stackoom
  简体   繁体   中英

Azure's Graph api passwordprofile NULL for b2c users

 原文  2020-03-18 14:41:09       azure/ microsoft-graph-api/ azure-ad-b2c

Question

Users sign up/login via Azure AD B2C using Identity provider Local Account-Email.

I can see users signed up (with their password) for the tenant: 在此处输入图片说明 When I run example "Manage User Accounts with Graph API" to check for local identity passwordProfiles they show null. My assumption is this property is automatically populated when a user creates the password same as other User resources.

Can someone give me some guidance what I'm missing?

public static async Task GetUserByIssuerAssignedID(AppSettings config, GraphServiceClient graphClient)
    {
        Console.Write("Enter user sign-in name (username or email address): ");
        string userName = Console.ReadLine();

        Console.WriteLine($"Looking for user with sign-in name '{userName}'...");

        try
        {
            // Get user by sign-in name
            var result = await graphClient.Users
                .Request()
                .Filter($"identities/any(c:c/issuerAssignedId eq '{userName}' and c/issuer eq '{config.TenantId}')")
                .Select(e => new
                {
                    e.PasswordProfile,
                    e.DisplayName,
                    e.Id,
                    e.Identities
                })
                .GetAsync();

            if (result != null)
            {
                Console.WriteLine(JsonConvert.SerializeObject(result));
            }

在此处输入图片说明 Thank you for your help

1 answers

solution1
 2 ACCPTED  2020-03-19 09:26:56

It is an expected result.

Azure AD B2C doesn't require the local identity users to change password next sign in. As the document says:

The property must set to .forceChangePasswordNextSignIn false .

Set forceChangePasswordNextSignIn as true is meaningless. In this case, passwordProfile won't be visible through GET method of Microsoft Graph API.

You can quickly verify it in Microsoft Graph Explorer .

For example, if you create a user with "forceChangePasswordNextSignIn": true in an Azure AD tenant, you will get passwordProfile in the result.

If you create a user with "forceChangePasswordNextSignIn": true in an Azure AD B2C tenant, you can get "passwordProfile" in the result but the password is null.

"passwordProfile": {
    "password": null,
    "forceChangePasswordNextSignIn": true,
    "forceChangePasswordNextSignInWithMfa": false
}

We can never get user password using Microsoft Graph API or any other official API. Azure AD won't store password. So you can't get it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to create multiple users in azure b2c with graph api? Azure B2C SigninEvents Graph Api Azure B2C Graph API issue Azure AD B2C and Graph: cannot list users with memberOf Azure B2C sign in using Graph API Change password using Graph API (Azure AD B2C) Azure AD B2C Create User with the Graph API Cannot delete user in Azure B2C using Graph API Access Microsoft Graph API from Azure B2C Federated identity creation by graph-api in Azure B2C
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM