启用了MFA的Azure AD B2C注册-登录策略-自定义登录页面 [英] Azure AD B2C SignUp-SignIn policy with MFA turned on - Custom Login Page
问题描述
我有一个通过Azure AD B2C租户进行身份验证的asp.net Web应用程序.我有一个启用MFA的注册登录策略[登录使用的是用户名而不是电子邮件].我还在策略指向的存储Blob中设置了自定义UI登录页面[unified.html]和MFA页面[phonefactor.html].我可以通过自定义登录页面对用户进行身份验证,然后使用MFA登录.问题是当我创建一个新用户并强迫该用户在首次登录时更改密码时,而不是将用户重定向到更改密码屏幕时,我收到了无效的用户名和密码消息.当我使用登录策略而不是注册登录时,更改密码的重定向适用于新用户.但是登录策略没有选择为登录页面指定自定义UI的选项.我在这里遗漏了什么吗?如何使用登录-登录"政策来实现此目的.
I have an asp.net web application that authenticates via Azure AD B2C tenant. I have a sign-up-sign-in policy [login is using username instead of email] with MFA turned on. I have also setup Custom UI login page [unified.html] and MFA page [phonefactor.html] in a storage blob that the policy points to. I am able to authenticate the user via the custom login page and login with MFA. The issue is when I create a new user and force the user to change the password at their first login, instead of redirecting the user to the change password screen, I am getting an invalid username and password message. When I use the Sign-In policy instead of sign-up-sign-in, the redirection to change the password works for the new user. But the sign-in policy does not have the option to specify Custom UI for login page. Am I missing anything here and how can I make this work with the sign-up-sign-in policy.
还可以通过任何方式获取商标"提示,例如公司品牌中的用户名"提示...密码提示不可用
Also is there any way to get the "Password" hint like the "Username" hint in the company branding ... Password hint is not available
推荐答案
forceChangePasswordNextLogin仅适用于不支持UI自定义的登录策略.
forceChangePasswordNextLogin only works on the sign-in policy which does not support UI customization.
为了在统一的注册/登录策略中实现类似的功能,您需要自己实现此功能.
In order to achieve similar functionality in the unified sign-up/sign-in policy, you'll need to implement this functionality yourself.
获得相似(尽管不完全相同)功能的一种方法是利用密码重置策略.您将预先创建新用户,并确保配置他们的电子邮件.然后,将他们直接引导至密码重置"策略以进行帐户激活.他们将收到一封包含密码的电子邮件,该密码一旦提供,将允许他们提供设置密码的密码.
One option to achieve similar (albeit not quite the same) functionality is by leveraging the Password Reset policy. You would be creating new users up-front and ensuring you configure their email. You then direct them straight to the Password Reset policy for their account activation. They'll receive an email with a code which once provided, will let them provide set their password.
Azure AD B2C反馈论坛中已经有两个出色的功能,您可以支持:
There's already two outstanding feature asks in the Azure AD B2C Feedback Forum that you can support:
- Support Force Password Reset
- Fully Customizable Sign-In Page
更新
对于DIY方法:
- 通过为您的后端API设置Azure AD应用程序来创建用户,如下所示: https://docs.microsoft. com/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet
- 让您的后端API像该应用程序一样调用Graph API来创建用户:
- Create the users by setting up an Azure AD app for your back-end API as outlined here: https://docs.microsoft.com/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet
- Have your back-end API call the Graph API like this app does to create the users: https://github.com/AzureADQuickStarts/B2C-GraphAPI-DotNet.git
- Send the users directly to the reset password URL
/authorize/url..
这篇关于启用了MFA的Azure AD B2C注册-登录策略-自定义登录页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
