stackoom
  简体   繁体   中英

Azure AD B2C SignUp-SignIn policy with MFA turned on - Custom Login Page

 原文  2017-06-16 15:09:23       azure/ azure-storage-blobs/ azure-ad-b2c

Question

I have an asp.net web application that authenticates via Azure AD B2C tenant. I have a sign-up-sign-in policy [login is using username instead of email] with MFA turned on. I have also setup Custom UI login page [unified.html] and MFA page [phonefactor.html] in a storage blob that the policy points to. I am able to authenticate the user via the custom login page and login with MFA. The issue is when I create a new user and force the user to change the password at their first login, instead of redirecting the user to the change password screen, I am getting an invalid username and password message. When I use the Sign-In policy instead of sign-up-sign-in, the redirection to change the password works for the new user. But the sign-in policy does not have the option to specify Custom UI for login page. Am I missing anything here and how can I make this work with the sign-up-sign-in policy.

Also is there any way to get the "Password" hint like the "Username" hint in the company branding ... Password hint is not available

1 answers

solution1
 4 ACCPTED  2017-06-18 07:10:59

forceChangePasswordNextLogin only works on the sign-in policy which does not support UI customization.

In order to achieve similar functionality in the unified sign-up/sign-in policy, you'll need to implement this functionality yourself.

One option to achieve similar (albeit not quite the same) functionality is by leveraging the Password Reset policy. You would be creating new users up-front and ensuring you configure their email. You then direct them straight to the Password Reset policy for their account activation . They'll receive an email with a code which once provided, will let them provide set their password.

There's already two outstanding feature asks in the Azure AD B2C Feedback Forum that you can support:

UPDATE

For the DIY approach:

  1. Create the users by setting up an Azure AD app for your back-end API as outlined here: https://docs.microsoft.com/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet
  2. Have your back-end API call the Graph API like this app does to create the users: https://github.com/AzureADQuickStarts/B2C-GraphAPI-DotNet.git
  3. Send the users directly to the reset password URL /authorize/ url..

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure AD B2C custom login page for signin/signup generating 404 Custom URL for Azure AD B2C signup and signin pages Azure AD B2C custom policy to enable/disable MFA Azure AD B2C - Not redirecting to SignIn/SignUp Page(login.microsoftonline.com…) Azure AD B2C Custom SignIn Policy Displays SignUpSignIn How to customize Create Account page for the SignUp_SignIn Custom Policy in Azure B2C? What is the recommended approach for generating Azure AD Signin logs with passwordless azure B2C signin custom policy? How to modify the Azure AD B2C SignIn/Signup page for Azure web app Facebook login via Azure AD B2C custom policy Azure ad b2c custom policy with KMSI, auto signin not working after browser close
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM