Users sign up/login via Azure AD B2C using Identity provider Local Account-Email.
I can see users signed up (with their password) for the tenant: When I run example "Manage User Accounts with Graph API" to check for local identity passwordProfiles they show null. My assumption is this property is automatically populated when a user creates the password same as other User resources.
Can someone give me some guidance what I'm missing?
public static async Task GetUserByIssuerAssignedID(AppSettings config, GraphServiceClient graphClient)
{
Console.Write("Enter user sign-in name (username or email address): ");
string userName = Console.ReadLine();
Console.WriteLine($"Looking for user with sign-in name '{userName}'...");
try
{
// Get user by sign-in name
var result = await graphClient.Users
.Request()
.Filter($"identities/any(c:c/issuerAssignedId eq '{userName}' and c/issuer eq '{config.TenantId}')")
.Select(e => new
{
e.PasswordProfile,
e.DisplayName,
e.Id,
e.Identities
})
.GetAsync();
if (result != null)
{
Console.WriteLine(JsonConvert.SerializeObject(result));
}
It is an expected result.
Azure AD B2C doesn't require the local identity users to change password next sign in. As the document says:
The property must set to
.forceChangePasswordNextSignIn false
.
Set forceChangePasswordNextSignIn
as true
is meaningless. In this case, passwordProfile
won't be visible through GET method of Microsoft Graph API.
You can quickly verify it in Microsoft Graph Explorer .
For example, if you create a user with "forceChangePasswordNextSignIn": true
in an Azure AD tenant, you will get passwordProfile
in the result.
If you create a user with "forceChangePasswordNextSignIn": true
in an Azure AD B2C tenant, you can get "passwordProfile"
in the result but the password is null.
"passwordProfile": {
"password": null,
"forceChangePasswordNextSignIn": true,
"forceChangePasswordNextSignInWithMfa": false
}
We can never get user password using Microsoft Graph API or any other official API. Azure AD won't store password. So you can't get it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.