Azure AD B2C自助服务密码重置链接不起作用 [英] Azure AD B2C self service password reset link doesn't work
问题描述
我已经能够为正在测试的租户正确设置注册/登录策略.我设置了重置密码"属性,以允许所有人使用其电子邮件重置密码.当前,用户使用其电子邮件(也包括用户名),名字和姓氏进行注册.
I have been able to properly setup sign-up/sign-in policy for a tenant I'm testing. I have set the Reset Password property to allow everybody to reset their password using their email. Currently the user signs up using their email (also their username), first name, and last name.
但是,当我单击登录页面上的我忘记了密码"链接时,它只是将我重定向到同一页面.这里有我想念的东西吗?
However, when I click on the "I forgot my password" link on the sign in page, it just redirects me back to the same page. Is there something I'm missing here?
推荐答案
Azure AD B2C中有两种不同的密码重置机制:
There are two different mechanisms for Password Reset in Azure AD B2C:
-
登录政策:该应用程序无需执行任何操作,只需单击我忘记了密码" 即可将用户自动重定向到通用的Microsoft品牌密码重设页面.
Sign-in Policy: No work required by the application, clicking on "I forgot my password" redirects the user automatically to a generic Microsoft-branded password reset page.
注册/登录政策:这需要应用程序做一些额外的工作.单击我忘记了密码" ,将用户重定向到带有错误代码的应用程序.应用程序需要检测到请求中的错误代码,然后将用户进一步重定向到Azure AD B2C密码重置策略.密码重置策略可以广泛定制.
Sign-up/sign-in Policy: This requires the application to do some extra work. Clicking on "I forgot my password" redirects the user back to the application with an error code. The application needs to detect that the error code in the request and then further redirect the user to the Azure AD B2C Password Reset Policy. The Password reset policy can be customized extensively.
有关如何实施第二种方法的更多详细信息,以下是进入AuthenticationFailed通知并从
Going into more details as to how to implement the second approach, here's the code that hooks up into the AuthenticationFailed notification and redirects to your own PasswordReset controller action, from the B2C Sign-up/Sign-in quickstart, Startup.Auth.cs
private Task AuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
notification.HandleResponse();
if (notification.ProtocolMessage.ErrorDescription != null && notification.ProtocolMessage.ErrorDescription.Contains("AADB2C90118"))
{
// If the user clicked the reset password link, redirect to the reset password route
notification.Response.Redirect("/Account/ResetPassword");
}
else if (notification.Exception.Message == "access_denied")
{
// If the user canceled the sign in, redirect back to the home page
notification.Response.Redirect("/");
}
else
{
notification.Response.Redirect("/Home/Error?message=" + notification.Exception.Message);
}
return Task.FromResult(0);
}
这是代码PasswordReset控制器操作,该操作将用户从相同的
And here's the code PasswordReset controller action that redirects the user to the Password Reset B2C policy, from the same B2C Sign-up/Sign-in quickstart, Account Controller
public void ResetPassword()
{
if (!Request.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties() { RedirectUri = "/" }, Startup.PasswordResetPolicyId);
}
}
Just for sake of completeness, make sure you checkout the full guide/overview of setting up an Azure AD B2C Sign-up/Sign-in Policy
这篇关于Azure AD B2C自助服务密码重置链接不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
