Yes. It works. Thanks, @amanpreetsingh-msft.

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
Conflict

Headers:
Pragma : no-cache
Strict-Transport-Security : max-age=31536000; includeSubDomains
x-ms-ratelimit-remaining-subscription-deletes: 14999
x-ms-request-id : xxx-d155-4e7b-86ec-xxx
x-ms-correlation-request-id : xxx-d155-4e7b-86ec-xxx
x-ms-routing-request-id : WESTUS3:20211123T012327Z:0fbd5902-d155-4e7b-86ec-xxx
X-Content-Type-Options : nosniff
Cache-Control : no-cache
Date : Tue, 23 Nov 2021 01:23:27 GMT
Server : Microsoft-IIS/10.0
X-AspNet-Version : 4.0.30319
X-Powered-By : ASP.NET

Body:
{
"Code": "Conflict",
"Message": "Cannot delete a backup that does not have Succeeded or PartiallySucceeded status.",
"Target": null,
"Details": [
{
"Message": "Cannot delete a backup that does not have Succeeded or PartiallySucceeded status."
},
{
"Code": "Conflict"
},
{
"ErrorEntity": {
"ExtendedCode": "04226",
"MessageTemplate": "Cannot delete a backup that does not have Succeeded or PartiallySucceeded status.",
"Parameters": [],
"Code": "Conflict",
"Message": "Cannot delete a backup that does not have Succeeded or PartiallySucceeded status."
}
}
],
"Innererror": null
}

I had that setting in my CORS as ExxxCxxB2C.b2clogin.com because that's how it was shown in the user flow.

It turns out that the whole domain name has to be in lowercase letters. It's working now after I change the domain to all lowercase letters.

@singhh-msft

Our code doesn't produce the cookie. The user logs in AAD B2C by using the custom police. When the user accesses our site, it gets routed to b2clogin.com. Upon a successful login, b2clogin.com reroutes back to our site with a cookie without Secure attribute.

How to configure AAD B2C to return a cookie with Secure attribute? Are you suggesting to catch the response from AAD B2C and add the cookieOptions? What event handler in Authentication.OpenIdConnect can catch that? Do you have a sample code?

I followed this link you provided to modify my startup.cs.
https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/pull/261

The cookie from AAD B2C still doesn't have a secure flag set for cookie.

Here are the codes I have tried. Nothing adds the Secure attribute to the cookie from AAD B2C.

---

options.MinimumSameSitePolicy = SameSiteMode.None;
options.HandleSameSiteCookieCompatibility();
options.Secure = CookieSecurePolicy.Always;

---

options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
options.HandleSameSiteCookieCompatibility();
options.Secure = CookieSecurePolicy.Always;

---

options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
options.HandleSameSiteCookieCompatibility();

@DianaWanjuhi-1579
Are you saying that I'm unable to add the phone number when I create a user?

Based on the example code, I can create a user from the users.json file.

Is it possible to add a name and a value for the phone information in this json file?

@JamesHamil-MSFT

The example code in
https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/master/5-WebApp-AuthZ/5-2-Groups/appsettings.json

shows the following:

I'm not sure what b2c authority uri I need to use. I tried the following authority uris but none wotks.

with signupsigninpolicyid

use xxx.onmicrosoft.com domain

use xxx.b2clogin.com domain

@JamesHamil-MSFT

You example doesn't have any Microsoft Graph api support. I'm trying to get the group claims via Microsoft Graph. Your example exposes the app's own web api not the Microsoft Graph api.

I exposed the app's own web api as the following.

And added your suggested uri as the following

It got the same error.

@vipulsparsh-MSFT

My app doesn't have the token configuration between certificates & secrets option. This is blocking my project development right now.

Can you please let me know how to turn it on?

@vipulsparsh-MSFT
There is no Token configuration option in my test App.

@amanpreetsingh-msft

Does the new recommended password reset flow break the password reset policy when an app is using a custom policy for the password reset policy?

I'm getting an AADB2C90118 error code with the following policy setup in my appsettings.json file.

That's why I tested the user flow to see if I'm getting the same error.

The policy I'm based on is the LocalAccount from https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/LocalAccounts.

When I click the "Forgot your password?" link, I get the AADB2C90118 error code.

I'm not using the followings:

I'm using

Currently, it automatically fetches id token and creates cookies. I have tried to change the ResponseType to OpenIdConnectResponseType.CodeIdToken, but it keeps re-signing in.

Do you have an example using Microsoft.AspNetCore.Authentication.OpenIdConnect?

@vipulsparsh-MSFT
I don't know how to get the access and refresh tokens in my MVC app. Here are my questions.

1. I get the id token only via the custom policy and OpenIDConnect class. How can I get the code to return in the response? I cannot format the REST call because OpenIDConnect class is the one does the REST call.

2. Are you saying that I can only obtain the token via a REST call? Is there a method in OpenIDConnect class I can use to obtain the access and refresh token?

   
   
   

I'm using the custom policy in
https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/blob/master/LocalAccounts/TrustFrameworkBase.xml
Line 411 says <Protocol Name="OpenIdConnect" />

My target framework is .Net Core 2.1.
The following code gives me an id token in the form data when OnTokenValidated event is called.

services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
.AddAzureADB2C(o => Configuration.Bind("AzureADB2C", o));
services.Configure<OpenIdConnectOptions>(AzureADB2CDefaults.OpenIdScheme, options =>
{
var onTokenValidated = options.Events.OnTokenValidated;
options.Events.OnTokenValidated = context =>
{
AzureAdOpendIdHandler.OnTokenValidated(context);
return Task.CompletedTask;
};
});
Based on
https://docs.microsoft.com/en-us/azure/active-directory-b2c/openid-connect#get-a-token, what method in OpenIDConnect to obtain the access and refresh tokens?