Jii
Need Help with Rate Limiting in Azure Function App (C#, Version 4, In-Process)
Hello everyone! Is anyone here experienced with Azure Function Apps, particularly C# developers? I have a question about applying rate limiting for the same request. Specifically, I need to limit the number of OTP generation attempts for a single email address within a specific time frame. The email address is passed in the request body. Just a note, the Azure Function App is running on version 4 with In-Process (not isolated). Any guidance would be appreciated.
4 replies
Issue with Azure AD B2C Custom Domains: Unexpected Redirect Behavior and Domain Dependency
Hey everyone, I'm hopeful that there are experienced individuals with Azure AD B2C expertise who can assist me here.
I have an Azure AD B2C app with the primary custom domain set as appb2c.b2clogin.com/appb2c.onmicrosoft.com. Additionally, I've added two more custom domains that are linked to my Azure DNS: abc.accounts.platform.com and def.accounts.platform.com.
Assuming that my DNS and frontdoor configuration are perfectly set up according to the documentation provided by Microsoft, I encountered an unexpected issue when testing these custom domains with jwt.ms. Specifically, when attempting to log in with the def.accounts domain using any user credentials (let's say user1), it redirects me back to the login page instead of redirecting me to jwt.ms. However, when I log in with user1 through the abc.accounts domain, it functions normally and returns the token through jwt.ms. Interestingly, if I attempt to log in again with the def.accounts domain, it then behaves as expected, returning the token through jwt.ms as it does with the abc.accounts domain.
In conclusion, it seems that for each initial login attempt, new users must log in through the abc.accounts domain before being able to successfully log in with other domains.
I'm curious as to why this is occurring. Any insights?
1 replies
❔ Question about Azure AD B2C and Front-End Authentication via API
Hey everyone! I've got a question about Azure AD B2C. After someone signs up using the "RegisterPortalUser" api function as non auth user, how do we make sure they're auto logged in on the website through an API? We are using Azure AD B2C for this, but we're not sure how to get it done. Any ideas?
6 replies
❔ Azure AD B2C Sign-In and Password Reset URL Parameters
Hey there, hope you all have an awesome day ahead.
I got this azure ad b2c custom sign-in policy called "signin_policy." It uses a custom web html where you can do cool things with JavaScript. On this page, there are some buttons at the footer section. These buttons basically just take you to different web pages. For example, there's a "Help" button, and when you click it, you end up on "http://portal.platform.com/help."
Now, here's the interesting part: I also use a self-service password reset for when you forget your password. It's basically a part of the same sign-in policy, so it shares the same web html as the sign-in. But here's the twist – when you're on the "forgot password" page and click the "Help" button, it takes you to a different place, "http://tenantname.b2clogin.com/help."
To sum it up, you've got two URLs to remember:
1) Sign-in URL: "https://tenantname.b2clogin.com/tenantName.onmicrosoft.com/signin_policy/oauth2/v2.0/authorize&redirect_uri=https%3A%2F%2Fportal.platform.com%2F"
2) Forgot password URL: "https://tenantname.b2clogin.com/tenantName.onmicrosoft.com/signin_policy/api/CombinedSigninAndSignup/unified?claimsexchange=ForgotPasswordExchange&csrf_token=dEdqcjVQRmoyWkZ==&tx=StateProperties=eyJUSUQiOiIxODEwM2E4My0zNjIifQ&p=signin_policy"
So, I noticed something about those two URLs. The main difference is a special thing called a "parameter." The Sign-in URL has one called "redirect_uri," which helps the "Help" button find the right page to go to. But guess what? That parameter isn't on the Forgot Password URL.
Now, I'm thinking, how do I deal with this? Can I add that missing parameter to the self-service password reset in Azure AD B2C? If I can, how do I do it?
2 replies
❔ Azure AD B2C user - password reset
Hello, I need some help with Azure AD B2C user flows and custom policies. In my current project, I have to change how the password reset process works. I want to customize this process by using own REST API endpoint that checks and verifies the email address. Has anyone done something like this before? If you have, could you please share your thoughts here? I'm looking to talk about how to get started because I'm new to Azure AD B2C and don't know where to begin. Thank you!
17 replies
❔ How can I test a custom IValueResolver in AutoMapper 12?
With the latest release of AutoMapper,the public constructor in the ResolutionContext class has been removed. As a result, my previous approach of creating an instance for testing a custom value resolver is no longer viable. Now, I'm facing a challenge in testing my value resolver that relies on a resolution context. How can I effectively test my value resolver under the new circumstances?
2 replies