Invalid usename or password when sigining local ac

2020-06-06 02:20发布

Scenario:

When I started to do a test with AAD B2C Custom policy, I used this sample: active-directory-b2c-custom-policy-starterpack/SocialAndLocalAccounts/

I referred to this documentation to get started.

I followed those steps and changed some values in the samples and have double checked the client_id and resource_id. When I tried to run the signup or signin policy,I failed to signin with a local account with error:(Though I can signin with soical account)

Invalid username or password

I used Fiddler to catch the traffic, here is the request and response when I came across the error:

Request:

POST



https://login.microsoftonline.com/yangsa.onmicrosoft.com/B2C_1A_signup_signin/SelfAsserted?tx=StateProperties=eyJUSUQiOiI1NjMyNTc1OS1lZjFiLTRhNzctYmRkOS1jOGRjZmZhZmUxZGEifQ&p=B2C_1A_signup_signin HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
X-CSRF-TOKEN: RUF6Zk1MMFBHcVQxeHlNV2x0K2dnN21SVy9aMlN3M1R1WmxSOWdOUXhFTitDaGxOTFJoVGgwWFNLT0lKZ2JCcHdETFR1aUxtNFVDMmp0R2NkOE1RNXc9PTsyMDE4LTA3LTEyVDEwOjMzOjMyLjMyNjM0MTJaOy9IY3JiQmxESUhEcEQ4SWd1SXp6Q1E9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==
X-Requested-With: XMLHttpRequest
Referer: https://login.microsoftonline.com/yangsa.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_signup_signin&client_id=cec7ec64-0a28-4914-ab1a-8f951fd27b1d&nonce=defaultNonce&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=openid&response_type=id_token&prompt=login
Accept-Language: en-US,en;q=0.8,zh-Hans-CN;q=0.5,zh-Hans;q=0.3
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: login.microsoftonline.com
Content-Length: 69
Connection: Keep-Alive
Cache-Control: no-cache
x-ms-RefreshTokenCredential: eyJhbGciOiJIUzI1NiIsICJjdHgiOiJ3ejBCZW9uc0NWNkE4bVRNQURzZ29hcnl1bWV5VlFzbyJ9.eyJyZWZyZXNoX3Rva2VuIjoiQVFBQkFBQUFBQURYelozaWZyLUdSYkRUNDV6TlNFRkVoQWRiOXlnU2RyMjVfdzBtUzZaQTB3U2dlWmFNWUNzQmlxUTUyQnBzZ0w5ZUZqeXpPZXduX3MzblFsSnFyUWNsRTNzM205QVEzd0VsRC1OVDNFQ2VDank5SDFFQnVmLTFyRVd6T2JKTFNnc240ODc3SFY3UU15ZUlOZmhfWnFYWE1kMDFSRjUtZVJBWEl1TElmUTA1Ym9sa21wMmM2OTBZdmtzZFE0SEhjOTF2eXh2c2xqcUU2N3RVQ0l4a012Q2Z5UG9fUldLTlRtNUMwOXhVUzRBRFFXWlZLQVdETDJSU1dsT1BHcXBCQnR3Y2ZmTW1HdldZSll2RTZfQU5BQkduNGwwdm9neHB5ek8yVmY1V0hFdUVvUEgzWXcxenQ3UUd3T0lFZWlJMFRneFBtN0ZYempFWUVGd2lwckFYSmxYY3JMQ2M3Q0JpY3ktckRoQmRJaFBaLXFDbWU2SlVhU19HQjZRZzR1QnFzdmlVZjgwRWxoUmZZVnZISXp6R0tEQ1lWOXhmVkd3c3VLOFJaLVQ5dlZ1bGdGX0dqS1J3aWI1NWd2SVo2TkhjRWRXaEtoLXBtRVNRVnpHd3pxWXp3cXVxVUROMFU4ZTh0WmdmY0dsNGR2M2Vrc0NBR3lzSHdqa2RvRGRlc19FemZ2NllpdU1XcUFHbE5rWVFjQnBaRnFacEtjUHlocjhhdzFVSjRHcUtVU29wX2wzblZTVkpCNFpzR1FTaE05ck1RMDhwUFBwOU5DNkF2ZkVxSk14NzNNcHNSUHVEakRBZXlCdDNVNGtxNmpfYk9OaDBRMUVIa09vdlQyTVlsM2h1eFV1SVlZaTlMSFpwX2Z4YkthTEZiMGVmT3ZlN24yM2lzdklCd3FYQk1KdE9HeTZhZ3h4cEFWWUdtMmNQSlk2SVBnNHJVQ0o3MzJueWI4V2NwMVJXSjNnT3BoRXdXVmpNTHNSN0treENBd2pQLWt3d3c1bmxabDJsRk03VXFKRVBhYi1qUlQ3amlCcl9XZ0IyNHRibFlwMkZ6a3dHVWtqRVN2QzlNbk16a1JrV2ZTTUdvUGE5Wk9Hek1adHF5WXA2d0w4VmVENmdoQmlLQ295RE83X3g0ZUcybDhQb0RMdldjUjJJd3RSZ0lQNFVueXRjRXRIbEVRelJuQnBLOEFlVmUzb2p0UklQU00zZTRUUEdBYXc2eEdpTnNMQ09vMVMzUGdiTUxCSUNWUExtSjl5N2EtcktnRmtsVnNJUFlHVmZsZndweG1PQ2dZMS1KWmVWM0NkM2liQU9ydkhmcEdCS1BQdThfeDlwNVF2UExHNXZRbWoyUngtbmUzVUVPSFh1bXp0OXR3TUgyemo5MEt5U3AwZU0tT3dSV3Y1UmVhYm1TV2o0WlJsZWhqbWc1SDlVcjdXaVdCNFFNdXBNMk1nandVYzU5ZVN5bFFENlZIcnVFNUFYNUdDQkQzbDhidTRYTFJIYWtDem5HMW9ENDBrYnowR3dmOWZjSEhDUWlhSTlNZk8zU2ZQbnJ0RjBnc0p1UkhyLXI5LWsxMHJIREY1emdoX1d0ekp2Q2NzOGtJY0VoVmlLRFBraUxuMWdJX0RDYkhJcjBGQzlLejc1SUF4blhZZnVYZkwySUFBIiwgImlzX3ByaW1hcnkiOiJ0cnVlIiwgImlhdCI6IjE1MzEzOTE2MjEifQ.Gg4EVoJVWmdpOHZOzOkfSibkrh0sYLpnhobh9vtDbeU
Cookie: buid=AQABAAEAAADXzZ3ifr-GRbDT45zNSEFEoFnVsZyiuDhk01_58h3gTuhxkuN4glzV70KOD4qXb3cul77hhZKHSKMCSE9cqbRZg3g4zUtg_rpagH16M-Nu5FB4y5bgt6lMhCIu7-Ki4X0dKeAmsUrlZRq405IXm2RLetetoIpHe0MgEOTC8JwY2eCfdKjf_Bhx0dL_nTimHn4gAA; CCState=Q3VJRENqOTJMWGRoZVhsaGJrQnRhV055YjNOdlpuUXVZMjl0ZkdGd2NEcGpORFJpTkRBNE15MHpZbUl3TFRRNVl6RXRZalEzWkMwNU56UmxOVE5qWW1SbU0yTVNrd013Z2dHUEJna3Foa2lHOXcwQkJ3T2dnZ0dBTUlJQmZBSUJBREdDQVVnd2dnRkVBZ0VBTUN3d0ZURVRNQkVHQTFVRUF4TUtUVk5KVkNCRFFTQmFNZ0lUVmdCUUQyeTQ1d2cwQlZuMkNBQUFBRkFQYkRBTkJna3Foa2lHOXcwQkFRRUZBQVNDQVFDTzlidFlmbkFKL2lSL3Q2VWNSNS9Wd3BTRk1RQzI1cE5iS2ZLMWY2ZGh1c3lpQkxMVkpKQ3BTMUd0RUNUVEl4WVRWUDdFaDVJQnRUVWxkbnNzcU42SDJVSHh5R2FCa1V3TmdzSGVJbnFyNTRmQldWZGZUeFpDOGN2bHNOVlRGODlrQ21SSVZPSFBpcmZ4d3c2RVU0dm9wdTFXUThPWXJOWmZSTXVaM0pYejZlQW9vVUxMVzBUTmF2MUdoMTRZbTFPTVdMQ25RV2JYR2pZWlNSTWpOYlBqYjUyL1E2Q3VJSFJjS1dLSm1xSjVHU0U1Q1JocTFpaWdRUjlyUXQ1RU83QWxEVjFJOTQwVHVDazVTcXExdWg0cnBLMzgvc1dicVA3K29Pd09HekpmVVZtYjZoZFJkTitnNHJFbUtQZVl3eko3QStVNWR2SlVzbG90aURvOVJhKzlNQ3NHQ1NxR1NJYjNEUUVIQVRBVUJnZ3Foa2lHOXcwREJ3UUlsRDhyYm9QMjFUYUFDRUUvU2pRMGlHaHFHZ2tKRjArTnlCTG4xVWdTRWdvUWYrUVFJMXhGaUVXbHh4VmhOOFZQS2hvSkNSZXRYWHNUNTlWSQ==; ESTSAUTHPERSISTENT=AQABAAQAAADXzZ3ifr-GRbDT45zNSEFE1D-i4sTI4bxMS3YG2_xDXp4yTXqZSiUHyY4ul731zw7SXGGIFxbywIo1SPbnI4jt3--AWzXxi_t3TOAUSTHcP7GmFG5M_XmldgDdZwx3po9Gr51ZGKrG8XoWYd26XFqopxJ1h-q7oWvXdN-5T0odxC-f4qwnqOodnM9QS7nU1m-gKtYqZS9PIvMoNw1Eb1Lv4Cb9Rctu6N2q85C1nYaLEbjtnCkAHrTOgCNDM8C-zYIGLOzZ7DR0rFEfnV8o0niSO0oUO-e9t3fXssDHYMaUqhDLTt8hDUR1KqU2lPew5JAAzqh1pTiiDY7IYV7SE5lqH-dNGeavEkwMqde1rtUGJTQPCvimMnNGoDysrW4yXzPmnAQPc8Sn8Glx7mMwbPzntQ8kYB6sTijcbH_no0QyTuiCn0528glk6Z6p1TXLdky0mmCB0AxlVM0Xccm8oqlti5AzMulnsEDUdM7gLi1PgA_uPxJ1UTM-DO0RxUY5-Q6scRf-VSzwQnMlkTWH9PRiesxnSODFvQs-aIojw1tC0ahuX7ZfcvEXQmZG4VOQ04nnqcWje-6510jAK-lx5VtMw3JKTQzydei_mXydArKXlKmBYD-GgN2iCfKcm6Sx22jFFSM34979ZtTY0xcBtpxbrtvt_o4LkwxJqKhC_cb9vALt3YguankBPShoBSzBPq6_sfyb8nxGdOPv7bTcZ9h1RFt0fXcMvuhwfdnbjfL6HnNYMajoOOmk3cRlyE4gPmkFOSotod4467QrCms-NcOIrQenzv6xwUx3SPlyCoPuTyifP0PdMZk7aASltHP5PkFQKXm5ebZviQ_mThAYdAHmCdDnX3faBWaNZmgKCNodrOOwxQA_VNGUoniXLOnX4oQgACAAQAAQAgAA; x-ms-cpim-csrf=RUF6Zk1MMFBHcVQxeHlNV2x0K2dnN21SVy9aMlN3M1R1WmxSOWdOUXhFTitDaGxOTFJoVGgwWFNLT0lKZ2JCcHdETFR1aUxtNFVDMmp0R2NkOE1RNXc9PTsyMDE4LTA3LTEyVDEwOjMzOjMyLjMyNjM0MTJaOy9IY3JiQmxESUhEcEQ4SWd1SXp6Q1E9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==; x-ms-cpim-cache:wvcyvhvvd0q92cjc_6_h2g_0=m1.S3dACHsvLvIU9jhT.XNaZIn7mQAXBmNMOG0OeZw==.0.qqrYwNxX97Mf7xsSucScE/lnsINSDQQEECciCSWF7lWoCSaJE4jE3k8gamxe27Y2LDYWRgAUQpLIwaq7Sy4bzHmpz6RW/6Eb0A+2EGYcOzEaCFdnyLgaYAAHJYSgFIi07woKxFS8XlaRNBPFhiN/oa9Cpx5FlKflK0zFI5kFlcCzs4ezScCoAGF37FqMhgF7bzMvEVlat7nFioDK5PujkHHasjBUx5GzIHcs/N+TKCGF2Q1laAXaQIqXRmAtsoW+c1W1jU2RgGOcEQumixZgr1V00CYan/Gl2CZrKcIzyieb0ZbLxInF4SKSzy2o4IGbAPD175IFRCvFVNx87OB3mi0BG7dRmJqVFIM/No+QhAg1Bn3rWc279ggANB5W2WqPBum4UCnbwGGdUncuaiMvzYzNGBEehbDhA2HMGyNSSB+/pyGlFQfrfAB1u6FMYaLRYrjistDBAtnDuc0vwbCru4UTZpL2tSsaZ9G3C1hRNEcyr3KPVdwbp4LWKCec7RXY0CMq+eDO0TDZytaZODlN; x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjU2MzI1NzU5LWVmMWItNGE3Ny1iZGQ5LWM4ZGNmZmFmZTFkYSIsIlQiOiJ5YW5nc2Eub25taWNyb3NvZnQuY29tIiwiUCI6IkIyQ18xQV9zaWdudXBfc2lnbmluIiwiQyI6ImNlYzdlYzY0LTBhMjgtNDkxNC1hYjFhLThmOTUxZmQyN2IxZCIsIlMiOjEsIk0iOnt9LCJEIjowfV0sIkNfSUQiOiI1NjMyNTc1OS1lZjFiLTRhNzctYmRkOS1jOGRjZmZhZmUxZGEifQ==; x-ms-gateway-slice=001-000; stsservicecookie=cpim_te

request_type=RESPONSE&signInName=547541640%40qq.com&password=Password**

Response:

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/json; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: x-ms-cpim-cache:wvcyvhvvd0q92cjc_6_h2g_0=m1.9B2iQNUwazd7FQjw.OrYhfYGEvwJJcMYqrEutbg==.0.l5lu5FOyolu+69ukoegFq67IOmYbXgaWseDNzRfZ5twroAiil6LBDW95AdlAFxN7fOAry+gJtt8222nEpoR0n1S1QjABJoV1GlPZVyMDzUqWZLZeaEnPjDQjP2cSQ4sgQLyD/9IKwCaf9CUKdSIb7kiCCJGzw6/gYy5mywIo8kQJJrjZNCFMWEnZSb121TvRPpq7OZvI7ssYdxm2UDX6JYl9/37PxBvTQljKt5xKvgm0a56GSxHiUseOJnhsXKr4hUQseN5RSfaBe1egdStqzgyjcaQQKX6ZSIdZoE1lx1PUyagIARPL+tVtvf3093pqjbp9O0tEYM6udP5vp64HR/KOorzXBjnZPiCVxU0Oybp8UAyXbRkv8MsrWRE8bzKCqwxswN+sj+h+JyBv/0+6v7/7UIqokxS++91ddik5rwtYYugGM++OJ+TBugg9jWtHbSsivpaDGctslmo52yJydP2Is6rwazTkg3+vOUrZUr+BUXnvWWt8pqejBUKziRsrafXE5xgjARtvxLs1lb4DjiRUoXN1Wpel; domain=login.microsoftonline.com; path=/; secure; HttpOnly
Set-Cookie: x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjU2MzI1NzU5LWVmMWItNGE3Ny1iZGQ5LWM4ZGNmZmFmZTFkYSIsIlQiOiJ5YW5nc2Eub25taWNyb3NvZnQuY29tIiwiUCI6IkIyQ18xQV9zaWdudXBfc2lnbmluIiwiQyI6ImNlYzdlYzY0LTBhMjgtNDkxNC1hYjFhLThmOTUxZmQyN2IxZCIsIlMiOjIsIk0iOnt9LCJEIjowfV0sIkNfSUQiOiI1NjMyNTc1OS1lZjFiLTRhNzctYmRkOS1jOGRjZmZhZmUxZGEifQ==; domain=login.microsoftonline.com; path=/; secure; HttpOnly
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: x-ms-gateway-slice=001-000; path=/; secure; HttpOnly
Set-Cookie: stsservicecookie=cpim_te; path=/; secure; HttpOnly
X-Powered-By: ASP.NET
Date: Thu, 12 Jul 2018 10:33:42 GMT
Content-Length: 58

{"status":"400","message":"Invalid username or password."}

How to resolve this issue ? Is there anything I missed?

Additional: I can sign in with the bulit-in policy with both local and soical accounts. Also, I can sign up a new local account with custom policy but cannot sign in next time.

If there is any information needed, I can provide it later. Thanks in advance!


UPDATE1:

Here is my custom policies I used in this issue :https://github.com/WayneYangsa/Azure-AD-B2C-cutompolicy

UPDATE2:

I tested following different ways:

  • Use a wrong username to signin , the page will throw:We can't seem to find your account.

  • Use a right username but wrong password to signin,the page will throw:Your password is incorrect.

  • Use a right username and a right password to signin,the page will throw:Invalid username or password.

It's really weird. Becuase I even didn't have Invalid username or passwordmatedata Item in my TrustFrameworkBase.xml.

Here is the Matadata:

          <Metadata>
            <Item Key="UserMessageIfClaimsPrincipalDoesNotExist">We can't seem to find your account</Item>
            <Item Key="UserMessageIfInvalidPassword">Your password is incorrect</Item>
            <Item Key="UserMessageIfOldPasswordUsed">Looks like you used an old password</Item>

            <Item Key="ProviderName">https://sts.windows.net/</Item>
            <Item Key="METADATA">https://login.microsoftonline.com/yangsa.onmicrosoft.com/.well-known/openid-configuration</Item>
            <Item Key="authorization_endpoint">https://login.microsoftonline.com/yangsa.onmicrosoft.com/oauth2/token</Item>
            <Item Key="response_types">id_token</Item>
            <Item Key="response_mode">query</Item>
            <Item Key="scope">email openid</Item>

            <!-- Policy Engine Clients -->
            <Item Key="UsePolicyInRedirectUri">false</Item>
            <Item Key="HttpBinding">POST</Item>
          </Metadata>

1条回答
一夜七次
2楼-- · 2020-06-06 03:01

@WayneYang able to resolve issue :-)

Most common mistakes leading to this issue are

  • Creating IdentityExperienceFramework and ProxyIdentityExperienceFramework apps under B2C blade instead of Creating under Azure Active Directory blade (check step 2 in the doc)
  • Missing 11th step from the doc
  • Interchanging AppIds while placing inside extension policy for ProxyIEF and IEF Apps.
查看更多
登录 后发表回答