1. 技术文章
  2. How to force change password after first login

How to force change password after first login

雨燕双飞 提交于 2019-12-10 13:52:36

问题


I have a Azure Active Directory B2C tenant. I also have a small service that creates new users in the B2C tenant from a different system. This way I can synchornize both systems. When a user has been added to B2C and logs in the first time, I want the user to be forced to change the password. But whatever I do, the user can just log in and continue, without changing the password..

To add a user to B2C, I use the Microsoft Graph 1.14 package. I push the user information as JSON to the endpoint https://graph.windows.net/{tenantId}/users?api-version=1.6

The log in page is an Azure custom page in the user flow policies. There is also a change password policy, if needed.

This I tried:

  • When adding the user, I set the password profile. Adding the property "ForceChangePasswordNextLogin" and setting it to true, does not work.

  • Someone suggested to add the "ForceChangePasswordNextSignIn" property, but B2C doesn't know this property.

  • Tried to fix it in the policy; didn't work.

  • Used Google and StackOverflow; not much luck.

This is the user I post to Microsoft Graph:

var user = new GraphUserModel
{
    City = "Amsterdam",
    CustomField= "999999",
    Department = "TestPassword",
    DisplayName = "TestPassword",
    OtherMails = new[] { "myemail@something.nl" },
    PostalCode = "1234 AB",
    StreetAddress = "Hoofdweg 6",
    Surname = "TestPassword",
    TelephoneNumber = "0123456789",
    ChainCode = null,
    MailNickname = "999999",
    UserPrincipalName = "999999@{tenantNameHere}",
    SignInNames = new List<SignInNames>
    {
        new SignInNames
        {
            Type = "userName",
            Value = "999999"
        }
    },
    AccountEnabled = true,
    CreationType = "LocalAccount",
    PasswordProfile = new PasswordProfile
    {
        Password = "SomeRandomPassword"
    },
    PasswordPolicies = "DisablePasswordExpiration"
};

The users are created correctly, but when they log in for the first time, I would like to see a page where they are forced to change the password.


回答1:


With Sign-up/Sign-in policy I had to implement that manually by flagging users in DB if they have changed the password and then redirecting to password change if they have not changed the password.

I was also not able to find 'out of the box' solution. I found that forceChangePasswordNextLogin works only with Sign-in policy.



来源:https://stackoverflow.com/questions/55805692/how-to-force-change-password-after-first-login

标签
c#
azure
azure-ad-b2c
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!