This is a use case that I am regularly asked about. The first thing to realise is that because the user is anonymous, they have no identity e.g. no first name, login, password, objectId etc. so you can’t do reads and writes into B2C. You could e.g. have a website…

I got this weird error when trying to upload a custom policy. The error was: “Validation failed: 1 validation error(s) found in policy “B2C_1A_Policy” of tenant “yourtenant.onmicrosoft.com”. The provided supported cultures list has a duplicate, please remove any duplicate entries”. I’d never seen this error before and googling found nothing…

This is a question that I have been asked a few times and there are no samples that I can refer people to. The idea is that when someone signs up, they are not automatically added to B2C but rather have to wait until someone e.g. …

I had an issue recently where I got an error linking users because that identity was already linked to someone else. But who was it linked to? So I looked around for a way to dump all the users and came across this code sample mentioned here to display the…

I was playing around with the code sample mentioned here to display the attributes of some B2C users. “This .NET Core console application demonstrates the use of the Microsoft Graph API to perform user account management operations (create, read, update, delete) within an Azure AD B2C directory. Also shown is…

I thought I would write this up as it may help someone else. The symptom is that B2C hangs during a user journey with a custom policy and the only debug message in Application Insight is: “Web.TPEngine.StateMachineHandlers.SendErrorResponseToXmlHttpRequestClient” The debug log shows: { ""Kind"": ""Transition""…

This is a question that comes up a lot on stackoverflow. “Can I search for attribute x that’s in Azure B2C using custom policies”? The answer is “No”. To do this, you have to use the Graph API. The reason is that the searches that you see in B2C e.g. …

This post was inspired by this stackoverflow question. It refers to this sample policy. I have posted around linking here and here so I thought it was worth exploring the subject further. Normally, when you federate with AAD, B2C creates a “shadow” local account. The identity structure looks like this: …

This was inspired by a stackoverflow question. It refers to a B2C sample custom policy. Looking at it, I felt like Alice in Wonderland: “Curiouser and curiouser!’ cried Alice”. This is an old sample. It still uses “socialIdpUserId”. <! — The claim socialIdpUserId has been renamed to issuerUserId → I…