpoR0n1S1QjABJoV1GlPZVyMDzUqWZLZeaEnPjDQjP2cSQ4sgQLyD/9IKwCaf9CUKdSIb7kiCCJGzw6/gYy5mywIo8kQJJrjZNCFMWEnZSb121TvRPpq7OZvI7ssYdxm2UDX6JYl9/37PxBvTQljKt5xKvgm0a56GSxHiUseOJnhsXKr4hUQseN5RSfaBe1egdStqzgyjcaQQKX6ZSIdZoE1lx1PUyagIARPL+tVtvf3093pqjbp9O0tEYM6udP5vp64HR/KOorzXBjnZPiCVxU0Oybp8UAyXbRkv8MsrWRE8bzKCqwxswN+sj+h+JyBv/0+6v7/7UIqokxS++91ddik5rwtYYugGM++OJ+TBugg9jWtHbSsivpaDGctslmo52yJydP2Is6rwazTkg3+vOUrZUr+BUXnvWWt8pqejBUKziRsrafXE5xgjARtvxLs1lb4DjiRUoXN1Wpel; domain=login.microsoftonline.com; path=/; secure; HttpOnly
Set-Cookie: x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjU2MzI1NzU5LWVmMWItNGE3Ny1iZGQ5LWM4ZGNmZmFmZTFkYSIsIlQiOiJ5YW5nc2Eub25taWNyb3NvZnQuY29tIiwiUCI6IkIyQ18xQV9zaWdudXBfc2lnbmluIiwiQyI6ImNlYzdlYzY0LTBhMjgtNDkxNC1hYjFhLThmOTUxZmQyN2IxZCIsIlMiOjIsIk0iOnt9LCJEIjowfV0sIkNfSUQiOiI1NjMyNTc1OS1lZjFiLTRhNzctYmRkOS1jOGRjZmZhZmUxZGEifQ==; domain=login.microsoftonline.com; path=/; secure; HttpOnly
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: x-ms-gateway-slice=001-000; path=/; secure; HttpOnly
Set-Cookie: stsservicecookie=cpim_te; path=/; secure; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 12 Jul 2018 10:33:42 GMT
Content-Length: 58

{"status":"400","message":"Invalid username or password."}

How to resolve this issue ? Is there anything I missed?

Additional: I can sign in with the bulit-in policy with both local and soical accounts. Also, I can sign up a new local account with custom policy but cannot sign in next time.

If there is any information needed, I can provide it later. Thanks in advance!

UPDATE1:

Here is my custom policies I used in this issue :https://github.com/WayneYangsa/Azure-AD-B2C-cutompolicy

UPDATE2:

I tested following different ways:

  • Use a wrong username to signin , the page will throw:We can't seem to find your account.

  • Use a right username but wrong password to signin,the page will throw:Your password is incorrect.

  • Use a right username and a right password to signin,the page will throw:Invalid username or password.

It's really weird. Becuase I even didn't have Invalid username or passwordmatedata Item in my TrustFrameworkBase.xml.

Here is the Matadata:

          <Metadata>
            <Item Key="UserMessageIfClaimsPrincipalDoesNotExist">We can't seem to find your account</Item>
            <Item Key="UserMessageIfInvalidPassword">Your password is incorrect</Item>
            <Item Key="UserMessageIfOldPasswordUsed">Looks like you used an old password</Item>

            <Item Key="ProviderName">https://sts.windows.net/</Item>
            <Item Key="METADATA">https://login.microsoftonline.com/yangsa.onmicrosoft.com/.well-known/openid-configuration</Item>
            <Item Key="authorization_endpoint">https://login.microsoftonline.com/yangsa.onmicrosoft.com/oauth2/token</Item>
            <Item Key="response_types">id_token</Item>
            <Item Key="response_mode">query</Item>
            <Item Key="scope">email openid</Item>

            <!-- Policy Engine Clients -->
            <Item Key="UsePolicyInRedirectUri">false</Item>
            <Item Key="HttpBinding">POST</Item>
          </Metadata>

回答1:


@WayneYang able to resolve issue :-)

Most common mistakes leading to this issue are

  • Creating IdentityExperienceFramework and ProxyIdentityExperienceFramework apps under B2C blade instead of Creating under Azure Active Directory blade (check step 2 in the doc)
  • Missing 11th step from the doc
  • Interchanging AppIds while placing inside extension policy for ProxyIEF and IEF Apps.


来源:https://stackoverflow.com/questions/51303500/invalid-usename-or-password-when-sigining-local-account-with-azure-ad-b2c-custom

标签
azure
azure-active-directory
openid-connect
azure-ad-b2c
identity-experience-framework
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!