stackoom
  简体   繁体   中英

How to force change password after first login

 原文  2019-04-23 06:44:47       c#/ azure/ azure-ad-b2c

Question

I have a Azure Active Directory B2C tenant. I also have a small service that creates new users in the B2C tenant from a different system. This way I can synchornize both systems. When a user has been added to B2C and logs in the first time, I want the user to be forced to change the password. But whatever I do, the user can just log in and continue, without changing the password..

To add a user to B2C, I use the Microsoft Graph 1.14 package. I push the user information as JSON to the endpoint https://graph.windows.net/ {tenantId}/users?api-version=1.6

The log in page is an Azure custom page in the user flow policies. There is also a change password policy, if needed.

This I tried:

  • When adding the user, I set the password profile. Adding the property "ForceChangePasswordNextLogin" and setting it to true, does not work.

  • Someone suggested to add the "ForceChangePasswordNextSignIn" property, but B2C doesn't know this property.

  • Tried to fix it in the policy; didn't work.

  • Used Google and StackOverflow; not much luck.

This is the user I post to Microsoft Graph: 

var user = new GraphUserModel
{
    City = "Amsterdam",
    CustomField= "999999",
    Department = "TestPassword",
    DisplayName = "TestPassword",
    OtherMails = new[] { "myemail@something.nl" },
    PostalCode = "1234 AB",
    StreetAddress = "Hoofdweg 6",
    Surname = "TestPassword",
    TelephoneNumber = "0123456789",
    ChainCode = null,
    MailNickname = "999999",
    UserPrincipalName = "999999@{tenantNameHere}",
    SignInNames = new List<SignInNames>
    {
        new SignInNames
        {
            Type = "userName",
            Value = "999999"
        }
    },
    AccountEnabled = true,
    CreationType = "LocalAccount",
    PasswordProfile = new PasswordProfile
    {
        Password = "SomeRandomPassword"
    },
    PasswordPolicies = "DisablePasswordExpiration"
};

The users are created correctly, but when they log in for the first time, I would like to see a page where they are forced to change the password.

1 answers

solution1
 2  2019-04-23 08:14:59

With Sign-up/Sign-in policy I had to implement that manually by flagging users in DB if they have changed the password and then redirecting to password change if they have not changed the password.

I was also not able to find 'out of the box' solution. I found that forceChangePasswordNextLogin works only with Sign-in policy.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to force the user to change his password after first login? Is there any way to force Sitecore CMS users to change their password on the first login? Force user re-authentication after they change their Login Password Remember id and password after first login Force local user to change password at next login with C# How to have users change their passwords after the first login? How to change a sql login password with variables How to Change ADS password at initial login How to set force reset password when login with temporary password in active directory from c# .net How to detemine if the ADS account password needs to be reset at first login
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM