Developer technologies | ASP.NET Core | Other
A set of technologies in .NET for building web applications and web services. Miscellaneous topics that do not fit into specific categories.
Simulate Microsoft Account Login
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 74%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENB%3C/text%3E%3C/svg%3E)
Nadezhda Balkandzhiyska
11
Reputation points
Hello,
I have a website using Microsoft Account login to authenticate all users. In order to automate the website, I need to simulate the Microsoft Account login. So, I followed the same authentication flow that I identified in my browser.
The second step I go through is POST to login.microsoftonline.com/common/GetCredentialType?mkt=en-US
- I made a POST using JSON format to pass the username and isOtherIdpSupported.
This step is working as expected and I get the expected response verifying that the user has password to continue with the login, but after the 10th attempt I receive an incorrect response from the server that the submitted username does not exist, but in reality it exists.
However, on retrying, this username successfully goes through this step. So I had the following question:
Is it possible that I do not provide all of the necessary parameters for the request or may I hit some corner case of the GetCredentialType api?
Thanks a lot in advance.
Best regards,
Nadezhda
Developer technologies | ASP.NET Core | Other
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 51%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Yijing Sun-MSFT 7,106 Reputation points2022-02-01T07:41:47.75+00:00 Hi @Nadezhda Balkandzhiyska ,
Do you often have this issue? Or just one time in 100 times? You could try more times.
Best regards,
Yijing Sun -
Nadezhda Balkandzhiyska 11 Reputation points
2022-02-01T12:35:01.633+00:00 Hi @Yijing Sun-MSFT ,
Yes, I just finished the test and the result is that for 100 login requests and I got 5 incorrect responses per 10-15 minutes. I'm not sure if I increase the number of requests, I won't have the same result.
I was wondering if these incorrect responses are result of my request or is it some kind of limitation from Microsoft?
Thanks in advance.
Best regards,
Nadezhda -
Yijing Sun-MSFT 7,106 Reputation points
2022-02-02T07:23:42.137+00:00 Hi @Nadezhda Balkandzhiyska ,
I think you loss amount other parameters, the flowToken, originalRequest and the username.
Best regards,
Yijing Sun -
Nadezhda Balkandzhiyska 11 Reputation points
2022-02-02T07:57:24.977+00:00 Hi @Yijing Sun-MSFT ,
I provide username and isOtherIdpSupported, but I'm not sure from where and how to extract flowToken and originalRequest information for different username accounts.
Are flowToken and originalRequest specific for each username?
Thanks in advance.
Best regards,
Nadezhda -
Nadezhda Balkandzhiyska 11 Reputation points
2022-02-11T06:30:00.833+00:00 Hi @Yijing Sun-MSFT ,
I hope you are well!
I apologize, I was wondering if you could share a little more information on the subject.
Thank you in advance.
Best regards,
Nadezhda
Sign in to comment
Sign in to answer