Reputation: 31
Issue with Azure B2C Reset Password user flow
I have recently developed an ASP.net MVC web application which uses Azure B2C to authenticate users.
I have been asked to enable the Reset Password User flow to enable users to reset via self-service.
I created the user flow within the portal (using the correct identity provider and setting Reset password using email address) and added the code from the microsoft example here however every time I click reset password, it just directs me back to the login screen and it never reaches the reset password page.
When I click the forgot password link the method below is called , it steps through the code fine, but then loads the login page.
Reset Password code
public void ResetPassword(string redirectUrl)
{
// Let the middleware know you are trying to use the reset password policy (see OnRedirectToIdentityProvider in Startup.Auth.cs)
HttpContext.GetOwinContext().Set("Policy", Startup.PasswordResetPolicyId);
// Set the page to redirect to after changing passwords
var authenticationProperties = new AuthenticationProperties { RedirectUri = "/" };
HttpContext.GetOwinContext().Authentication.Challenge(authenticationProperties);
return;
}
The policy ID is correct in both azure and in the code as I step through and the values are all pulling through correctly (see below):
Policy ID string (as used above)
public static string PasswordResetPolicyId = ConfigurationManager.AppSettings["ida:ResetPasswordPolicyId"];
In Web.config where the policy is defined
<add key="ida:ResetPasswordPolicyId" value="B2C_1_UserApp_ResetPassword" />
I have provided all the code samples I have added for the reset function to work, the rest of the code is all included in the Microsoft Web App example.
Has anyone else experienced something similar? As I said previously, when you click the forgot password link it does exactly as it should and goes to the correct controller/method, but then goes back to the login screen.
Upvotes: 1
Views: 513
Answers (1)
Reputation: 31
Searching through my code, I found that the line
app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(PasswordResetPolicyId));
was missing from ConfigureAuth. Once added this has fixed the issue.
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieManager = new SystemWebCookieManager()
});
app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(SignInPolicyId));
/////////////////
app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(PasswordResetPolicyId));
}
Upvotes: 1
Related Questions
- Azure AD B2C Password Reset
- B2C Password Reset Policy forces sign in to go into forgot password flow
- Issue with Password Reset Flow for Blazor with Azure AD B2C
- Azure B2C Custom Reset Password Policy
- Resetting the user password doesn’t work for Azure B2C
- B2C password reset policy using signinname and verified email
- Azure AD B2C App Service Auth password reset
- B2C reset password
- B2C Password reset with username
- Azure AD B2C reset a user's password