Azure AD B2C App Service Auth password reset

6
votes

I'm trying to implement azure B2C using the new App Service Auth workflow as described here: https://cgillum.tech/2016/05/27/app-service-auth-and-azure-ad-b2c/

Signup and login is working fine, but password reset redirects to the same url as a successful login. For example: https://myapp.azurewebsite.net/.auth/login/aad/callback

But given that the user not logged in this redirect fails with a 401 Unauthorized error.

I have set up a password reset policy in my Azure B2C tenant but there seems to be no way to redirect the Easy Auth system to it.

Note that I also enabled password reset for the B2C in the classic portal.

What am I missing here?

Update:
When I use a SignIn policy only (not a combined SignUp/SignIn policy) the password reset works fine. These two policies seem to do different things.

1
azureazure-web-app-serviceazure-ad-b2c
This is exactly what's happening to me. One says Forgot Password? and the other says Can't access account? They do two different things.Bill Noel

1 Answers

3
votes

UPDATE 8/15/2016

See this blog post for more information on how to invoke additional B2C policies from your App Service app (includes examples): https://cgillum.tech/2016/08/10/app-service-auth-and-azure-ad-b2c-part-2/

Here is an example of how you can invoke a password reset policy from within your web app:

<a href="/.auth/login/aad?p=B2C_1_ResetPassword&post_login_redirect_uri=/">Reset Password</a>

Old response - please disregard:

You may be running into a temporary limitation of the integrated B2C support in App Service, as mentioned in the blog post:~~

We currently only support a single B2C policy at a time for your app. The example I showed previously uses a single Sign-up or Sign-in policy. This should work out nicely for many apps but may be limiting if you want to go deeper with B2C...

This will add support for these B2C scenarios very soon in a future service update. I’ll update this blog post when we get those updates out and demonstrates how to take advantage of them.

Expect an update by the end of this week or early next week. A new blog post will be added which shows how to use multiple policies and even gives examples, including password reset.