question

paf2021 avatar image
0 Votes"
paf2021 asked ·

How can I validate user's password using MSAL before executing a request?

Hello,

I need to double check the user's password before executing a certain request. Although the user is logged into the application (and the corresponding msal info it's in the localStorage) I have a requirement to add extra security to make sure the user is prompted a window to confirm their password before executing the action. Is there any way I can validate that using MSAL and/or Graph? I've been trying to search through the APIs but I can't find any info.

I'm using
@azure/msal-angular": "^2.0.0-alpha.5
@azure/msal-browser": "^2.11.1

Thanks in advance.

azure-ad-msal
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

sikumars-msft avatar image
0 Votes"
sikumars-msft answered ·

Hello @paf2021,

Thanks for reaching out.

You could use loginPopup method along with optional parameter prompt=login (extraQueryParameters: "prompt:login") which will force the user to enter their credentials on that request, negating single-sign on.

For more information:
https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-sign-in?tabs=angular#sign-in-with-a-pop-up-window

There is similar question asked from stackoverflow.

Hope this helps.

Regards,
Siva Kumar Selvaraj


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @sikumars-msft,

Thanks for the help. I have an additional question regarding your proposed solution. This is my current scenario:

  • User A is logged into the application

  • User B tries to execute an operation that needs password confirmation using the opened session of User A

  • User B gets prompted the loginPopup window and they put their credentials correctly

  • The response is OK so now I have two signed accounts, both A and B.

  • I can check if the logged one is the same as the one who just logged but how can I remove the account which just logged in as it's not supposed to be there?

Regards,




0 Votes 0 ·