Users are registered using Active Directory B2C workflows so they appear as Members
What I am trying to do is to change users passwords like explained here
So my code looks like following:
var options = new TokenCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};
var userNamePasswordCredential = new UsernamePasswordCredential(
email, currentPassword, "my tenant id", "my client id", options);
var authentication = await userNamePasswordCredential.AuthenticateAsync();
var scopes = new[] { "User.Read" };
var graphClient = new GraphServiceClient(userNamePasswordCredential, scopes);
var user = await graphClient.Me
.Request()
.GetAsync();
await graphClient.Me
.ChangePassword(currentPassword, newPassword)
.Request()
.PostAsync();
I have tried multiple things but I always get the same exception:
The exception is the following:
MsalClientException: Unsupported User Type 'Unknown'. Please see https://aka.ms/msal-net-up.
AuthenticationFailedException: UsernamePasswordCredential authentication failed: Unsupported User Type 'Unknown'. Please see https://aka.ms/msal-net-up.
So my question is, is it possible to auto change the password for users registered in ADB2C?
If so, what is causing the exception?
I know I can change password of users updating PasswordProfile as admin but I want to somehow verify they know their current password.
CodePudding user response:
You cannot use an Azure AD B2C account to authenticate to Microsoft Graph API.
You must create a normal Azure AD Account from the AAD Users blade in the Azure Portal for this operation. Which means, this will not work for B2C users at all.
For Change Password flows, create a self service change-password flow that users can go through themselves.
Or, you must create an API endpoint which the B2C protected application can call. And the API must use client_credentials flow to call Graph API and perform the Update User operation on the password profile.