0

Having read the documentation here I thought I should be able to add a user to active directory B2C and then be able to log in as that user. The error message is: "We can't seem to find your account"

[TestMethod]
public async Task CreateUserTest()
{
    string mailNickname = Guid.NewGuid().ToString();
    string upn = mailNickname + "@mydomain.onmicrosoft.com";
    string email = "zzz@gmail.com";

    User record = new User { Email = email, DisplayName = "Bob Smith", MailNickname = mailNickname, UserPrincipalName = upn };
    record.Identities = new List<ObjectIdentity>();
    record.PasswordProfile = new PasswordProfile();
    record.Identities.Append(new ObjectIdentity { Issuer = "mydomain.onmicrosoft.com", IssuerAssignedId = email, ODataType = "microsoft.graph.objectidentity", SignInType = "emailAddress" });
    record.Identities.Append(new ObjectIdentity { Issuer = "mydomain.onmicrosoft.com", IssuerAssignedId = upn, ODataType = "microsoft.graph.objectidentity", SignInType = "userPrincipalName" });
    record.PasswordProfile.Password = "Abcdefgh123!!";
    record.AccountEnabled = true;
    record.PasswordProfile.ForceChangePasswordNextSignIn = false;
    User user = await graphService.CreateUser(record);
    Assert.IsNotNull(user);
    
}




public async Task<User> CreateUser(User user)
{
    var result = await client.Users.Request().AddAsync(user);
    return user;
}

This login code works if the user logs in using an existing account or creates a new one using the Sign up now link:

export const SignIn = async (appState: AppState): Promise<string> => {

    var msg: string = '';

    try {
        const response = await MSAL.login('loginPopup');

Edit: Add screen cap showing user type and source:

enter image description here

1 Answers1

0

I tried to create a consumer user with code like yours:

enter image description here

And tested with this account in user flow, it returned the token well:

enter image description here

Please check the accounts that you created in your code, the User type always need to be Member and have the Source Azure Active Directory.

enter image description here

unknown
  • 6,778
  • 1
  • 5
  • 14
  • Thank you Pamela, however there is no such property `Source`. What are you referring to? –  Nov 23 '20 at 13:34
  • How is the code in your answer different from from the code in my question? Where do you set user type and source? –  Nov 23 '20 at 14:25
  • The screenshot shows all my code. And navigate to Azure AD B2C -> Users -> the `Source` in the portal. I used ClientCredentialProvider to get graphClient, and then replaced the domain with my b2c domain. That's all. – unknown Nov 24 '20 at 01:40
  • Please help me understand how your response answers my question. How is the code in your answer different from from the code in my question? What am I doing wrong? Where do you set user type and source? User type and source are set in the portal for the user I added also. I suppose Azure AD sets those properties. –  Nov 24 '20 at 02:32
  • Sorry, I didn't explain it clearly. First, the code I used to [create User](https://learn.microsoft.com/en-us/azure/active-directory-b2c/microsoft-graph-operations#user-management) is the same as yours, and I didn't set any other properties. After adding the user, I checked Users in the portal. Please share the type and resource of yours, because if the user type and resource are incorrect, it will return the error. If you sign in with a wrong username(upn), it will also return this error. I'm not sure what causes the problem. – unknown Nov 24 '20 at 02:56
  • Please see attached image showing user type and source. –  Nov 24 '20 at 03:03
  • Also, I am signing in using the `IssuerAssignedId ` email identity zzz@gmail.com –  Nov 24 '20 at 03:08
  • The API is used to create a B2C account, you could sign in with UserPrincipalName(guid@yourdomain.onmicrosoft.com) but not email(zzz@gmial.com). There is no API to create **guest** user and add it as a member. But there is a workaroud to implement the invitation flow using a custom policy in this [issue](https://stackoverflow.com/a/51059610/13308381). – unknown Nov 24 '20 at 05:28
  • I am trying to make a [Consumer Account](https://learn.microsoft.com/en-us/azure/active-directory-b2c/user-overview) not a guest account. Per link cited: Consumer accounts can be created by:....Using Microsoft Graph API. –  Nov 25 '20 at 01:55
  • Consumer Account is the account of Azure B2C, you should sign in with `UserPrincipalName` but you couldn't sign in with `email`. Email is used for email verification. – unknown Nov 25 '20 at 02:01
  • zzz@gmial.com is the third-party email address. If you would like to sign in with it, you need to invite it as a guest account and add it as a member. Then you could sign in. – unknown Nov 25 '20 at 02:04
  • > you should sign in with UserPrincipalName but you couldn't sign in with email. Email is used for email verification. Can you please post a reference to the documentation where this is explained? –  Nov 25 '20 at 14:09