Menu
I'm trying to implement azure B2C using the new App Service Auth workflow as described here: https://cgillum.tech/2016/05/27/app-service-auth-and-azure-ad-b2c/
Signup and login is working fine, but password reset redirects to the same url as a successful login. For example: https://myapp.azurewebsite.net/.auth/login/aad/callback
But given that the user not logged in this redirect fails with a 401 Unauthorized error.
I have set up a password reset policy in my Azure B2C tenant but there seems to be no way to redirect the Easy Auth system to it.
Note that I also enabled password reset for the B2C in the classic portal.
What am I missing here?
Update:
When I use a SignIn policy only (not a combined SignUp/SignIn policy) the password reset works fine. These two policies seem to do different things.
741
Only the user, or an administrator in External Azure AD, can reset the password.
Passwords are stored in an identity provider, which you don't have access. Your system validates user credential by calling an identity provider web service.
Firstly, when administrators require one method for resetting a password, a verification code is the only option available. Secondly, when administrators require two methods for resetting a password, users are able to use notification OR verification code in addition to any other enabled methods.
See this blog post for more information on how to invoke additional B2C policies from your App Service app (includes examples): https://cgillum.tech/2016/08/10/app-service-auth-and-azure-ad-b2c-part-2/
Here is an example of how you can invoke a password reset policy from within your web app:
<a href="/.auth/login/aad?p=B2C_1_ResetPassword&post_login_redirect_uri=/">Reset Password</a>
You may be running into a temporary limitation of the integrated B2C support in App Service, as mentioned in the blog post:~~
We currently only support a single B2C policy at a time for your app. The example I showed previously uses a single Sign-up or Sign-in policy. This should work out nicely for many apps but may be limiting if you want to go deeper with B2C...
This will add support for these B2C scenarios very soon in a future service update. I’ll update this blog post when we get those updates out and demonstrates how to take advantage of them.
Expect an update by the end of this week or early next week. A new blog post will be added which shows how to use multiple policies and even gives examples, including password reset.
148
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
