How to hide sensitive information in the Active directory error message ?

Alroy Fernandes 0 Reputation points
2024-02-23T15:29:19.94+00:00

I am just starting out on Azure. I am getting an error AADSTS50020. User account '*****' from identity provider '' does not exist in tenant '' and cannot access the application ''() in that tenant. How do I change the error so that it does not display the application name and id? I have given access to the users that need it. I donot want to display any information about the application in this error message or any other error message. I am writing my application in .net core 6.0. Is there a azure setting or code in .net to hide this information?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,433 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Danstan Onyango 3,821 Reputation points Microsoft Employee
    2024-03-04T12:06:16.21+00:00

    Do you understand that the name and client id of your application are public to anyone trying to sign in?
    For example, when your users are trying to sign in, the request will contain the ClientID of your application and the sign in page will contain the name of the application especially when there is need to consent to any permissions. Also, as the application developer, this error shows you the UPN of the identity being used to sign in to the application.

    My suggestion is to limit who access to the sign in logs that are generated by your application as the tenant and user info returned in the error message help tell the user and the developer what went wrong with specifics.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.