【问题标题】:B2C reset passwordB2C重置密码
【发布时间】:2018-09-06 17:16:15
【问题描述】:

我的创业公司有以下几点:

public partial class Startup
{
    private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
    private static string aadInstance = ConfigurationManager.AppSettings["ida:AadInstance"];
    private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
    private static string redirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];

    // B2C policy identifiers
   // public static string SignUpPolicyId = ConfigurationManager.AppSettings["ida:SignUpPolicyId"];
    public static string SignInUpPolicyId = ConfigurationManager.AppSettings["ida:SignInUpPolicyId"];
    public static string DefaultPolicy = SignInUpPolicyId;
    public static string ResetPasswordPolicyId = ConfigurationManager.AppSettings["ida:ResetPasswordPolicyId"];
    public static string ProfilePolicyId = ConfigurationManager.AppSettings["ida:UserProfilePolicyId"];



    public void ConfigureAuth(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        // Configure OpenID Connect middleware for each policy
       app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(SignInUpPolicyId));
       //app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(ResetPasswordPolicyId));
       // app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(SignInPolicyId));
    }



    private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
    {
        notification.HandleResponse();

        // Handle the error code that Azure AD B2C throws when trying to reset a password from the login page
        // because password reset is not supported by a "sign-up or sign-in policy"
        if (notification.ProtocolMessage.ErrorDescription != null && notification.ProtocolMessage.ErrorDescription.Contains("AADB2C90118"))
        {
            // If the user clicked the reset password link, redirect to the reset password route
            notification.Response.Redirect("/Account/ResetPassword");
        }
        else if (notification.Exception.Message == "access_denied")
        {
            notification.Response.Redirect("/");
        }
        else
        {
            notification.Response.Redirect("/Home/Error?message=" + notification.Exception.Message);
        }

        return Task.FromResult(0);
    }

    private Task OnRedirectToIdentityProvider(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
    {
        var policy = notification.OwinContext.Get<string>("Policy");

        if (!string.IsNullOrEmpty(policy) && !policy.Equals(DefaultPolicy))
        {
            //notification.ProtocolMessage.Scope = OpenIdConnectScopes.OpenId;
            //notification.ProtocolMessage.ResponseType = OpenIdConnectResponseTypes.IdToken;
            notification.ProtocolMessage.IssuerAddress = notification.ProtocolMessage.IssuerAddress.Replace(DefaultPolicy, policy);
        }

        return Task.FromResult(0);
    }

    private OpenIdConnectAuthenticationOptions CreateOptionsFromPolicy(string policy)
    {
        return new OpenIdConnectAuthenticationOptions
        {
            // For each policy, give OWIN the policy-specific metadata address, and
            // set the authentication type to the id of the policy
            MetadataAddress = String.Format(aadInstance, tenant, policy),
            AuthenticationType = policy,

            // These are standard OpenID Connect parameters, with values pulled from web.config
            ClientId = clientId,
            RedirectUri = redirectUri,
            PostLogoutRedirectUri = redirectUri,
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthenticationFailed = OnAuthenticationFailed
            },
            Scope = "openid",
            ResponseType = "id_token",

            // This piece is optional - it is used for displaying the user's name in the navigation bar.
            TokenValidationParameters = new TokenValidationParameters
            {
                NameClaimType = "name",
                SaveSigninToken = true //important to save the token in boostrapcontext
            }
        };
    }
}

在我的控制器中,我有以下内容:

public void ResetPassword()
{
    // Let the middleware know you are trying to use the reset password 
    policy (see OnRedirectToIdentityProvider in Startup.Auth.cs)
        HttpContext.GetOwinContext().Set("Policy", Startup.ResetPasswordPolicyId);

        // Set the page to redirect to after changing passwords
        var authenticationProperties = new AuthenticationProperties { RedirectUri = "/" };
        HttpContext.GetOwinContext().Authentication.Challenge(authenticationProperties);
}

现在重置密码只是重定向到“/”。我不确定这是如何工作的,也找不到任何样品。我尝试按照这个示例进行操作,但它使用了一些核心库并且没有成功使用文档。

https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-web-dotnet-susi

在遵循 Chris 的建议后,它起作用了。单击重置密码时,请参见下图。

【问题讨论】:

  • 嗨,托马斯。您在上面的代码中混合了几种方法。我建议您尽可能关注this Startup file 以开始自己的工作。
  • 谢谢,好像它完成了工作。你能发布一个答案。您知道您是否可以阻止用户在重置密码过程中更改电子邮件(参见原始帖子中的图片)?我们使用电子邮件作为用户的标识符,因此这不是他们更改电子邮件的选项。
  • 嗨@Thomas。 “更改电子邮件”使最终用户能够更改发送验证码的电子邮件地址。它不允许他们更改为其本地帐户注册的电子邮件地址。

标签: azure-ad-b2c


【解决方案1】:

请尽可能关注this Startup.Auth.cs file 以开始使用。

Startup 类的 ConfigureAuth 方法注册了 OWIN OpenID Connect 中间件,该中间件使 ASP.NET MVC 控制器能够设置 Azure AD B2C 策略,并使用 OWIN 上下文重定向到。

例子:

HttpContext.GetOwinContext().Set("Policy", Startup.ResetPasswordPolicyId);

【讨论】:

    猜你喜欢
    • 2019-07-14
    • 1970-01-01
    • 1970-01-01
    • 2020-06-01
    • 2021-01-08
    • 2021-06-25
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多