Question

我正在尝试通过及时迁移创建登录流程。通过REST API验证用户后，我需要通过AAD写入验证技术资料将用户写入目录。它可以正常工作，但是将帐户创建为“锁定”-当我进入门户网站时，我看到“阻止登录=是”

可能是什么原因？我使用相同的技术资料，因此在注册流程中效果很好

下面是我在本地登录的技术资料中执行的技术资料

 <TechnicalProfile Id="AAD-UserWriteUsingLogonEmail-Migrate">
      <Metadata>
        <Item Key="Operation">Write</Item>
        <Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">true</Item>
      </Metadata>
      <IncludeInSso>false</IncludeInSso>
      <InputClaims>
         <InputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="signInNames.emailAddress" Required="true" />  

      </InputClaims>
      <PersistedClaims>
        <!-- Required claims -->

          <PersistedClaim ClaimTypeReferenceId="signInName" PartnerClaimType="signInNames.emailAddress" />   

        <PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password" />
        <PersistedClaim ClaimTypeReferenceId="displayName" DefaultValue="unknown" />
        <PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration" />
        <!-- Optional claims. -->
        <PersistedClaim ClaimTypeReferenceId="givenName" />
        <PersistedClaim ClaimTypeReferenceId="surname" />
        <PersistedClaim ClaimTypeReferenceId="jobTitle" />
        <PersistedClaim ClaimTypeReferenceId="extension_Phone" /> 
        <PersistedClaim ClaimTypeReferenceId="extension_companyId" />
        <PersistedClaim ClaimTypeReferenceId="extension_companyName" />
        <PersistedClaim ClaimTypeReferenceId="extension_communicationOptin" /> 
        <PersistedClaim ClaimTypeReferenceId="streetAddress" />
        <PersistedClaim ClaimTypeReferenceId="city" />
        <PersistedClaim ClaimTypeReferenceId="state" />
        <PersistedClaim ClaimTypeReferenceId="postalCode" />
        <PersistedClaim ClaimTypeReferenceId="country" /> 
      </PersistedClaims>
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="objectId" />
        <OutputClaim ClaimTypeReferenceId="newUser" PartnerClaimType="newClaimsPrincipalCreated" />
        <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
        <OutputClaim ClaimTypeReferenceId="userPrincipalName" />
        <OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" />
        <OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true" />
      </OutputClaims>
      <IncludeTechnicalProfile ReferenceId="AAD-Common" />
      <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
    </TechnicalProfile>

Answer 1

...

const theme = localStorage.getItem('theme')

document.body.classList.toggle('red', theme === 'red')

...

事实证明“ newpassword”声明不可用，因为我在步骤中的自声明标志期间收集的声明是“ password”。添加“ PartnerClaimType =密码”也不会将“密码”也复制到“ newpassword”声明中。

解决方案是将“ newpassword”简单地重命名为“ password”，并且流程运行正常

        <PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password" />

如Chris所述，当密码不存在时，AAD Write仍会创建用户，但会将其创建为已禁用-我认为应该不会发生，B2C应该给出有意义的错误消息

通过自定义策略AAD Write创建Azure B2C帐户将用户锁定

1 个答案: