使用用户名登录并仅使用电子邮件重置密码,以实现 B2C 自定义策略

问题描述 投票:0回答:1

我正在使用自定义 B2C 政策。当我注册时,我输入电子邮件、用户名和密码。当我登录时,我使用用户名登录。当我重置密码时,我仅使用电子邮件重置密码,但就在这里我必须看到下一条错误消息:

enter image description here

我认为电子邮件与用户名不匹配,但我只想重置密码电子邮件。我应该设置什么 XML 标签?

我的重置密码.XML

  <BasePolicy>
    <TenantId>XXXXXXXXXX.onmicrosoft.com</TenantId>
    <PolicyId>B2C_1A_TrustFrameworkExtensions</PolicyId>
  </BasePolicy>
  <RelyingParty>
    <DefaultUserJourney ReferenceId="PasswordChange" />
    <TechnicalProfile Id="PolicyProfile">
      <DisplayName>PolicyProfile</DisplayName>
      <Protocol Name="OpenIdConnect" />
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="email" />
        <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" />
        <OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue=" 
            {Policy:TenantObjectId}" />
      </OutputClaims>
      <SubjectNamingInfo ClaimType="sub" />
    </TechnicalProfile>
  </RelyingParty>

我的 TRUSTFRAMWORKEXTENTIONS.XML => 注册

<TechnicalProfile Id="AAD-UserWriteUsingLogonName">
                    <Metadata>
                        <Item Key="Operation">Write</Item>
                        <Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">true</Item>
                    </Metadata>
                    <InputClaims>
                        <InputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="signInNames.userName" Required="true" />
                    </InputClaims>
                    <PersistedClaims>
                        <PersistedClaim ClaimTypeReferenceId="signInName" PartnerClaimType="signInNames.userName" />
                        <PersistedClaim ClaimTypeReferenceId="email" PartnerClaimType="strongAuthenticationEmailAddress" />
                        <PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password" />
                        <PersistedClaim ClaimTypeReferenceId="displayName" DefaultValue="SomeDefaultDisplayNameValue" />
                         <!-- <PersistedClaim ClaimTypeReferenceId="CodigoVerificacion" />  -->
                        <!-- <PersistedClaim ClaimTypeReferenceId="surname" /> -->
                    </PersistedClaims>
                    <OutputClaims>
                        <OutputClaim ClaimTypeReferenceId="objectId" />
                        <!-- <OutputClaim ClaimTypeReferenceId="newUser" PartnerClaimType="newClaimsPrincipalCreated" /> -->
                        <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
                        <OutputClaim ClaimTypeReferenceId="userPrincipalName" />
                    </OutputClaims>
                    <IncludeTechnicalProfile ReferenceId="AAD-Common" />
                    <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
        </TechnicalProfile>
            <TechnicalProfile Id="LocalAccountSignUpWithLogonName">
                    <DisplayName>User ID signup</DisplayName> 
                    <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
                    <Metadata>
                        <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
                        <Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
                        <Item Key="LocalAccountType">Username</Item>
                        <Item Key="LocalAccountProfile">true</Item>
                        <Item Key="language.button_continue">Registrase</Item>
                        <!-- desactivar validar correo -->
                         <Item Key="EnforceEmailVerification">false</Item>
                    </Metadata>
                    <InputClaims>
                        <InputClaim ClaimTypeReferenceId="signInName" />
                    </InputClaims>
                    <OutputClaims>
                        <OutputClaim ClaimTypeReferenceId="objectId" Required="true" />
                        <OutputClaim ClaimTypeReferenceId="signInName" Required="true" />
                        <OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
                        <OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
                        <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true" />
                        <OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true" />
                        <!-- <OutputClaim ClaimTypeReferenceId="CodigoVerificacion" Required="true" /> -->
                        <!-- <OutputClaim ClaimTypeReferenceId="newUser" /> -->
                        <OutputClaim ClaimTypeReferenceId="authenticationSource" />
                        <OutputClaim ClaimTypeReferenceId="userPrincipalName" />
                        <!-- <OutputClaim ClaimTypeReferenceId="surname" Required="true" /> -->
                    </OutputClaims>
                    <ValidationTechnicalProfiles>
                        <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonName" />
                    </ValidationTechnicalProfiles>
                    <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
                </TechnicalProfile>

我的 TRUSTFRAMWORKEXTENTIONS.XML => 忘记密码

nter code here
    <!-- Check if the user has selected forgot password herehere hereherehere-->
                        <OrchestrationStep Order="3" Type="InvokeSubJourney">
                            <Preconditions>
                                <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
                                <Value>isForgotPassword</Value>
                                <Action>SkipThisOrchestrationStep</Action>
                                </Precondition>
                            </Preconditions>
                            <JourneyList>
                                <Candidate SubJourneyReferenceId="PasswordReset" />
                            </JourneyList>
                        </OrchestrationStep>

<SubJourneys>
        <SubJourney Id="PasswordReset" Type="Call">
        <OrchestrationSteps>
            <!-- Validate user's email address. Run this step only when user resets the password-->
            <OrchestrationStep Order="1" Type="ClaimsExchange">
            <ClaimsExchanges>
                <ClaimsExchange Id="PasswordResetUsingEmailAddressExchange" TechnicalProfileReferenceId="LocalAccountDiscoveryUsingEmailAddress" />
            </ClaimsExchanges>
            </OrchestrationStep>

            <!-- Collect and persist a new password. Run this step only when user resets the password-->
            <OrchestrationStep Order="2" Type="ClaimsExchange">
            <ClaimsExchanges>
                <ClaimsExchange Id="NewCredentials" TechnicalProfileReferenceId="LocalAccountWritePasswordUsingObjectId" />
            </ClaimsExchanges>
            </OrchestrationStep>
        </OrchestrationSteps>
        </SubJourney>
     </SubJourneys>

当我注册时,我的电子邮件不会保存。我做错了什么?

enter image description here

azure-active-directory azure-ad-b2c azure-ad-b2c-custom-policy forgot-password
1个回答
0
投票

如果您使用用户名创建用户并且未捕获电子邮件,则您无法使用标准密码重置,因为这是基于电子邮件的。

看看这个政策 - 它展示了如何使用用户名或电子邮件。

但要小心。为了安全起见,首选电子邮件,因为您可以要求用户验证电子邮件。验证用户名的唯一方法是使用 MFA 并询问用户,例如输入短信一次性密码。

这就是为什么当您使用用户名注册时应该始终捕获电子邮件。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.