启用了MFA的Azure AD B2C注册-登录策略-自定义登录页面
[英]Azure AD B2C SignUp-SignIn policy with MFA turned on - Custom Login Page
问题描述
I have an asp.net web application that authenticates via Azure AD B2C tenant. 
我有一个通过Azure AD B2C租户进行身份验证的asp.net Web应用程序。 I have a sign-up-sign-in policy [login is using username instead of email] with MFA turned on. 我有一个启用MFA的注册登录策略[登录使用的是用户名而不是电子邮件]。 I have also setup Custom UI login page [unified.html] and MFA page [phonefactor.html] in a storage blob that the policy points to. 我还在策略指向的存储Blob中设置了自定义UI登录页面[unified.html]和MFA页面[phonefactor.html]。 I am able to authenticate the user via the custom login page and login with MFA. 我可以通过自定义登录页面对用户进行身份验证,然后使用MFA登录。 The issue is when I create a new user and force the user to change the password at their first login, instead of redirecting the user to the change password screen, I am getting an invalid username and password message. 问题是当我创建一个新用户并强迫该用户在首次登录时更改密码时,而不是将用户重定向到更改密码屏幕时,我收到了无效的用户名和密码消息。 When I use the Sign-In policy instead of sign-up-sign-in, the redirection to change the password works for the new user. 当我使用登录策略而不是注册登录时,更改密码的重定向适用于新用户。 But the sign-in policy does not have the option to specify Custom UI for login page. 但是登录策略没有选择为登录页面指定自定义UI的选项。 Am I missing anything here and how can I make this work with the sign-up-sign-in policy. 我是否在这里缺少任何内容,以及如何使用“注册-登录”政策来实现此目的。
Also is there any way to get the "Password" hint like the "Username" hint in the company branding ... Password hint is not available 也可以通过任何方式获取“ Password”提示,例如公司品牌中的“ Username”提示...密码提示不可用
1 个解决方案
解决方案1
4 已采纳 2017-06-18 07:10:59
forceChangePasswordNextLogin only works on the sign-in policy which does not support UI customization. forceChangePasswordNextLogin仅适用于不支持UI自定义的登录策略。
In order to achieve similar functionality in the unified sign-up/sign-in policy, you'll need to implement this functionality yourself. 为了在统一的注册/登录策略中实现类似的功能,您需要自己实现此功能。
One option to achieve similar (albeit not quite the same) functionality is by leveraging the Password Reset policy. 实现相似(尽管不完全相同)功能的一种方法是利用密码重置策略。 You would be creating new users up-front and ensuring you configure their email. 您将预先创建新用户,并确保配置他们的电子邮件。 You then direct them straight to the Password Reset policy for their account activation . 然后,将他们直接定向到“密码重置”策略以激活其帐户 。 They'll receive an email with a code which once provided, will let them provide set their password. 他们将收到一封包含密码的电子邮件,该密码一旦提供,将允许他们提供设置密码的密码。
There's already two outstanding feature asks in the Azure AD B2C Feedback Forum that you can support: 您可以支持Azure AD B2C反馈论坛中已有两个出色的功能要求:
UPDATE UPDATE
For the DIY approach: 对于DIY方法:
- Create the users by setting up an Azure AD app for your back-end API as outlined here: https://docs.microsoft.com/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet 通过为您的后端API设置Azure AD应用程序来创建用户,如下所示: https : //docs.microsoft.com/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet
- Have your back-end API call the Graph API like this app does to create the users: https://github.com/AzureADQuickStarts/B2C-GraphAPI-DotNet.git 让您的后端API像该应用程序一样调用Graph API来创建用户: https : //github.com/AzureADQuickStarts/B2C-GraphAPI-DotNet.git
- Send the users directly to the reset password URL
/authorize/url..将用户直接发送到重置密码URL /authorize/url。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.