Share via

Azure B2C: Seamless migration custom policy POST request to API not passing the correct body?

Dennis Cabilan 0 Reputation points
2025-02-07T06:27:00.94+00:00

I'm configuring a custom policy for seamless migration. I've already done the pre-migration with the temporary password. The flow is:

  1. When a user Signs in, It will check if extension_isMigrated is false.
  2. If extension_isMigrated == false, then it will proceed to validate (using the legacy API ServiceUrl using .NET Core 2.1 framework) using {"email": "enteredEmail", "password": "enteredpassword"}.
  3. If legacy API Validation returns true, then it will update the Password of the User in B2C using the entered password of the user, and authenticate the user (signed-in).
  4. if legacy API Validation returns false, then send an error message and prevent signin.

I am encountering a problem with the API validation part. B2C can communicate with the API, no problem. The problem is, the payload being sent with the request encounters NullReferenceException in one of the validation methods.

ASP.NET (C#)

public async Task<bool> Login([FromBody] User user)
{
    if (!AllowPasswordLogin(user.email))
}

ASP.NET (C#)

private bool AllowPasswordLogin(string email)
{
    string domainName = email.Substring(email.IndexOf("@") + 1); //NullReferenceException 
}

Debugging steps:

  1. I sent a request to webhooks via the B2C policy to verify what the payload is and got this JSON

JSONCopy

{
  "email": "a",
  "password": "a"
}
  1. I created a postman POST request towards the API with the JSON above as the body and it returns a status 200 with the expected boolean response.
  2. Spacing on the JSON body doesn't matter, it still returns status 200 when requested through postman. I sent a postman request to webhooks to compare headers and I don't see any significant contributor, but I'll include it here as well.

B2C request:

User's image

Postman Request:

User's image

Based on my investigation, It seems that my API request from B2C should work since it sends the same payload as the one in Postman, but this is not the case. I don't know if there might be something about how B2C is sending the request that's interfering with .NET Core 2.1 model binding, even though the raw JSON payload looks correct.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
3,019 questions
0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.