I have a link on my website that takes a user to the Azure AD edit profile page. I have customized that page by adding 2 links at the bottom. One is for the user to change their password and the other is to update a phone number. These are 3 different policies within Azure AD. When I initially link to the page from my site I am sending a clientID and a redirect_uri in the query string. Unfortunately this is getting converted to a csrf_token and those query string parameters are gone so I don't have access to them to include them in the change password and change phone number links. When the user clicks on the links obviously they fail. How do I link someone from one custom policy page to another page in Azure Active Directory? My custom page uses javascript, css, and html. No server side code other than what Microsoft injects.
You should have a link back to your application, and your application should understand that this route starts a new authentication journey with the appropriate authentication library with the desired policyId for this URL path. Do not link B2C journeys directly from within your custom HTML, you go via your application.
Related
I use standard user flows and custom pages for Forgotten Password and Sign-Up. On these pages, I need to add a link to the Sign-In page. How to add the tag itself is described here.
At the moment, I do not understand how to generate the link itself correctly.
Out from the box on the Sign-In page, links for Forgotten Password and Sign-Up are generated using the getRedirectLink function, but I can’t generate a link for Sign-in using it.
As an alternative, it is suggested here to use history.back(), but unfortunately this is not covered all cases.
The getRedirectLink cannot be used to generate a link to the Sign-in user flow. You can it as a hard link though.
If we hard code the link (sign-in flow link) that won't work properly. A workaround is, place a link that points to your application itself.
Eg: Say "https://something.com", is your application URL and it is a page requires authentication. When you place link to this URL, MSAL will redirect automatically to sign in page.
I am working on a project using power pages, one of the client's requirements is that the home page perform the role of login page. So far so good, but it also requests that the only users that can enter the site are only users that belong to your organization, with this I thought of using azure ad. Power pages already comes with a button to be able to login with azure active directory. I need that from my form sending the email and password to carry out the same process as with the button.
We have a web application that uses Azure ADB2C to authenticate users. Therefore we currently use a custom landing page with a login button that redirects the user to Azure ADB2C login page. We use company branding for logo and background on login page.
The landing page is branded for each of our customers and can be reached through different Urls:
https://www.mypage.com/login/customer1 -> show background image and logo of customer 1
https://www.mypage.com/login/customer2 -> show background image and logo of customer 2
My question is if there is any way to directly open Azure ADB2C login page and display background image and logo of the customer passed in Url. In other words changing company branding at runtime or something like this.
Azure AD B2C supports dynamic page customization based on query parameters that are sent to the login url.
You can see how to configure dynamic page customisation here.
And in your application, you can pass custom query parameters in the login url, see here for .Net Core, see here for SPA apps.
I have a situation where I need to redirect to a different url if the Azure account selection page doesn't list any account to be selected. I know after user select an account to login the callback gives some details of the user. But I want to know beforehand the user logs in i.e in the account selection page itself. Is there any way I can know there is no account is available to be selected in ADAL js methods?
My company has just obtained Kentico for some new applications. These applications will be going into production in about 2 weeks, so we are still fairly new with this. What we have are three ASP.NET MVC applications/sites that format and present content that is stored in Kentico. Additionally, we have specific users who will log into the Kentico9/Admin site to manage the content displayed by the MVC apps.
From a corporate standpoint, we also have Siteminder SSO enabled. When a user navigates to our Kentico9/Admin site, they are first authenticated by our corporate Siteminder SSO form using their corporate user id. When they are successfully authenticated, Siteminder redirects the user to the Kentico9/Admin site they originally requested and the user is presented with the standard Kentico login form. If the user has already logged in through Siteminder during another session, they only get presented with the Kentico login form. Otherwise, if this is their first time logging in, the user is required to login twice (once through Siteminder and again through Kentico).
What I want to do is bypass the standard Kentico login form and use the Siteminder information to Authorize the user to log them into the Kentico admin site. Siteminder adds the username and some other information to the HTTP request headers. Using C#, I can retrieve their corporate user id using the following: System.Web.HttpContext.Current.Request.Headers.Get("SM_USERID").
So, in a nutshell, I want to override Kentico's standard login form and write some code that will get the user id from the HTTP request header and authorize the user by looking up their userid in Kentico. If the user id is not found or is not active, present the user with the standard Kentico login form. Otherwise, if the user is a valid and active user, pull their user record and allow them to access Kentico.
I have found some tidbits of information and given enough time, I may be able to figure something out, but I am hoping someone has done something similar and can speed up my process. Any ideas on what I can do? I will also entertain anything that might have tighter integration with Siteminder, although it doesn't seem Kentico can handle Siteminder out of the box, but I am not sure about that.
Sounds like you might be able to create a custom webpart which you will place on a page and simply have Siteminder redirect the user to the page with that webpart on it and look for those header values on page load. If it finds them, perform your actions within Kentico to look that user up and authenticate them in Kentico as needed. If there are no header values or it can't find the Kentico info, simply send them to the regular login page.
You could also create a global event handler but that would require someone to click a button or such on your site after they have entered credentials.