Can't log in or create account or reset password

[jmagaram]

I've followed these instructions very carefully and for the second time now can't get it working with a "default" email identity user flow (vs Microsoft, Facebook, etc.). I assume I'm using a recent version of .net 5, VS Preview, etc.

(1) In a previous attempt, I had a user flow with a complex password requirement. No passwords I tried EVER satisfied the form. I kept getting errors about the password requirement not being met. So in my most recent attempt I changed to a simple password requirement and stopped getting those "bad password" errors.

(2) When I click Log In and then Sign up now, I can fill in the email address and password. The Send verification works. But after I fill it all in, the Create button at the bottom is disabled. There is no way to get that button enabled so I can click it. I've tried different email addresses and passwords.

(3) Since creating accounts did not work I created a new user account inside the Azure portal of the B2C with an email like bob@mydomain.onmicrosoft.com with a password I supplied. When I tried to log in I got a "Password expired" message. There is no way to reset it. I've tried creating a user flow for resetting passwords but it isn't having any effect (or can't figure out how to connect it).

(4) The documentation says "The Microsoft Authentication Library (Microsoft.Authentication.WebAssembly.Msal, NuGet package) doesn't support AAD B2C user flows by default. Create custom user flows in developer code." Does this mean that NO user flows are supported or just some weird kind of custom ones? If no user flows are supported then why did you tell me to create one?

(5) The documentation says "In Authentication > Platform configurations > Single-page application (SPA)..." I've tried this a few times and what actually happens is "Web" is the default platform configuration already created and you have to DELETE that first and click SAVE and then click Add to add a SPA one instead. Or am I doing something wrong?

(6) Considering the warning about cookies and such, I tried all the above using Incognito and different browsers.

So based on all the above, I can't ever log in using the basic email-based accounts. It seems like the instructions should leave you in a state where you can do that.

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 520b9821-ecef-20af-a601-ea36c4297d88
• Version Independent ID: da9c8ac9-4d7a-4b40-56a2-a4bfe7083567
• Content: Secure an ASP.NET Core Blazor WebAssembly hosted app with Azure Active Directory B2C
• Content Source: aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md
• Product: aspnet-core
• Technology: aspnetcore-blazor
• GitHub Login: @guardrex
• Microsoft Alias: riande

[guardrex]

Hello @jmagaram ... Some notes and remarks on your comments first, then we can see what sort of next steps to take here ...

complex password requirement

I haven't tried that scenario (yet), so I can't remark on it.

I created a new user account inside the Azure portal of the B2C ... got a "Password expired" message

I can't repro that behavior. That's never happened for any of my test user accounts.

The Send verification works. But after I fill it all in, the Create button at the bottom is disabled.

My test users were created manually. Now that we've reached 5.0 with its improved API and Identity v2.0, I'd like to try scenarios like this and then add content to the doc to deal with any required special steps or gotcha 😈 scenarios to avoid. I'm still digging out from holiday issues ⛰️⛏️ and then need to address some existing high priority issues before I can reach this. I'm planning this work for when I reach this topic on my UE pass tracking issue.

Does this mean that NO user flows are supported

I've tried creating a user flow for resetting passwords but it isn't having any effect

It's referring to custom user flows, and it's a holdover remark from 3.x days. I'm not aware of any limitations for the basic user flows for things like password reset. As with above, I'd like to further test and work on this, and I suspect it will happen on that UE pass tracking issue that I mentioned.

"Web" is the default platform configuration already created

It doesn't sound like you're following the guidance. You set SPA on the new app registration on the first screen, so that's what Azure should set up for the app ...

Let's ask @mkArtakMSFT for next steps here ...

Artak, @jmagaram is having several problems with B2C setup/config and flows. I can try to repro the scenarios to see if I can both help @jmagaram further and improve the doc for anything that I learn along the way. However as you know, I just returned, and I'm digging out from under holiday and priority issues ⛰️⛏️ at the moment.

Do you want me to work the scenarios first and then open a new product unit issue for anything that I can't work out for @jmagaram and the doc, or is it best to close this issue here and go directly to a product unit issue?

If we move this over to the product unit, no worries on further topic work along these lines. I will get to all of the scenarios when I reach the WASM B2C topics on my UE tracking issue. It's ok to close this issue.

[jmagaram]

Feeling kind of stupid. The main issue was that I couldn't figure out how to get the "Create" button enabled to create a new user account. But what you have to do is click "Send verification code" and then click "Verify" and somehow I wasn't seeing that button. Once you click Verify then the Create button gets enabled. I think this is a UI design problem. There really should just be a single "Continue/Ok" button that verifies the code and creates the account. I'd like to file a bug/suggestion somewhere else about this but don't know the repro that contains the UI for this. I doubt I'm the first person to have this problem. I designed UI at Microsoft for 10 years and still got confused.

Complex password issue - was bumping into the problem above of not seeing the "Verify" button.

Created a user account inside the B2C Azure console and it worked this time for logging on. I have no idea what went wrong before because I definitely tried it several times and each time got a "password expired" message.

I think the documentation could be clearer about "custom user flows".

"It doesn't sound like you're following the guidance. You set SPA on the new app registration on the first screen, so that's what Azure should set up for the app" I just tried it again and you're right. I've gone through this sequence several times and maybe I made that mistake repeatedly.

So... I don't think there is a bug here. Feel free to close this.

[guardrex]

They take feedback at the following locations. I think the 2nd one is the best for this if you're saying that this is a purely UI problem and not an problem with AAD:

• https://feedback.azure.com/forums/169401-azure-active-directory
• https://feedback.azure.com/forums/223579-azure-portal

I'll make a note on my tracking issue to address the "custom user flows" language when I reach the topic.