Question 234743 in Azure Question posted in
The official documentation to get you started can be found here.

Azure B2C reset password via graph api sdk

Can I reset a person’s password using Azure B2C, Client Credential authentication and Graph API?

I’m trying, as shown below, but I’m getting an error.

Error: the user is not authorized to access this resource.

enter image description here

Tags:

2

Answers


  1. 0

    As per this:

    Note

    For the application to update user account passwords, you’ll need to grant the user administrator role to the application.

    Login or Signup to reply.
  2. 0

    I registered one Azure AD B2C application and added API permissions as below:

    enter image description here

    Now, I assigned User Administrator role to that application like this:

    enter image description here

    When I ran below c# code to reset B2C user’s password using client credentials flow, I got same error even after assigning User Administrator role:

    using Azure.Identity;
using Microsoft.Graph;
using Microsoft.Graph.Models;
using Microsoft.Kiota.Abstractions;
using Microsoft.Graph.Models.ODataErrors;
using System;

var scopes = new[] { "https://graph.microsoft.com/.default" };

var clientId = "appId";
var tenantId = "tenantId";
var clientSecret = "secret";

var options = new ClientSecretCredentialOptions
{
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
};

var clientSecretCredential = new ClientSecretCredential(
    tenantId, clientId, clientSecret, options);

var graphClient = new GraphServiceClient(clientSecretCredential, scopes);

try
{
    var requestBody = new Microsoft.Graph.Users.Item.Authentication.Methods.Item.ResetPassword.ResetPasswordPostRequestBody
    {
        NewPassword = "xxxxxx",
    };
    var result = await graphClient.Users["userId"].Authentication.Methods["28c10230-6103-485e-b985-444c60001490"].ResetPassword.PostAsync(requestBody);

    Console.WriteLine("Password changed successfully!");
}

catch (ODataError odataError)
{
    Console.WriteLine(odataError.Error.Code);
    Console.WriteLine(odataError.Error.Message);
}

    Response:

    enter image description here

    Note that, client credentials flow works with permissions of
    Application type only. Resetting password operation does not
    support Application permissions as mentioned in this MS Doc.

    Alternatively, you can run Update user query to reset B2C user’s
    password by updating passwordProfile property.

    When I ran below c# code by running PATCH query, user’s password changed successfully with below response:

    using Azure.Identity;
using Microsoft.Graph;
using Microsoft.Graph.Models;
using Microsoft.Kiota.Abstractions;
using Microsoft.Graph.Models.ODataErrors;
using System;

var scopes = new[] { "https://graph.microsoft.com/.default" };

var clientId = "appId";
var tenantId = "tenantId";
var clientSecret = "secret";

var options = new ClientSecretCredentialOptions
{
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
};

var clientSecretCredential = new ClientSecretCredential(
    tenantId, clientId, clientSecret, options);

var graphClient = new GraphServiceClient(clientSecretCredential, scopes);

try
{
    var requestBody = new User
    {
        PasswordProfile = new PasswordProfile
        {
            ForceChangePasswordNextSignIn = false,
            Password = "xxxxxxxxx",
        },
    };
    var result = await graphClient.Users["userId"].PatchAsync(requestBody);

    Console.WriteLine("Password changed successfully!");
}

catch (ODataError odataError)
{
    Console.WriteLine(odataError.Error.Code);
    Console.WriteLine(odataError.Error.Message);
}

    Response:

    enter image description here

    In your case, change your code to run PATCH query by updating passwordProfile property along with assigning User administrator role to the application.

    Reference:
    Update user – Microsoft Graph

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search