Forum Discussion

bwano's avatar
bwano
Copper Contributor
Jan 31, 2023

Azure B2C password reset using username

Hi all.

 

Using Azure B2C and have several issues by password reset for registered users.

Using std User Flows I have registered two user flows

 

  1. B2C_1_username-signin-only (Sign in (Recommended), Identity Provider set to Local accounts User ID signin)
  2. B2C_1_username_reset_password (Password reset (Recommended), Identity Provider set to Local accounts User ID signin)


By using 'Run user flow' feature in Azure Portal against jwt.ms the sign in work perfectly. Using the User Principal Name.

Issue 1 : In B2C_1_username-signin-only flow, and clicking on 'Forgot your password?' abowe Sign In button, there is no forgot password dialog, it seems like the connection to the 'B2C_1_username_reset_password' flow is not known here ?


Issue 2 : In B2C_1_username_reset_password flow Using 'Run user flow' feature in Azure Portal against jwt.ms, the is not possible to enter anyting into Username field. Only Email Address is open for input. How can I actually specify the Username and Email combination to get verification code sent for the actual Username ?

 

Issue 3 : In B2C_1_username_reset_password flow, I'm able to send and receive a code to my email. This was verified sucessfully, and now the Username field is open, but filled with my e-mail.

 

Trying to Continue. It fails, actually as expected



If I change the Username to the actually username and enter Continue I get a message : An account could not be found for the provided user ID. Now I'm lost ...

 

 

So logging in with the same username work, but resetting password with same username does not work... ref. Issue 4.

Issue 4: Confusing use of Username. Is the Username actually the User Principal Name from the user entry in Azure B2C? And from the last picture abowe, a third way of referencing Username is used : user ID

 



May I have missed a very important setting here ?

/bwa

 

  • bwano I know this is an old question, but just in case it still helps you or anyone else who might read this 🙂

    I was running into the same problem, and I finally figured out how to get self service password reset to work for username-based accounts. What I had to do is to select the B2C user, and add their e-mail address. However, not by clicking "edit properties", but by selecting "authentication methods" and entering the e-mail address over there!

    I think this way B2C is able to find the link between the e-mail address used to start the password reset with (and receiving the code), and afterwards entering the related username for that account.

  • arumberger's avatar
    arumberger
    Copper Contributor

    Way late, but thought I should leave this here for anyone else encountering this issue. The problem was caused by a missing authentication method for the user (as renevanmiloliver also discovered).

     

    In my case, I was creating the user account using the Graph API, with "userName" sign-in type, which resulted in the same behaviour described by OP. Eventually, I compared a user created that way with a user I created using a Sign Up/Sign In flow, and discovered that the user created by the flow had an email address listed under "Authentication methods" in the Azure portal. After some fiddling around with the Graph API, I found that I could simply add the same thing to my Graph-created users. My code looks like this (not ideal, but the GraphServiceClient doesn't appear to support doing this the same way it supports creating a user):

     

     

    Microsoft.Graph.User userResult = await graphServiceClient.Users.Request().AddAsync(user);
    
    string url = graphServiceClient.Users[userResult.Id].Authentication.AppendSegmentToRequestUrl("emailMethods");
    HttpRequestMessage message = new HttpRequestMessage
    {
        Method = HttpMethod.Post,
        RequestUri = new Uri(url),
        Content = new StringContent($"{{\"emailAddress\":\"{profile.Email}\"}}", Encoding.UTF8, "application/json")
    };
    _ = await graphServiceClient.HttpProvider.SendAsync(message);

     

     

    Hope this helps someone else.

Resources