为Azure AD B2C中的电子邮件本地帐户设置显示名称/用户名吗? [英] Set display name / username for email local accounts in Azure AD B2C?
问题描述
我是Azure AD B2C的新手,并且已经设置了一个使用本地帐户正确进行身份验证的网站(仅电子邮件).收到验证请求后,我在电子邮件"声明下看到了电子邮件地址,但名称"声明又回来了为未知".
I'm new to Azure AD B2C and have set up a site that correctly authenticates using local accounts (email only). When the validation request comes back, I see the email address under the 'emails' claim, but the 'name' claim comes back as 'unknown'.
在Azure门户中,将创建该帐户,但名称未设置,并且对于所有注册用户而言都是未知"的.这不是我所期望的.我希望默认情况下将名称"设置为电子邮件地址,以便更轻松地在门户网站中找到该帐户,因为我们根本没有为该帐户类型收集显示名称"(用户已经输入了给定和姓氏).
Looking in Azure portal, the account is created but the name is unset and is 'unknown' for all users that register. This isn't what I was expecting. I would prefer that the 'name' be set to the email address by default so that it is easier to find the account in the portal, since we aren't collecting a 'Display Name' at all for this account type (user already enters given and surname).
我的配置是否有误,是否可以将用户名默认为本地仅电子邮件帐户的电子邮件地址?
Do I have something configured incorrectly, and is there a way to default the username to the email address for local, email only accounts?
推荐答案
Azure AD B2C不会自动填充"任何字段.
设置注册策略或统一的注册/登录策略时,您可以选择注册"属性.这些是显示给用户的属性,然后将其存储在Azure AD B2C中.
When you setup your sign-up policy or unified sign-up/sign-in policy you get to pick the Sign-up attributes. These are the attributes that are show to the user for him/her to provide and are then stored in Azure AD B2C.
未提示用户输入的内容均保留为空,或者在少数情况下(如您观察到的名称)设置为未知".
Anything that the user is not prompted for is left empty or in a few select cases (like name as you have observed) set to 'unknown'.
Azure AD B2C无法假设要使用什么预先填充给定属性..虽然您可能会认为使用电子邮件作为名称的默认名称是可以接受的,但其他人可能不会.另一个示例,对于某些显示名称,可以预填充"{Given name} {Surname}",但是对于其他示例,则显示名称的另一种方式是"{Surname,Givenname}".
Azure AD B2C can not make assumptions as to what to pre-populate a given attribute with. While you might find it acceptable to use the email as the default for the name, others might not. Another example, the display name, for some, can be prepopulated with "{Given name} {Surname}", but for others, it's the other way around "{Surname, Givenname}".
您实际上要提供的是一种为某些属性配置默认值的简便方法,而今天这还不可用.您可以在 Azure AD B2C UserVoice论坛.
What you are effectively asking for is an easy way to configure defaults for some attributes which is not that's available today. You can request this feature in the Azure AD B2C UserVoice forum.
目前,您有两个选择:
- 通过在策略中将其选择为注册属性来强制用户明确提供此值.
- 添加一些代码,以所需的任何逻辑来更新这些属性(例如,在处理新注册的控制器中或通过定期运行的无头客户端).
- Force your users to explicitly provide this value by select it as a sign-up attribute in your policy.
- Add some code that updates these attributes with whatever logic you want (for example in the controller that processes new sign-ups or via a headless client running periodically).
这是一个快速的&可用于此目的的.Net代码的肮脏代码段(假设您想在auth管道(Startup.Auth.cs)中执行此操作:
Here's a quick & dirty snippet of .Net code that you can use for this (assuming you want to do this in the auth pipeline (Startup.Auth.cs):
private async Task OnSecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
try
{
var userObjectId = notification.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier")?.Value;
// You'll need to register a separate app for this.
// This app will need APPLICATION (not Delegated) Directory.Read permissions
// Check out this link for more info:
// https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet
var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(string.Format(graphAuthority, tenant));
var t = await authContext.AcquireTokenAsync(graphResource, new ClientCredential(graphClientId, graphClientSecret));
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Add("Authorization", "Bearer " + t.AccessToken);
var url = graphResource + tenant + "/users/" + userObjectId + "/?api-version=1.6";
var name = "myDisplayName";
var content = new StringContent("{ \"displayName\":\"" + name + "\" }", Encoding.UTF8, "application/json");
var result = await client.PostAsync(url, content);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
}
像这样设置OpenIdConnectAuthenticationOptions时,将引用此方法:
You'll reference this method when you setup your OpenIdConnectAuthenticationOptions like so:
new OpenIdConnectAuthenticationOptions
{
// (...)
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed,
SecurityTokenValidated = OnSecurityTokenValidated,
},
// (...)
};
这篇关于为Azure AD B2C中的电子邮件本地帐户设置显示名称/用户名吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
