I suggest you ...

Send a User Agent when an Azure AD B2C custom policy calls a REST API.

If a Web Application Firewall (WAF) is configured on an Azure Application Gateway, then a request from B2C will be blocked with an HTTP response of 403 because the request doesn't include a User-Agent header.

A workaround is to disable the WAF rule, but it'd be nice to not need to disable WAF rules in order to use custom B2C policies.

4 votes
Vote
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
You have left! (?) (thinking…)
Toby shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base