Azure AD B2C密码重置 [英] Azure AD B2C Password Reset

问题描述

我试图了解如何使用Azure AD B2C密码重置.

I am trying to understand how Azure AD B2C password reset is meant to be used.

似乎有多种方法可以处理密码重置.这些有什么区别?两者之间有价格差异吗?是Azure AD的某些功能，还是Azure AD B2C的功能?为什么下面的方法3似乎不起作用?

It appears there are a number of ways password reset can be handled. What is the difference between these? Is there is a price difference between these? Are some of these features of Azure AD, whilst some are features of Azure AD B2C? Why does method 3 below not appear to work?

1. 通过Azure B2C用户流(策略).

1. Via an Azure B2C user flows (policies).

• 登录v1的策略将在下面设置重置AD密码".
• 虽然所有其他策略都使用B2C密码重置，但允许用户通过存储在用户个人资料中的主电子邮件地址重置密码.

• The policy for Sign in v1 goes to AD password reset below.
• Whilst all other policies go to B2C password reset, that allows users to reset their password via their primary email address stored in their user profile.

通过Azure Active Directory自助服务密码重置.可通过 https://passwordreset.microsoftonline.com 进行访问.这允许用户通过存储在其个人资料中的任何电子邮件地址重置密码.

Via Azure Active Directory Self Service Password Reset. Which is accessible via https://passwordreset.microsoftonline.com. This allows the user to reset their password via any email address stored on their profile.

重置用户配置文件上的密码按钮.这提供了一个临时密码，但是该临时密码似乎不起作用.

Reset password button on user profile. This provides a temporary password, however the temporary password does not seem to work.

推荐答案

AAD B2C≠AAD ===> AAD B2C用户≠AAD用户

当前，在一般情况下，我们仅支持两种方法来重置Azure AD B2C用户的密码:

AAD B2C ≠ AAD ===> AAD B2C users ≠ AAD users

Currently, we only support two ways to reset Azure AD B2C users' password in general scenario:

1. 具有 Azure AD B2C密码重置策略/用户流的自助重置密码(SSPR).

管理员可以帮助用户使用 Azure AD Graph API 重置密码: https://docs.microsoft.com/zh-CN/previous-versions/azure/ad/graph/api/users-operations#reset-a-users-password--

Admins help users to reset password with Azure AD Graph API:https://docs.microsoft.com/en-us/previous-versions/azure/ad/graph/api/users-operations#reset-a-users-password--

回答您的问题:

两者之间有什么区别?有价格差吗 在这些之间?是Azure AD的某些功能，而有些是 AD B2C的功能是什么?

What is the difference between these? Is there is a price difference between these? Are some of these features of Azure AD, whilst some are features of Azure AD B2C?

• 密码重置策略/用户流程适用于AAD B2C用户. 您可以直接使用它. AAD B2C用户可以使用此密码自行重置密码.这也是一种SSPR.

  • Password reset policy/user flow is for AAD B2C users. You can use it directly. AAD B2C users can use this to reset their password by themselves. It's also a kind of SSPR.

    Azure Active Directory自助服务密码重置.通常，它适用于企业用户.作为此功能仅用于V1登录用户流，仅 ，我不建议您使用这种方式.

    Azure Active Directory Self Service Password Reset. Generally, it's for enterprise users. As this feature is just for V1 Sign in user flow only, I don't recommend you use this way.

    用户个人资料上的重置密码按钮.仅适用于AAD(组织/企业)用户.请勿对AAD B2C用户使用此按钮.

    Reset password button on user profile. It's for AAD (organization/enterprise) users only. Don't use this button for AAD B2C users.

    为什么下面的方法3似乎不起作用?

    Why does method 3 below not appear to work?

    如上所述，此功能仅适用于Azure AD用户.不是AAD B2C用户.因此，您不能在此处重设B2C用户的密码.

    As I mentioned in the above, this feature is just for Azure AD users. NOT AAD B2C users. Therefore, you cannot reset B2C users' password here.

    正如亚历克斯所说，AAD B2C用户不是Azure AD用户. B2C用户适用于2c senario.普通的Azure AD用户适用于组织/企业方案.

    As Alex said, AAD B2C user is not Azure AD user. B2C users is for 2c senario. Normal Azure AD user is for organization/enterprise scenario.

    您还可以参考我对

    You can also refer to my answers for What's the difference between Azure AD B2C tenant and normal Azure AD tenant?

    有关B2C密码重置策略如何工作的更多信息:

    • 在注册/登录"策略中单击"忘记密码" 按钮后，AAD B2C会将带有"AADB2C90118" 的消息发送回应用程序.

    • After clicked "forget your password" button in Signup/in policy, AAD B2C will send a message with "AADB2C90118" back to Application.

    例如，在ASP.NET MVC Web应用程序中，它应该挑战

    For example, in a ASP.NET MVC Web App, then it should challenge

    private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
                {
                notification.HandleResponse();
                // Handle the error code that Azure AD B2C throws when trying to reset a password from the login page 
                // because password reset is not supported by a "sign-up or sign-in policy"
                if (notification.ProtocolMessage.ErrorDescription != null && notification.ProtocolMessage.ErrorDescription.Contains("AADB2C90118"))
                {
                    // If the user clicked the reset password link, redirect to the reset password route
                    notification.Response.Redirect("/Account/ResetPassword");
                }
    

    • 这意味着Application将在收到此消息后将其/Account/ResetPassword重定向到以下消息.

      • It means that Application will redirect it /Account/ResetPassword to the after received this message.

        /Account/ResetPassword在此处从帐户控制器"中定义.应该由您定义的密码重置策略名称来确定.

        /Account/ResetPassword is defined here from Account Controller. It should be determined by the password reset policy name which defined by you.

            public void ResetPassword()
                    {
                        // Let the middleware know you are trying to use the reset password policy (see OnRedirectToIdentityProvider in Startup.Auth.cs)
                        HttpContext.GetOwinContext().Set("Policy", Startup.ResetPasswordPolicyId);
        
                        // Set the page to redirect to after changing passwords
                        var authenticationProperties = new AuthenticationProperties { RedirectUri = "/" };
                        HttpContext.GetOwinContext().Authentication.Challenge(authenticationProperties);
        
                        return;
                    }
        

        • 然后，该用户将被重定向到B2C密码重置策略以更改其密码.

        这篇关于Azure AD B2C密码重置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！