Problems signing in with b2c

(5) Share

Report

Posted on by MP-26031339-0

I have created a custom b2c policy which we will be using for users of our dynamics system.

I have configured the identity provider for b2c on Power Pages.

We have:

Contact mapping with email - OFF
Registration enabled - OFF
Login claims mapping - "adx_identity_username=objectid"
The b2c policy returns the objectid of the matched contact from the dataverse

When a user logs in, the custom policy calls a function app which will search the contacts in the dataverse for the b2c object Id in the adx_identity_username field of all contacts.

If found, it returns straight away and b2c returns to the landing page on dynamics.

If the contact is not found, the function app will search for the contact by the first name and surname and email address they logged in with.

If a contact is found, the b2c object Id is stored on the dataverse contact ready for next time and it returns to dynamics

Failing that, a contact is created on the dataverse.

What this means is that when b2c returns to dynamics, the b2c object id will exist in a contact record ready for dynamics to pick it up.

The problem I am having is that it is giving me the following error:

Any ideas?

Categories:

Dynamics 365 general

All responses (2)

Answers (1)

Verified answer

MP-26031339-0 35 on at

Like (1)

Report

Problems signing in with b2c

After much triaL and error and gnashing of teeth, I eventually came up with the answer which I will share here.

The B2C custom policy calls an Azure Function App (passing in all fields from the Sign/SignUp form) that will do the following:

On Sign Up or Sign In:

Search in dataverse table External Identity for the b2c obbject ID in the adx_username field.

If found, we have a match, job done

-----------------------------------------------------------------------------------------

On Sign Up Only

Search in dataverse table Contact for the person using the fields on the SignUp form

If 1 match found - create a row in the dataverse table External Identity setting;

adx_username = b2c object ID

adx_identityprovidername = Issuer URL from the b2c SignIn/SignUp custom policy

adx_contactid = Id from the matched contact record

NOTE: the value to set adx_identityprovidername is NOT the Authority URL that you set in power pages for the b2c settings.

Next update the Contact record like so:

adx_identity_username = b2c object ID

adx_identity_logonenabled = YES (true)

If the contact does not have a value for adx_identity_securitystamp, set it to a new GUID

If no matches found, create a row in the Contact dataverse table setting all fields you have including the ones mentioned above.

and then create a row in the External Identity dataverse table as described above.

When the Function App returns, it will return the following claims to power pages:

oid - b2c object ID

iss - b2c issuer URL

check that your policy returns these.

Now in the Power Pages configuration page identity providers, open the one for Azure AD B2c

set both claims mapping fields to:

adx_username=oid,adx_identityprovidername=iss,adx_identity_username=oid

Then set Contact mapping with Email = OFF

Registration enabled = OFF

and this is our working solution!
Suggested answer

Daivat Vartak (v-9d... 6,051 Super User 2025 Season 1 on at

Like (2)

Report
Problems signing in with b2c

Hello MP-26031339-0,

The error message you're seeing:

"The username "18a[BLOCKED_SECTION]b7f" is already taken."

Indicates that the system is attempting to create a user account with a username that already exists. Let's break down why this is happening in your scenario, and how to fix it.

Understanding the Problem

adx_identity_username is not a username: The adx_identity_username field you're using is intended to store the Azure AD B2C objectid, which is a unique GUID. It is not meant to be used as a traditional username for login.

Power Pages Registration Attempt: Even though you've disabled registration on the Power Pages configuration, the system may still be trying to register a user internally when it encounters a new login from B2C. This is likely due to the way B2C is configured as an Identity Provider and how Power Pages handles external login.

Username Collision: The error message suggests that Power Pages is attempting to use the objectid (which is a GUID) as the username during this internal registration process. Since GUIDs are intended to be unique, this is likely a misconfiguration or a flaw in how Power Pages is handling the objectid in your specific setup.

Troubleshooting and Solutions

Correct Login Claims Mapping:

The most critical issue is that your login claims mapping is incorrect. Mapping objectid to adx_identity_username is fine for storing it, but it's not the right claim to use for login.

Power Pages expects a unique username claim for login. You need to identify a different claim from your B2C policy that represents a unique identifier for the user (e.g., email address, a user-specific ID from your application).

Example: If you want to use the email address as the username, you would map the email claim from B2C to a suitable field in Power Pages (possibly a custom field).

Disable User Registration in Power Pages:

Double-check and confirm that user registration is completely disabled in the Power Pages Identity Provider settings. This will help prevent unintended registration attempts.

Review Your B2C Policy:

Examine the claims being returned by your B2C policy. Make sure there is a claim that represents a unique identifier for the user that you can use for login.

Power Pages Configuration:

Verify that the "Default authentication mode" is set to "External."

Ensure that the "External authentication mapping" is correctly configured. This is where you map the claims from B2C to the appropriate fields in Power Pages.

Custom Function App Logic:

Review your custom function app logic. While it sounds like it's working correctly to find and create contacts, it's worth double-checking that it's not inadvertently triggering any internal registration processes in Power Pages.

Example Correction (using email as username)

Let's assume your B2C policy returns the email address as the claim emails[0].

In Power Pages Identity Provider Settings:

Login claims mapping: Change it to something like adx_identity_username=emails[0] (or whatever the correct claim name is).

Ensure you have a field in the Contact table to store this email.

In your Function App:

Make sure your function app is not creating a user entry using the objectid as a username. It should only be storing the objectid in the adx_identity_username field.

Important Note:

The adx_identity_username field should NOT be used for login. It's simply a place to store the B2C objectid.

By correcting your login claims mapping and ensuring that registration is properly disabled, you should resolve the "username already taken" error. Remember to use a unique user identifier (like email) as the username for login.

If my answer was helpful, please click Like, and if it solved your problem, please mark it as verified to help other community members find more. If you have further questions, please feel free to contact me.

My response was crafted with AI assistance and tailored to provide detailed and actionable guidance for your Microsoft Dynamics 365 query.

Regards,

Daivat Vartak