![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 67%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,687 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 65%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEN%3C/text%3E%3C/svg%3E)
Hi 이용각 이용각,
Thank you for contacting Q&A Forum. I would like to provide my findings and proposed solution:
Below is a two‑part answer addressing your concerns:
For Blocked Users: Intercept the OIDC authentication failure (using the middleware’s failure event or by configuring passive authentication) so that you can manually redirect users to your custom login or error page.
For Backend User Information: Enable Windows Integrated Authentication on your server to receive and validate Kerberos tickets from hybrid Azure AD‑joined PCs. Use the ticket’s validated identity to obtain user details directly, and consider constrained delegation (protocol transition) if your backend must access additional resources on behalf of the user.
Kindly let me know if this work for you and please let me know if you have any further question.
If I have answered your question, please accept this as answer as a token of appreciation and don't forget to give a thumbs up for "Was it helpful"!
Best regards,
Eric