Azure AD B2C change password on migration
Question
I am moving from an Asp.Net identity management to Azure AD B2C. I added the existing user through Graph API and gave the user some random password as of now in stage. Is it possible to use the old password of the user (I cannot get the existing password from my database). I remember in one of the talks of Azure AD B2C, they get the password by back tracking the request though I am not clear about it.
What is the best strategy to move to Azure AD B2C with minimum password friction?
2 answers
solution1
2 2018-07-26 10:10:33
I used the approach described here ( Just-In-Time migration source code )
- pre-migrate users with auto-generated password
- create an API to check user credentials from the old user store ( Microsoft Docs )
- add the API call to the Technical Profile in the SignIn Policy so every time a user tries to sign in, the credentials will be checked against the old user store ( Microsoft Docs )
- add the API the privilege to change the password if the old credentials are verified ( see my response to this post ) or impersonate the user (if you safely stored the auto-generated passwords in somewhere secure place)
- you user credentials were updated 'just-in-time' so your user will not notice this change on the fly
solution2
1 ACCPTED 2017-07-23 19:22:30
I don't think you can get the password out from ASP.NET identity management, since the password is hashed.
As a migration strategy, you could create the Azure B2C users, from your existing authentication logic backend in ASP.NET identity management, upon successful login, since users are sending their usernames and passwords for authentication. Once all the users are moved, you can shift to Azure B2C login.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.