The user journey recorder with Azure AD B2C custom policies

The usual way to troubleshoot B2C issues with custom policies is with .

There’s a ton of information shown in Insights and it isn’t always easy to get what you want.

Hence the User Journey Recorder.

The GitHub sample is .

Inside this is a “UserJourneyRecorder” directory.

(Note: There is another version of the recorder inside of the wintipgamesb2c directory. This integrates the recorder with application insights. There is some documentation in the directory called “How to: Integrate a B2C policy with Azure Application Insights”).

Build this in Visual Studio using the project file “UserJourneyRecorder.sln”and then you need to to Azure App Services.

You project will have a URL similar to:

Note it and use it below in place of the above one.

First you need to create a .

Once you got the custom policies sorted and uploaded and assuming you are using the Signup and Signin policy, in SignUpOrSignin.xml, add two lines:

<TrustFrameworkPolicy
  xmlns:xsi=""
  xmlns:xsd=""
  xmlns=""
  PolicySchemaVersion="0.3.0.0"
  TenantId="tenant.onmicrosoft.com"
  PolicyId="B2C_1A_signup_signin"
  PublicPolicyUri=""
  DeploymentMode="Development"
  UserJourneyRecorderEndpoint=" GIUD created as above">

Upload the updated policy.

Now test using the “Run Now” button.

This should create the user journey data.

To view it use this URL:

 GIUD created as above"

i.e. add “trace_102.html”.

You should see:

“Change Refresh Mode” will switch to:

“Configure” will show:

You can alter the parameters as required.

“Refresh Now” will show the actual journey e.g.

“Message Detail” expands the message.

or an API example:

The real value of this tool is the error messages. It will show you the details of the error which is invaluable when debugging.

A “simple” error e.g. trying to register an existing user again shows e.g.

or “Invalid password”

“Download Stream” downloads the log in JSON format e.g.

"Exception": {
        "Kind": "Handled",
        "HResult": "80131500",
        "Message": "Invalid username or password.",
        "Data": {}
      },
      "PredicateResult": "False"
    }

I’ve found the tool to be super useful and a time-saver!

There is a good reference for the whole flow .

All good!

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Rory Braybrook

Written by

NZ Microsoft Identity dude. Azure AD/ADFS. Plus Auth0. North Shore .NET User Group Admin. Ignite - http://bit.ly/2D05Uh7 YouTube - http://bit.ly/2lzBqXQ

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.