User signing in without registration if another user is not signed out on same browser

(0) Share

Report

Posted on by Sambasi

Hi @Oliver ,

I have seen your many post on azure ad b2c with portals. Please help me in below issue-

I have configured Power Apps Portal with Azure AD B2C,I am facing an issue -

I am using invitation based registration in Power Apps Portal with azure AD b2c, now 1st user get the invitation link and he register with that link in the portal. Now if user has received another invitation , 2nd user click on that redeem invitation link on same browser and then he click on register then it directly sign in the user with the 1st user account without registration.

In that case 2nd user consumes the details of 1st user and it says invitation code is now used.

Anyone can please help me out with the issue ?

Its URGENT !!@con

Categories:

Power Apps portals

I have the same question (0)

All responses (4)

Answers (1)

Sort by

ragavanrajan 7,044 Most Valuable Professional on at

Like (0)

Report
Copy link

Link copied!

Hey @Sambasi

Maybe my interpretation needs more clarity. How the second user will use the same PC and browser? Do they not have separate machines allocated to them? Why do they need to use the same browser?

Hope it helps.
------------

If you like this post, give it a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users to find it.

Was this reply helpful? Yes No
Sambasi 9 on at

Like (0)

Report
Copy link

Link copied!

Hi @ragavanrajan ,
In my scenario, both the user 1st and 2nd user have the same email address ,so they will receive invitation on same email, when the user goes to 1st invitation and registered successfully, but when user goes to 2nd invitation and click on register then it takes the 1st user details.

can you please suggest how we can stop the user by taking the same user details?

Was this reply helpful? Yes No
Verified answer

Fubar 8,503 Super User 2026 Season 1 on at

Like (1)

Report
Copy link

Link copied!

I think the issue is not as exactly described i.e. not because of same email address (as the invitation should resolve to a Contact record not the email address), but because of sharing the same device i.e. using the same browser session.

Have seen the same browser issue, which is caused by the B2C and Portal maintaining a Session in the browser and one or both not being closed before the second user clicks on their invitation link.

One of the issues with this is that the 2nd user gets access to the 1st users data on the Portal as the second invitation associates to the first user's contact record (and not the second users) and during that session can update etc as the first user without realizing it. (and then after the session expires the 2nd user has no access as they did not establish the authentication credentials as they jumped in on the back of the 1st users authentication)

The only way we could think to make it work was that on the Invitation redemption page to insert a snippet of Liquid to check if the "user" object already existed and then insert a JavaScript redirect to the logout url (i.e. if someone is already logged in the liquid "user" object exists so force a logout. A user that is already setup wpuld not go back to that page so forcing the logout from that page was a viable solution)

Other settings that can reduce the occurrence is to set low session inactivity timeouts for both B2C and the Portal (set to both to the same timeout value), and there is also another setting for the nonce timeout (the nonce setting can have an impact if someone sits on the B2C setup/login screen too long before they get redirected back to the portal).
The portal site settings includes
Authentication/ApplicationCookie/ExpireTimeSpan
Authentication/OpenIdConnect/your b2c here/NonceLifetime

(https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-settings)

Was this reply helpful? Yes No
Sambasi 9 on at

Like (0)

Report
Copy link

Link copied!

Hi @Fubar ,

As per your suggested solution , on Redeem Invitation content snippet (Account/RedeemInvitation/PageCopy) I have written the below JavaScript code on register button click of redeem invitation page.

Below is the code-
<script>
$( document ).ready(function() {
$('#submit-redeem-invitation').click(function(){
var isLoggedIn = {%if user %} true {% else %} false {% endif %};
alert(isLoggedIn);
if(isLoggedIn)
{
alert("Please logout from previous sessions & reload this page after logging out");
location.reload();
return false;
}
});
});
</script>

I have made return false so that It will not redirect to any other URL, instead It will redirect to same page.

Thankyou so much ! It worked.

Was this reply helpful? Yes No