3

I research whole internet and didn't find any approach, that hooks up into the AuthenticationFailed notification and redirects to your own PasswordReset controller action.
Here is a good example for asp.net framework but it not suite for me. I need the same for ASP.NET Core WebAPI project.
Here is another link with example core project but really can't figure out how to implement it into my own project. I am using bearer token authorization.
Does anybody have any advice?

kkost
  • 3,640
  • 5
  • 41
  • 72

1 Answers1

3

All you have to do is enable self-service password reset. Then users will se a "Forgot your password?" link on the sign-in page. If you need more control you can create a password reset policy.

Martin Brandl
  • 56,134
  • 13
  • 133
  • 172
  • thanks for the reply but now I am able to see Forgot password link, when I pick it, I see an error from my own domain. Here is how it looks like: https://www.screencast.com/t/VY6rcSVyg So I make a conclusion that I has wrong config. Does it make sense? – kkost Feb 14 '18 at 19:54
  • Yes, its handeld in the faq: Instead, the error code AADB2C90118 is returned to your app. Your app needs to handle this error code by invoking a specific password reset policy. For more information, see a sample that demonstrates the approach of linking policies – Martin Brandl Feb 14 '18 at 19:55
  • great ! Does Microsoft has any examples how to do that in asp.net core? – kkost Feb 14 '18 at 20:01
  • I don't want hard code full password reset url as well. Do we have another way to do that ? thanks – kkost Feb 14 '18 at 20:03
  • 1
    This article covers the password reset in aad b2c for .net core 2.0 (at the bottom): https://dzimchuk.net/setting-up-your-asp-net-core-2-0-apps-and-services-for-azure-ad-b2c/ . Password reset policy is similar to the signup policy so why don't you want to hard code them? Its already an abstraction since you can configure them.... – Martin Brandl Feb 14 '18 at 20:04