Hi,
I appreciate your response. I have tried the route as per your suggestion and it does work. I have however come across a couple of related problems.
When a user registers through OpenId they are activated and can now access the application. Once activated a user can just click on the OpenId button and have access. One point is that the username in the upper right is an MD5 hash of the e-mail address. I've corrected this by removing the MD5 in our code but I was curious why it was done like this? Since the user can see the MD5 value I'm not sure what the reason is but could be beneficial to know incase I am causing an issue by removing it. For end users it's not a good thing to see either.
My next issue has been tested both with and without the Md5 hash just to verify I hadn't broken anything with my change. I will details the steps below on how I am finding this issue.
The above steps cause an issue as when the user is removed from accessing the application through Azure AD they can by-pass by entering in their username/password since they now know their password. In this manner they are by-passing the OpenId connect which I was intending for them to use so that I can deny access through Azure AD.
Perhaps I am missing something in my configuration within AzureAD that would prevent this. Regardless I don't think that a user who is using an external authentication mechanism should be allowed to reset their password and gain access in this way.
As an aside, my original query about Microsoft.Graph isn't related to the Zero solution as I'm still facing challenges to get this working with a simple MVC application. I think it's related to OpenId and how I get the identity. In summary I can use Microsoft.Graph with application permissions but unable to use delegate permissions. This isn't an issue with your solution so I'll continue to investigate this myself.
If you could advise on the reset password for external logins and also the reason for the MD5 hash of the e-mail address that would be appreciated.
Thanks
We managed to find the issue link you sent and have upated our code to get past the javascript problem.
We also had another issue with the dotnet-ef installation as detailed above. This problem was happening due to the docker project files being added to the root of the project. The end solution was to remove the docker project files and this got past the multiple project files error. Can someone confirm if they are seeing the same issue and if they found a solution where the docker project files can be retained?
Hi,
I'm not too concerned about Localization for this part. What I cannot find is where [Validation Error] and [Validation narrative title] is coming from. How would you set these to string literals when showing the above message? I will check the first link again that you've sent in more detail to see if I'm missing something.
apologies, my error, I noticed the banner on github with an invitation, I didnt realise I had to click on it to accept the invitation and get access. Many thanks for responding so quickly