[英]Azure AD B2C SignUp-SignIn policy with MFA turned on - Custom Login Page
I have an asp.net web application that authenticates via Azure AD B2C tenant. 我有一个通过Azure AD B2C租户进行身份验证的asp.net Web应用程序。 I have a sign-up-sign-in policy [login is using username instead of email] with MFA turned on.
我有一个启用MFA的注册登录策略[登录使用的是用户名而不是电子邮件]。 I have also setup Custom UI login page [unified.html] and MFA page [phonefactor.html] in a storage blob that the policy points to.
我还在策略指向的存储Blob中设置了自定义UI登录页面[unified.html]和MFA页面[phonefactor.html]。 I am able to authenticate the user via the custom login page and login with MFA.
我可以通过自定义登录页面对用户进行身份验证,然后使用MFA登录。 The issue is when I create a new user and force the user to change the password at their first login, instead of redirecting the user to the change password screen, I am getting an invalid username and password message.
问题是当我创建一个新用户并强迫该用户在首次登录时更改密码时,而不是将用户重定向到更改密码屏幕时,我收到了无效的用户名和密码消息。 When I use the Sign-In policy instead of sign-up-sign-in, the redirection to change the password works for the new user.
当我使用登录策略而不是注册登录时,更改密码的重定向适用于新用户。 But the sign-in policy does not have the option to specify Custom UI for login page.
但是登录策略没有选择为登录页面指定自定义UI的选项。 Am I missing anything here and how can I make this work with the sign-up-sign-in policy.
我是否在这里缺少任何内容,以及如何使用“注册-登录”政策来实现此目的。
Also is there any way to get the "Password" hint like the "Username" hint in the company branding ... Password hint is not available 也可以通过任何方式获取“ Password”提示,例如公司品牌中的“ Username”提示...密码提示不可用
forceChangePasswordNextLogin
only works on the sign-in policy which does not support UI customization. forceChangePasswordNextLogin
仅适用于不支持UI自定义的登录策略。
In order to achieve similar functionality in the unified sign-up/sign-in policy, you'll need to implement this functionality yourself. 为了在统一的注册/登录策略中实现类似的功能,您需要自己实现此功能。
One option to achieve similar (albeit not quite the same) functionality is by leveraging the Password Reset policy. 实现相似(尽管不完全相同)功能的一种方法是利用密码重置策略。 You would be creating new users up-front and ensuring you configure their email.
您将预先创建新用户,并确保配置他们的电子邮件。 You then direct them straight to the Password Reset policy for their account activation .
然后,将他们直接定向到“密码重置”策略以激活其帐户 。 They'll receive an email with a code which once provided, will let them provide set their password.
他们将收到一封包含密码的电子邮件,该密码一旦提供,将允许他们提供设置密码的密码。
There's already two outstanding feature asks in the Azure AD B2C Feedback Forum that you can support: 您可以支持Azure AD B2C反馈论坛中已有两个出色的功能要求:
UPDATE UPDATE
For the DIY approach: 对于DIY方法:
/authorize/
url.. /authorize/
url。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.