我已经建立了一个Azure AD B2C应用程序,并创建了列出的here所需的IdentityFramworks应用程序 使用内置用户流登录时,我收到“您的密码不正确”,但它是100%正确的密码。 我使用入门包创建了自定义注册策略。 步骤1:
<TechnicalProfile Id="LocalAccountSignUpWithLogonName">
<DisplayName>User ID signup</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="UserMessageIfClaimsTransformationStringsAreNotEqual">That Username is already taken, please chose another one.</Item>
<Item Key="UserMessageIfClaimsTransformationBooleanValueIsNotEqual">The Access Number or Email are incorrect.</Item>
<Item Key="IpAddressClaimReferenceId">IpAddress</Item>
<Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
<Item Key="LocalAccountType">Username</Item>
<Item Key="LocalAccountProfile">true</Item>
<Item Key="language.button_continue">Continue</Item>
</Metadata>
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="signInName" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="extension_accessNumber" Required="true" />
<OutputClaim ClaimTypeReferenceId="signInName" Required="true" />
<OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
<OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
<OutputClaim ClaimTypeReferenceId="email" Required="true" />
<OutputClaim ClaimTypeReferenceId="givenName" Required="true" />
<OutputClaim ClaimTypeReferenceId="surname" Required="true" />
<OutputClaim ClaimTypeReferenceId="extension_gender" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_dateOfBirth" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_error" PartnerClaimType="extension_error" />
<OutputClaim ClaimTypeReferenceId="extension_message" PartnerClaimType="extension_message"/>
<OutputClaim ClaimTypeReferenceId="objectId" Required="true" />
<OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true" />
<OutputClaim ClaimTypeReferenceId="newUser" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" />
<OutputClaim ClaimTypeReferenceId="userPrincipalName" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="UsernameCheck"/>
<ValidationTechnicalProfile ReferenceId="API-VerifyStep1"/>
</ValidationTechnicalProfiles>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
第2步:
<TechnicalProfile Id="LocalAccountSignUpWithLogonNameStep2">
<DisplayName>User ID signup</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="IpAddressClaimReferenceId">IpAddress</Item>
<Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
<Item Key="LocalAccountType">Username</Item>
<Item Key="LocalAccountProfile">true</Item>
<Item Key="language.button_continue">Create</Item>
</Metadata>
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="signInName" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="extension_city" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_address" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_province" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_postalCode" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_psc" Required="false"/>
<OutputClaim ClaimTypeReferenceId="extension_rsc" Required="false"/>
<OutputClaim ClaimTypeReferenceId="extension_altContact" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_altRelation" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_altConPhone" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_sciLevel" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_dateOfOnset" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_termsOfUse" Required="true"/>
<OutputClaim ClaimTypeReferenceId="objectId" Required="true" />
<OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true" />
<OutputClaim ClaimTypeReferenceId="newUser" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" />
<OutputClaim ClaimTypeReferenceId="userPrincipalName" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="signup-NonInteractive" />
<ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonName" />
</ValidationTechnicalProfiles>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
似乎找到了该帐户,但密码不正确,我不确定为什么?如果您有自定义策略,内置策略是否不兼容?
我还创建了一个自定义登录策略,但是在加载页面时,这导致了可怕的格式,并且将用户名字段注册为输入type =“ text” id =“ password” name =“ Password” placeholder = “ Username” value =“” tabindex =“ 1”这非常令人困惑。
这是登录政策
<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Username">
<DisplayName>Local Account Signin</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="SignUpTarget">SignUpWithLogonUsernameExchange</Item>
<Item Key="setting.operatingMode">Username</Item>
<Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
<Item Key="setting.showSignupLink">False</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="signInName" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="signInName" Required="true" />
<OutputClaim ClaimTypeReferenceId="password" Required="true" />
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="login-NonInteractive" />
</ValidationTechnicalProfiles>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
这是登录非交互式配置文件
<TechnicalProfile Id="login-NonInteractive">
<DisplayName>Local Account SignIn</DisplayName>
<Protocol Name="OpenIdConnect" />
<Metadata>
<Item Key="client_id">530a3472-...</Item>
<Item Key="IdTokenAudience">f134083a-...</Item>
<Item Key="UserMessageIfClaimsPrincipalDoesNotExist">We can't seem to find your account</Item>
<Item Key="UserMessageIfInvalidPassword">Your password is incorrect</Item>
<Item Key="UserMessageIfOldPasswordUsed">Looks like you used an old password</Item>
<Item Key="ProviderName">https://sts.windows.net/</Item>
<Item Key="METADATA">https://login.microsoftonline.com/{tenant}/.well-known/openid-configuration</Item>
<Item Key="authorization_endpoint">https://login.microsoftonline.com/{tenant}/oauth2/token</Item>
<Item Key="response_types">id_token</Item>
<Item Key="response_mode">query</Item>
<Item Key="scope">username openid</Item>
<!-- Policy Engine Clients -->
<Item Key="UsePolicyInRedirectUri">false</Item>
<Item Key="HttpBinding">POST</Item>
</Metadata>
<InputClaims>
<InputClaim ClaimTypeReferenceId="client_id" DefaultValue="530a3472-..." />
<InputClaim ClaimTypeReferenceId="resource_id" PartnerClaimType="resource" DefaultValue="f134083a-..." />
<InputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="username" Required="true" DefaultValue="{OIDC:Username}" />
<InputClaim ClaimTypeReferenceId="password" Required="true" DefaultValue="{OIDC:Password}"/>
<InputClaim ClaimTypeReferenceId="grant_type" DefaultValue="password" />
<InputClaim ClaimTypeReferenceId="scope" DefaultValue="openid" />
<InputClaim ClaimTypeReferenceId="nca" PartnerClaimType="nca" DefaultValue="1" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="username" Required="true" />
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="oid" />
<OutputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tid" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />
<OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="family_name" />
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
<OutputClaim ClaimTypeReferenceId="userPrincipalName" PartnerClaimType="upn" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
</OutputClaims>
</TechnicalProfile>
我知道这篇文章很长,感谢您的投入或帮助。预先谢谢你
答案 0 :(得分:0)
查看您的自定义策略,即注册后,您在与密码用户不同的步骤中收集密码,将导致帐户被禁用。然后导致您在登录时看到的错误。