How about a webinar/tutorial for built-in policies..where is that. Why not explain the thing logical from the beginning ? Microsoft documentation , lately, is total garbage...
@BLaBZStation4 ай бұрын
Yuck.
@mrsmith59558 ай бұрын
instead of talking about best practices, do it in your demos, and the obfuscation isn't helping.
@cloudway9089 ай бұрын
No use for this vedio, which is not shown anything clearly.
@mariotiscareno9 ай бұрын
First, you take the dinglepop, and you smooth it out with a bunch of schleem. The schleem is then repurposed for later batches. Then you take the dinglebop and push it through the grumbo, where the fleeb is rubbed against it. It's important that the fleeb is rubbed, because the fleeb has all of the fleeb juice. kzread.info/dash/bejne/l4F-zZayabGtpqg.htmlsi=uEJbR5tVO96Gn-pI
@surajdhimaan2685 Жыл бұрын
thanks a lot 😊😊😊, you saved me, great content
@nofatchicks6 Жыл бұрын
I highly recommend using the VS Code extension, as it helped me to resolve an issue that was complicated by caching
@michaelhall982 Жыл бұрын
Good video. My client Japanese Kubota Tractor company have been watching and learning from this. Thanks!
@michaelhall982 Жыл бұрын
Great video, thanks!
@JoshuaPritchard-bq6mo Жыл бұрын
When you select save and register this application, how would one go about changing the redirect URL's that are created automatically as redirect URL's to support gov cloud by ending in .us instead of .com? The URL's I refer to can be seen @1:03.
@allenchen85 Жыл бұрын
test often! like trial and error cause nothing make sense! :)
@teroniemi Жыл бұрын
Very nice tutorial, but when I tried to follow this I couldn't get past 20:45 since all the values there are empty and I can't click the Run now button. Any idea why this could happen?
@mrsmith59558 ай бұрын
Yep, I never got past 20:45 RIP.
@zaharkapustin1681 Жыл бұрын
I wish naming of b2c components wasn't so vague and intentionally ambitious and overlapping with oauth standards naming nevermind xml junk scavenging
@kunaldedhia5502 Жыл бұрын
How can we have query string data read in to claims?
@MohsenKarbassi2 жыл бұрын
Thank you. I was looking for application database architecture when using B2C. What will be the link of user related data in application database tables with B2C? Username? this can change..then you lose the connection Email address? this can also change... B2C UserId (subject claim)? If you do this then you are deviating from separation of concerns and you're coupling yourself to B2C, what if you change auth provider later... What do you recommend to store az link in your application database tables?
@eichti852 жыл бұрын
b2c already needs a ui based admin panel for custom policies on top. this is all stuff that should be under the hood. weird that MS released something prototype like this anyways
@get_ready2 жыл бұрын
Difficult as hell. Like, for my use case all I wanted is to read a query param and put it into a claim. Turned out it was not possible to do with inbuilt user flows and my only option is to go through this hell with custom policies and become a full time B2C employee. How hard can it be to just allow devs to specify where to read the value for claim from? It's insane honestly. The more I work with B2C the more I realize how it works against me.
@annihilarghgamings8276 Жыл бұрын
Create a claimtype with required datatype and then create a display claim with whatever input claim you want to use and save it as an extension attribute or some inbuilt attribute available
@onionhammer Жыл бұрын
B2C does seem to want to intentionally make custom policies as thorny to work with as possible, and user flows as neutered as possible.
@XplorewithMonto Жыл бұрын
I can help with custom claims injection into the token. Try using directory extensions or contact me.
@fvillanuevanet2 жыл бұрын
How to migration local account on-onpremises databases to Azure AD B2C?, today we have 3M active users.
@mediocre.climber Жыл бұрын
kzread.info/dash/bejne/dYOextiDZa2dXbA.html
@humusdragon2 жыл бұрын
Where can the slides be downloaded?
@stevenstone3072 жыл бұрын
AD B2C is amazing, I just wish customising flows wasn't the hardest thing I have ever seen
@simonmac42912 жыл бұрын
Likewise - I'm less worried about how hard it is now, rather how hard it's going to be to support going forward. This is a prime example of a skill that unless you are using it on a daily basis will go rusty really fast. This is the sort of stuff you get working, then don't touch for years. The problem is when future you does need to touch it you can be sure it's because a customer is screaming they can't log in and you are under massive pressure to resolve it but can't remember how this stuff all works. :) I wish they'd had implemented this via a defined a set of C# interface definitions that could use DI to hook in and run in isolated and sandboxed environment.
@MA-kt8ly2 жыл бұрын
I'm doing self-learning now and its horrible. Azure DevOps is heading in this direction as well.
@flymetothemoon51382 жыл бұрын
custom flows really is the single most painful thing I've had to do since I last had a root canal done
@growingisgood Жыл бұрын
For sure. It's really hard to configure. You'd think that basic things like being able to allow users to create unique display names would have been thought through :/
@Tellalca Жыл бұрын
@@simonmac4291 Completely agree. XML is so outdated and hard to work with in this case.
@Raziaar2 жыл бұрын
They removed the Azure AD B2C Section on the docs... I only see the new External Identities on there instead. Why is this? Can find it in another spot, but still...
@micheleagnello70582 жыл бұрын
These operations should be done from the portal with visual elements, not manually editing XML. Microsoft builds too complicated things. To add custom claims shoud be easy as click "new Technical profile" then edit or even add simply attributes then make them available by selecting a checkbox. Unfortunately they are not transmitted/visible in the token. Azure AD B2c doesn't even support groups. Why, Microsoft ? The tool is not mature for final users/programmers. I will tell my company to ABANDON this method and use other. We are wasting time.
@jasonargo90852 жыл бұрын
I'm coming to the same conclusion. I'm building a web app using Blazor Server and trying to stay as far away from Entity Framework as possible, so I saw B2C as a viable option at first since it still requires MVC but only a little. What alternative to B2C ended up working for you?
@alwaysjai2 жыл бұрын
How to make configure azure b2c authentication such that redeem takes them to registration page directly and sign in takes them login. What is happening now is both taming the user to sign in page and user have to do an extra click to sign up or registration. Sometimes it also confuses the user that they directly enter the login in the sign in form instead of registration. Any solution for this?
@annihilarghgamings8276 Жыл бұрын
Split the orchestration steps. Inbuilt is combined signup and sign in, modify and create two new policy separately for signup signin
@ruice12453 жыл бұрын
If I want validate user credential (username and pass) also, user already login check in my own identity server by azure IEF then what can I do?
@bangkokruby3 жыл бұрын
I have a strong feeling that better to avoid tunes at the tutorials.
@helshabini3 жыл бұрын
Thanks for the content. Quick question. In the final part, why did you have to enable the Implicit flow for the app registration? Shouldn’t an MVC app be capable of authenticating using the Auth Code flow instead which is way more secure?
@lucianablanchard46683 жыл бұрын
Is there a link for download of the sample code for this presentation? Thanks
@serpadystematic653 жыл бұрын
The only problem are the slides.. More visualisation and less text would be great. Still, great content and thanks!
@zaharkapustin1681 Жыл бұрын
The entire problem of ief
@PaulMeems3 жыл бұрын
Great video. I'm implementing it now and when I test my policy I am redirected to jwt.ms but nothing is filled in the top box. When I paste what seems to be the token from the url jwt.ms/?code=eyJraWQiOiJmVWxQb... in the box, the token can't be decoded. What am I missing?
@aleksg29252 жыл бұрын
I wonder this too!
@PaulMeems3 жыл бұрын
Great videos. How to get the profile picture from Facebook?
@Trending_India_World3 жыл бұрын
After uploading the policies, did a test run of the sign-up and sign-in user flow. Created the user successfully but when i tried to login with the same user, i keep getting error "The username or password provided in the request are invalid." However, I am able to login with the same user when i tried using the default (not custom) sign-up and sign-in user flow. Any suggestions, what could have gone wrong with the custom policy ?
@dot10thmanuser953 жыл бұрын
When I use B2C_1A_signup_signin URL to test and click on Forgot Password link it's giving error. But It's working when I am using "Run now endpoint " for B2C_1A_PasswordReset. Are we missing any point here to link Forgot password URL
@dot10thmanuser953 жыл бұрын
Hi Chad, Can you please check the forgot password link is not working. Giving error=access_denied&error_description=AADB2C90118%3a
@pankajmandania17853 жыл бұрын
Thank you! This presentation was easy to understand.
@Samko6353 жыл бұрын
Do I need to register my REST API on AD B2C as well? I'm confused to what I need to put for 'B2cRestClientId' and 'B2cRestClientSecret'. I'm running a REST API on Azure Container Instance and I can hit the endpoint with postman fine but AD B2C keeps throwing timeout error almost immediately after any login attempt.
@dilipmevada3 жыл бұрын
Thanks for the nice video. I have one question How can we implement authentication by using Azure AD B2C, with API instead of Microsoft provided Login screen (UI)?
@mouradaissani89573 жыл бұрын
great content
@mouradaissani89573 жыл бұрын
Thank you about the great content
@mouradaissani89573 жыл бұрын
Thank you about the great content
@mouradaissani89573 жыл бұрын
Thank you about the great content
@mouradaissani89573 жыл бұрын
Thank you alot
@vinodnowbade3 жыл бұрын
Useful information for beginners, Thank you!!
@vijaysahuhrd3 жыл бұрын
Can we stop the registration if there is there is no Loyality number mapped with the email address or any custom property like (UniqueNumberId)
@annihilarghgamings8276 Жыл бұрын
Possible i guess, check for that claim existance or claim null in the orchestration step
@cokec36673 жыл бұрын
Thank You. We are working on B2C project 1. Using built in user flow can we do welcome mail and first time force password reset 2. What is default expiration time if accounts is idle 3. Can we do bulk one time upload users?? 4. Any way we may go with mobile otp instead of mail using in user flow 5. How mulesoft can sync data with B2C . Any easiest way Would be great if get response
@brownmark85653 жыл бұрын
0:35 awesome-teens24.online
@sahilroyal89394 жыл бұрын
Superb! But too difficult. Learn something from Ping Federate. How easy they have done and that too more configurable than B2C. This is too complex to handle.
@MarioMeyrelles3 жыл бұрын
Extremely agree on this. The only advantage is to have this as files that can be versioned and potentially can be used in CI/CD processes
Пікірлер
How about a webinar/tutorial for built-in policies..where is that. Why not explain the thing logical from the beginning ? Microsoft documentation , lately, is total garbage...
Yuck.
instead of talking about best practices, do it in your demos, and the obfuscation isn't helping.
No use for this vedio, which is not shown anything clearly.
First, you take the dinglepop, and you smooth it out with a bunch of schleem. The schleem is then repurposed for later batches. Then you take the dinglebop and push it through the grumbo, where the fleeb is rubbed against it. It's important that the fleeb is rubbed, because the fleeb has all of the fleeb juice. kzread.info/dash/bejne/l4F-zZayabGtpqg.htmlsi=uEJbR5tVO96Gn-pI
thanks a lot 😊😊😊, you saved me, great content
I highly recommend using the VS Code extension, as it helped me to resolve an issue that was complicated by caching
Good video. My client Japanese Kubota Tractor company have been watching and learning from this. Thanks!
Great video, thanks!
When you select save and register this application, how would one go about changing the redirect URL's that are created automatically as redirect URL's to support gov cloud by ending in .us instead of .com? The URL's I refer to can be seen @1:03.
test often! like trial and error cause nothing make sense! :)
Very nice tutorial, but when I tried to follow this I couldn't get past 20:45 since all the values there are empty and I can't click the Run now button. Any idea why this could happen?
Yep, I never got past 20:45 RIP.
I wish naming of b2c components wasn't so vague and intentionally ambitious and overlapping with oauth standards naming nevermind xml junk scavenging
How can we have query string data read in to claims?
Thank you. I was looking for application database architecture when using B2C. What will be the link of user related data in application database tables with B2C? Username? this can change..then you lose the connection Email address? this can also change... B2C UserId (subject claim)? If you do this then you are deviating from separation of concerns and you're coupling yourself to B2C, what if you change auth provider later... What do you recommend to store az link in your application database tables?
b2c already needs a ui based admin panel for custom policies on top. this is all stuff that should be under the hood. weird that MS released something prototype like this anyways
Difficult as hell. Like, for my use case all I wanted is to read a query param and put it into a claim. Turned out it was not possible to do with inbuilt user flows and my only option is to go through this hell with custom policies and become a full time B2C employee. How hard can it be to just allow devs to specify where to read the value for claim from? It's insane honestly. The more I work with B2C the more I realize how it works against me.
Create a claimtype with required datatype and then create a display claim with whatever input claim you want to use and save it as an extension attribute or some inbuilt attribute available
B2C does seem to want to intentionally make custom policies as thorny to work with as possible, and user flows as neutered as possible.
I can help with custom claims injection into the token. Try using directory extensions or contact me.
How to migration local account on-onpremises databases to Azure AD B2C?, today we have 3M active users.
kzread.info/dash/bejne/dYOextiDZa2dXbA.html
Where can the slides be downloaded?
AD B2C is amazing, I just wish customising flows wasn't the hardest thing I have ever seen
Likewise - I'm less worried about how hard it is now, rather how hard it's going to be to support going forward. This is a prime example of a skill that unless you are using it on a daily basis will go rusty really fast. This is the sort of stuff you get working, then don't touch for years. The problem is when future you does need to touch it you can be sure it's because a customer is screaming they can't log in and you are under massive pressure to resolve it but can't remember how this stuff all works. :) I wish they'd had implemented this via a defined a set of C# interface definitions that could use DI to hook in and run in isolated and sandboxed environment.
I'm doing self-learning now and its horrible. Azure DevOps is heading in this direction as well.
custom flows really is the single most painful thing I've had to do since I last had a root canal done
For sure. It's really hard to configure. You'd think that basic things like being able to allow users to create unique display names would have been thought through :/
@@simonmac4291 Completely agree. XML is so outdated and hard to work with in this case.
They removed the Azure AD B2C Section on the docs... I only see the new External Identities on there instead. Why is this? Can find it in another spot, but still...
These operations should be done from the portal with visual elements, not manually editing XML. Microsoft builds too complicated things. To add custom claims shoud be easy as click "new Technical profile" then edit or even add simply attributes then make them available by selecting a checkbox. Unfortunately they are not transmitted/visible in the token. Azure AD B2c doesn't even support groups. Why, Microsoft ? The tool is not mature for final users/programmers. I will tell my company to ABANDON this method and use other. We are wasting time.
I'm coming to the same conclusion. I'm building a web app using Blazor Server and trying to stay as far away from Entity Framework as possible, so I saw B2C as a viable option at first since it still requires MVC but only a little. What alternative to B2C ended up working for you?
How to make configure azure b2c authentication such that redeem takes them to registration page directly and sign in takes them login. What is happening now is both taming the user to sign in page and user have to do an extra click to sign up or registration. Sometimes it also confuses the user that they directly enter the login in the sign in form instead of registration. Any solution for this?
Split the orchestration steps. Inbuilt is combined signup and sign in, modify and create two new policy separately for signup signin
If I want validate user credential (username and pass) also, user already login check in my own identity server by azure IEF then what can I do?
I have a strong feeling that better to avoid tunes at the tutorials.
Thanks for the content. Quick question. In the final part, why did you have to enable the Implicit flow for the app registration? Shouldn’t an MVC app be capable of authenticating using the Auth Code flow instead which is way more secure?
Is there a link for download of the sample code for this presentation? Thanks
The only problem are the slides.. More visualisation and less text would be great. Still, great content and thanks!
The entire problem of ief
Great video. I'm implementing it now and when I test my policy I am redirected to jwt.ms but nothing is filled in the top box. When I paste what seems to be the token from the url jwt.ms/?code=eyJraWQiOiJmVWxQb... in the box, the token can't be decoded. What am I missing?
I wonder this too!
Great videos. How to get the profile picture from Facebook?
After uploading the policies, did a test run of the sign-up and sign-in user flow. Created the user successfully but when i tried to login with the same user, i keep getting error "The username or password provided in the request are invalid." However, I am able to login with the same user when i tried using the default (not custom) sign-up and sign-in user flow. Any suggestions, what could have gone wrong with the custom policy ?
When I use B2C_1A_signup_signin URL to test and click on Forgot Password link it's giving error. But It's working when I am using "Run now endpoint " for B2C_1A_PasswordReset. Are we missing any point here to link Forgot password URL
Hi Chad, Can you please check the forgot password link is not working. Giving error=access_denied&error_description=AADB2C90118%3a
Thank you! This presentation was easy to understand.
Do I need to register my REST API on AD B2C as well? I'm confused to what I need to put for 'B2cRestClientId' and 'B2cRestClientSecret'. I'm running a REST API on Azure Container Instance and I can hit the endpoint with postman fine but AD B2C keeps throwing timeout error almost immediately after any login attempt.
Thanks for the nice video. I have one question How can we implement authentication by using Azure AD B2C, with API instead of Microsoft provided Login screen (UI)?
great content
Thank you about the great content
Thank you about the great content
Thank you about the great content
Thank you alot
Useful information for beginners, Thank you!!
Can we stop the registration if there is there is no Loyality number mapped with the email address or any custom property like (UniqueNumberId)
Possible i guess, check for that claim existance or claim null in the orchestration step
Thank You. We are working on B2C project 1. Using built in user flow can we do welcome mail and first time force password reset 2. What is default expiration time if accounts is idle 3. Can we do bulk one time upload users?? 4. Any way we may go with mobile otp instead of mail using in user flow 5. How mulesoft can sync data with B2C . Any easiest way Would be great if get response
0:35 awesome-teens24.online
Superb! But too difficult. Learn something from Ping Federate. How easy they have done and that too more configurable than B2C. This is too complex to handle.
Extremely agree on this. The only advantage is to have this as files that can be versioned and potentially can be used in CI/CD processes
Waiting for Part 2