I'm trying to add users in an Azure AD B2C using the Microsoft Graph API. My code works just fine when I add a User, but I tried to add it a second time with the same info given to the API (mail, names, etc...) and expected an error like
User already exists
or something similar.
My API call is done like this :
var result = await graphClient.Users.Request().AddAsync(new User()
{
AccountEnabled = true,
Mail = "example#example.onmicrosoft.com",
MailNickname = "example",
UserPrincipalName = "example#example.onmicrosoft.com",
Surname = "TEST",
DisplayName = "test",
GivenName = "TEST test",
PasswordProfile = new PasswordProfile
{
ForceChangePasswordNextSignIn = true,
Password = "tmpPwd"
}
});
Keeping in mind that my first call correctly add the user to the AD, why the API would return me this message :
Microsoft.Graph.ServiceException : 'Code: Request_BadRequest
Message: One or more properties contains invalid values.
Thank you in advance.
According to the document Create the user using the below property without mail .so that when a user has already existed then you will get the error as below
Code: Request_BadRequest
Message: Another object with the same value for property userPrincipalName already exists.
code:
var result = await graphClient.Users.Request().AddAsync(new User()
{
AccountEnabled = true,
MailNickname = "example",
UserPrincipalName = "example665#XX.live",
Surname = "TEST",
DisplayName = "test",
GivenName = "TEST test",
PasswordProfile = new PasswordProfile
{
ForceChangePasswordNextSignIn = true,
Password = "password#1234"
}
});
Console.WriteLine(JsonConvert.SerializeObject(result));
}
Using additional property may change the error context as you are receiving currently
Related
I'm trying to implement the SMS authentication with the aid of the DocuSign-SDK library.
var signer = new Signer {...};
signer.RequireIdLookup = "true";
signer.IdCheckConfigurationName = "SMS Auth $";
signer.SmsAuthentication = new RecipientSMSAuthentication {
SenderProvidedNumbers = new List<string> {
"0171*******"
}
};
When I try to send this envelope to the DocuSign API it will reply with the following error message:
Error calling CreateEnvelope:
{"errorCode":"INVALIDAUTHENTICATIONSETUP","message":"Recipient phone
number is invalid. Phone number for SMS Authentication: provided is
invalid. }
INVALIDAUTHENTICATIONSETUP: Authentication is not setup correctly for the recipient.
Is there something I have to enable on the DocuSign Admin page? I couldn't find any feature or something like that I need to enable.
Did I implement it the wrong way? Maybe someone can give me some suggestions.
Thanks
BTW: The given phone number should be valid.
EDIT:
When I'm using the new method as #Inbar wrote, I can't get the needed workflowId from the AccountsApi.
var client = new ApiClient(ApiClient.Demo_REST_BasePath);
var token = "eyJ1...";
client.Configuration.DefaultHeader.Add("Authorization", "Bearer " + token);
var accountsApi = new AccountsApi(client);
var response = accountsApi.GetAccountIdentityVerification(accountId);
var result = response.IdentityVerification; // Is empty. Why?
It seems that I have no IdentityVerification options which I can use for the authentication.
How can I enable such IdentityVerification options?
Or what else do I need to pay attention to?
Your code is using the older method, the new method code is provided in GitHub, I'll post it here too. You can find the article on Dev Center.
string workflowId = phoneAuthWorkflow.WorkflowId;
EnvelopeDefinition env = new EnvelopeDefinition()
{
EnvelopeIdStamping = "true",
EmailSubject = "Please Sign",
EmailBlurb = "Sample text for email body",
Status = "Sent"
};
byte[] buffer = System.IO.File.ReadAllBytes(docPdf);
// Add a document
Document doc1 = new Document()
{
DocumentId = "1",
FileExtension = "pdf",
Name = "Lorem",
DocumentBase64 = Convert.ToBase64String(buffer)
};
// Create your signature tab
env.Documents = new List<Document> { doc1 };
SignHere signHere1 = new SignHere
{
AnchorString = "/sn1/",
AnchorUnits = "pixels",
AnchorXOffset = "10",
AnchorYOffset = "20"
};
// Tabs are set per recipient/signer
Tabs signer1Tabs = new Tabs
{
SignHereTabs = new List<SignHere> { signHere1 }
};
string workflowId = workflowId;
RecipientIdentityVerification workflow = new RecipientIdentityVerification()
{
WorkflowId = workflowId,
InputOptions = new List<RecipientIdentityInputOption> {
new RecipientIdentityInputOption
{
Name = "phone_number_list",
ValueType = "PhoneNumberList",
PhoneNumberList = new List<RecipientIdentityPhoneNumber>
{
new RecipientIdentityPhoneNumber
{
Number = phoneNumber,
CountryCode = countryAreaCode,
}
}
}
}
};
Signer signer1 = new Signer()
{
Name = signerName,
Email = signerEmail,
RoutingOrder = "1",
Status = "Created",
DeliveryMethod = "Email",
RecipientId = "1", //represents your {RECIPIENT_ID},
Tabs = signer1Tabs,
IdentityVerification = workflow,
};
Recipients recipients = new Recipients();
recipients.Signers = new List<Signer> { signer1 };
env.Recipients = recipients;
I've created a new developer account on DocuSign and created a small test app in order to request identity verification options. Fortunately, that was working now and I got all available options but I do not understand why this is not working for my other developer account ("old").
When I compare both accounts I don't see the "Identity Verification" setting in the "old" account.
It is possible to activate this "Identity Verification" setting for my "old" dev account?
I guess that enabling this feature would solve the problem.
EDIT:
Ok, I've solved the problem.
I figured out that no IDV was configured for my developer account. In that case, the identity_verification call will return an empty array.
see: https://developers.docusign.com/docs/esign-rest-api/how-to/id-verification/
Also, I have read the following note in the DocuSign documentation:
Note: Phone authentication may not be enabled for some older developer
accounts. If you cannot choose to use phone authentication for your
account, contact support to request access. see:
https://developers.docusign.com/docs/esign-rest-api/esign101/concepts/recipients/auth/#id-verification-idv
So I contacted DocuSign support and they give me access to the IDV accordingly.
Now it is working fine.
After successfully Authenticated using MSAL. I get the token and passed it on the Flurl. I'm getting 500 error. But if I test it on Postman it works properly. Anything I missed?
Below is my code:
var user = new User
{
AccountEnabled = true,
DisplayName = "Anthony Test",
MailNickname = "AnthonyT",
UserPrincipalName = "AnthonyT#*****.onmicrosoft.com",
PasswordProfile = new PasswordProfile
{
ForceChangePasswordNextSignIn = true,
Password = "xWwvJ]6NMw+bWH-d"
}
};
var result2 = await "https://graph.microsoft.com/v1.0/users".WithHeader("Content-Type", "application/json")
.WithOAuthBearerToken(result.AccessToken)
.PostJsonAsync(user);
Here is a screenshot from Postman:
I have fixed the issue. I forgot to set JsonProperty and make it camelCase.
We're trying to create a user in Azure AD B2C (cloud tenant, not local) via the C# library. I cannot log in with the new user; it's saying the password has expired. From the AD B2C Sign-in log:
However, I'm creating them with password expiration disabled like so:
PasswordProfile passwordProfile = GetPasswordProfile(password);
var newB2cUser = new User
{
Id = id,
MailNickname = id,
UserPrincipalName = $"{id}#{tenant}",
GivenName = claims.FirstName,
Surname = claims.LastName,
DisplayName = displayName,
AccountEnabled = true,
PasswordProfile = passwordProfile,
PasswordPolicies = "DisablePasswordExpiration,DisableStrongPassword",
Identities = new List<ObjectIdentity>
{
new ObjectIdentity
{
SignInType = "emailAddress",
IssuerAssignedId = claims.Email,
Issuer = tenant
}
}
};
User createdB2cUser = await this.GraphServiceClient.Users.Request().AddAsync(newB2cUser);
...and with the password profile created like this:
private static PasswordProfile GetPasswordProfile(string password)
{
var passwordProfile = new PasswordProfile
{
Password = password,
ForceChangePasswordNextSignIn = false,
ForceChangePasswordNextSignInWithMfa = false
};
return passwordProfile;
}
We've used code like the above to create users all the time that need to reset their password on login. Now we need to create a user with a preset password that won't immediately expire (e.g., seeding a test environment). I added what I thought were the correct password policies and password profile above. What's going on?
I can see nothing wrong with the code sample you provided. But did you try achieving the same goal using Graph API directly? Just to understand what is going on and where the fault may be. You can use GraphExplorer: https://developer.microsoft.com/en-us/graph/graph-explorer
Invoke a POST request to the https://graph.microsoft.com/v1.0/users endpoint with the similar JSON to see whether you face the same issue.
{
"id": "fcaba916-17b0-4d88-84ea-03371d55067a",
"mailNickname": "MelissaD",
"userPrincipalName": "MelissaD#contoso.onmicrosoft.com",
"givenName": "Melissa",
"surname": "Darrow",
"displayName": "Melissa Darrow",
"accountEnabled": true,
"passwordPolicies": "DisablePasswordExpiration,DisableStrongPassword",
"passwordProfile": {
"password": "da413e48-180d-1945-6025-d7e5947711ed",
"forceChangePasswordNextSignIn": false,
"forceChangePasswordNextSignInWithMfa": false
},
"identities": [
{
"signInType": "emailAddress",
"issuer": "yourissuer",
"issuerAssignedId": "email"
}
]
}
Try to simulate the request body exactly as Graph Client does to know what is going on behind the scenes.
I have a Azure Active Directory B2C tenant. I also have a small service that creates new users in the B2C tenant from a different system. This way I can synchornize both systems. When a user has been added to B2C and logs in the first time, I want the user to be forced to change the password. But whatever I do, the user can just log in and continue, without changing the password..
To add a user to B2C, I use the Microsoft Graph 1.14 package. I push the user information as JSON to the endpoint https://graph.windows.net/{tenantId}/users?api-version=1.6
The log in page is an Azure custom page in the user flow policies. There is also a change password policy, if needed.
This I tried:
When adding the user, I set the password profile. Adding the property "ForceChangePasswordNextLogin" and setting it to true, does not work.
Someone suggested to add the "ForceChangePasswordNextSignIn" property, but B2C doesn't know this property.
Tried to fix it in the policy; didn't work.
Used Google and StackOverflow; not much luck.
This is the user I post to Microsoft Graph:
var user = new GraphUserModel
{
City = "Amsterdam",
CustomField= "999999",
Department = "TestPassword",
DisplayName = "TestPassword",
OtherMails = new[] { "myemail#something.nl" },
PostalCode = "1234 AB",
StreetAddress = "Hoofdweg 6",
Surname = "TestPassword",
TelephoneNumber = "0123456789",
ChainCode = null,
MailNickname = "999999",
UserPrincipalName = "999999#{tenantNameHere}",
SignInNames = new List<SignInNames>
{
new SignInNames
{
Type = "userName",
Value = "999999"
}
},
AccountEnabled = true,
CreationType = "LocalAccount",
PasswordProfile = new PasswordProfile
{
Password = "SomeRandomPassword"
},
PasswordPolicies = "DisablePasswordExpiration"
};
The users are created correctly, but when they log in for the first time, I would like to see a page where they are forced to change the password.
With Sign-up/Sign-in policy I had to implement that manually by flagging users in DB if they have changed the password and then redirecting to password change if they have not changed the password.
I was also not able to find 'out of the box' solution. I found that forceChangePasswordNextLogin works only with Sign-in policy.
I am trying to create a user using claim identity asp.net
I get this error while creating claims identity user.
ApplicationUser user = new ApplicationUser {
EmailConfirmed = true,
UserName = model.myUser.Email,
Email = model.myUser.Email ,
PhoneNumber = model.myUser.PhoneNumber,
PhoneNumberConfirmed = true,
UserImagePath = model.myUser.UserImagePath,
FirstName= model.myUser.FirstName,
LastName = model.myUser.LastName,
DateOfBirth = model.myUser.DateOfBirth,
Culture = model.myUser.Culture,
Role = model.myUser.Role
};
but when the code was
var user= new ApplicationUser {
UserName = model.myUser.Email,
Email = model.myUser.Email ,
};
it worked perfectly, so i want to know what is wrong
You have a statement (if or while, for example), right before the code you posted, without curly braces.
For example:
if (somethingIsTrue)
{
var user= new ApplicationUser {
UserName = model.myUser.Email,
Email = model.myUser.Email ,
};
}
is correct, but the code below:
if (somethingIsTrue)
var user = new ApplicationUser {
UserName = model.myUser.Email,
Email = model.myUser.Email ,
};
will result in CS1023: Embedded statement cannot be a declaration or labeled statement.
UPDATE
The reason, according to #codefrenzy, is that the newly declared variable will immediately go out of scope, unless it is enclosed in a block statement, where it can be accessed from.
The compilation will pass in the following cases though.
If you only initialize a new instance of a type, without declaring a new variable:
if (somethingIsTrue)
new ApplicationUser {
UserName = model.myUser.Email,
Email = model.myUser.Email ,
};
or if you assign a value to an existing variable:
ApplicationUser user;
if (somethingIsTrue)
user = new ApplicationUser {
UserName = model.myUser.Email,
Email = model.myUser.Email ,
};
I just had this error, and the fix was to add a curly brace to the if immediately preceding my code, and then remove it again. Visual Studio facepalm OTD.