Forgot Password in ADB2C - (AADB2C90118), How to run a specific user flow? Forgot Password in ADB2C - (AADB2C90118), How to run a specific user flow? azure azure

Forgot Password in ADB2C - (AADB2C90118), How to run a specific user flow?


c# azure azure-ad-b2c openid-connect asp.net-core-2.2

The Sign-up-sign-in policy now has built-in support for password resets without a second "password-reset" user flow. It is quite confusing with all the documentation and samples out there but this is the latest docs and it works for us!

https://docs.microsoft.com/en-us/azure/active-directory-b2c/force-password-reset?pivots=b2c-user-flow

c# azure azure-ad-b2c openid-connect asp.net-core-2.2

Answer that was posted in the question:

For anyone else having the same or similar issue, make sure to keep an eye out on the OpenIdConnectEvents. We have been experimenting with ADB2C/OpenID and had test code. This code was obviously invalid.

protected virtual Task OnRedirectToIdentityProvider(RedirectContext context){    string policy = "";    context.Properties.Items.TryGetValue(AzureADB2COptionsExtended.PolicyAuthenticationProperty, out policy);    if (!string.IsNullOrEmpty(policy) && !policy.ToLower().Equals(_adb2cOptions.DefaultPolicy.ToLower()))    {        context.ProtocolMessage.Scope = OpenIdConnectScope.OpenId;        context.ProtocolMessage.ResponseType = OpenIdConnectResponseType.IdToken;        context.ProtocolMessage.IssuerAddress = context.ProtocolMessage.IssuerAddress.ToLower().Replace(_adb2cOptions.DefaultPolicy.ToLower(), policy.ToLower());    }    return Task.FromResult(0);}

c# azure azure-ad-b2c openid-connect asp.net-core-2.2

Normally, the ResetPassword flow you configured in your appsettings.json is called automatically when using the Microsoft.Identity.Web package. In your case B2C_1_SSPR. That means you must define a custom user flow with this Id.(I guess SSPR = self-service password reset)

The only thing you need in this default case is call the following in your Startup:

services.AddMicrosoftIdentityWebAppAuthentication(Configuration, "ActiveDirectoryB2C");

This works like a charm.

However, you decided to deal with all this stuff by yourself and not to use the Microsft.Identity.Web library for all processing.In this case you are able to handle Password-reset by yourself.

But let's have a look at the Microsft.Identity.Web. They integrated an AccountController that handles the processing of the B2C custom flows (in this case the ResetPassword action).

The exception handling for AADB2C90118 can be found in the source code of the Identity package:

 if (isOidcProtocolException && message.Contains(ErrorCodes.B2CForgottenPassword)) {     // If the user clicked the reset password link, redirect to the reset password route     context.Response.Redirect($"{context.Request.PathBase}/MicrosoftIdentity/Account/ResetPassword/{SchemeName}"); }

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last