Azure AD B2C登录自定义策略-获取密码错误消息
我正在尝试在Azure AD B2C中添加简单的登录自定义策略。当我运行策略时,我可以看到默认登录页面,但当我输入用户电子邮件和密码时,我会看到下面的消息 您的密码不正确 我输入了正确的密码,但仍然面临这个问题 下面是我的技术简介和用户体验 技术概况:Azure AD B2C登录自定义策略-获取密码错误消息,azure,azure-active-directory,azure-ad-b2c,identity-experience-framework,Azure,Azure Active Directory,Azure Ad B2c,Identity Experience Framework,我正在尝试在Azure AD B2C中添加简单的登录自定义策略。当我运行策略时,我可以看到默认登录页面,但当我输入用户电子邮件和密码时,我会看到下面的消息 您的密码不正确 我输入了正确的密码,但仍然面临这个问题 下面是我的技术简介和用户体验 技术概况: <TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email"> <DisplayName>Local Account Signin</Displ
<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email">
<DisplayName>Local Account Signin</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<!-- <Item Key="SignUpTarget">SignUpWithLogonEmailExchange</Item> -->
<Item Key="setting.showSignupLink">False</Item>
<Item Key="setting.operatingMode">Email</Item>
<Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="signInName" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="signInName" Required="true" />
<OutputClaim ClaimTypeReferenceId="password" Required="true" />
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="login-NonInteractive" />
</ValidationTechnicalProfiles>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
本地帐户登录
假的
电子邮件
api.Self断言
假的
<UserJourney Id="SignUpOrSignIn">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
<ClaimsProviderSelections>
<ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
</ClaimsProviderSelections>
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" />
</ClaimsExchanges>
</OrchestrationStep>
<!-- This step reads any user attributes that we may not have received when in the token. -->
<OrchestrationStep Order="3" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="AADUserReadWithObjectId" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="4" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
</OrchestrationSteps>
<ClientDefinition ReferenceId="DefaultWeb" />
</UserJourney>
目标
SkipThisOrchestrationStep
请务必告诉我缺少什么。门户中的重置可能不起作用。如果要求用户在登录时更改密码,B2C将无法做到这一点。您可能需要立即使用PowerShell/Graph API更新密码,而无需在登录时重置密码。或者删除该用户并重新注册。还请记住,您不能从门户创建B2C用户,他们必须注册(或通过Graph API创建)。好的。但在注册过程中,用户会添加他们的密码。登录时,他们使用相同的密码,但根据您的基本文件接收到上述错误消息,似乎没有什么特别的。您是否将ProxyIdentityExperienceFramework应用程序错误地创建为Web应用程序/API?它将允许您注册,但当您登录时,您也将收到错误的密码错误。请参阅。@Allen,是的ProxyIdentityExperienceFramework应用程序是本机的。