Azure B2C自定义策略在密码重置时添加用户帮助文本

Question

我实现了自助服务密码重置和密码过期90天后，我问我如何包括一条消息，以通知用户时，他们正在作出的改变。

密码重置

目前，当建议更改密码时(特别是当密码过期时)，用户不会被通知原因，我想在密码字段的上方插入文本。

我共享依赖方文件：https://easyupload.io/a4tclj

这是我的扩展名：

“”“

<BasePolicy>
    <TenantId>b2c.onmicrosoft.com</TenantId>
    <PolicyId>B2C_1A_TrustFrameworkLocalization</PolicyId>
  </BasePolicy>
  <!--   <BuildingBlocks>
    <ClaimsSchema>
    </ClaimsSchema>
  </BuildingBlocks> -->
  <ClaimsProviders>
    <ClaimsProvider>
      <DisplayName>Facebook</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="Facebook-OAUTH">
          <Metadata>
            <Item Key="client_id">facebook_clientid</Item>
            <Item Key="scope">email public_profile</Item>
            <Item Key="ClaimsEndpoint">https://graph.facebook.com/me?fields=id,first_name,last_name,name,email</Item>
          </Metadata>
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>
    <ClaimsProvider>
      <DisplayName>Token Issuer</DisplayName>
      <TechnicalProfiles>
        <!-- SAML Token Issuer technical profile -->
        <TechnicalProfile Id="Saml2AssertionIssuer">
          <DisplayName>Token Issuer</DisplayName>
          <Protocol Name="SAML2" />
          <OutputTokenFormat>SAML2</OutputTokenFormat>
          <CryptographicKeys>
            <Key Id="SamlAssertionSigning" StorageReferenceId="B2C_1A_SAML" />
            <Key Id="SamlMessageSigning" StorageReferenceId="B2C_1A_SAML" />
          </CryptographicKeys>
          <InputClaims />
          <OutputClaims />
          <UseTechnicalProfileForSessionManagement ReferenceId="SM-Saml-issuer" />
        </TechnicalProfile>
        <!-- Session management technical profile for SAML-based tokens -->
        <TechnicalProfile Id="SM-Saml-issuer">
          <DisplayName>Session Management Provider</DisplayName>
          <Protocol Name="Proprietary" Handler="Web.TPEngine.SSO.SamlSSOSessionProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>
    <ClaimsProvider>
      <DisplayName>Local Account SignIn</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="login-NonInteractive">
          <Metadata>
            <!-- ProxyIdentityExperienceFrameworkAppId -->
            <Item Key="client_id">1257aca9-6111-abcs-adca-d740612012fa</Item>
            <!-- IdentityExperienceFrameworkAppId -->
            <Item Key="IdTokenAudience">10f6e761-c111-dadd-acv0-affb3875cdaf</Item>
          </Metadata>
          <InputClaims>
            <!-- ProxyIdentityExperienceFrameworkAppId -->
            <InputClaim ClaimTypeReferenceId="client_id" DefaultValue="1257aca9-6111-abcs-adca-d740612012fa" />
            <!-- IdentityExperienceFrameworkAppId -->
            <InputClaim ClaimTypeReferenceId="resource_id" PartnerClaimType="resource" DefaultValue="10f6e761-c111-dadd-acv0-affb3875cdaf" />
          </InputClaims>
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>
    <ClaimsProvider>
      <DisplayName>Local Account</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="LocalAccountWritePasswordUsingObjectId">
          <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>
    <ClaimsProvider>
      <DisplayName>Azure Active Directory</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="AAD-Common">
          <Metadata>
            <!--Insert b2c-extensions-app application ID here, for example: 11111111-1111-1111-1111-111111111111-->
            <Item Key="ClientId">83axdc56-1aaa-4bbb-a666-4589cbb7a212</Item>
            <!--Insert b2c-extensions-app application ObjectId here, for example: 22222222-2222-2222-2222-222222222222-->
            <Item Key="ApplicationObjectId">8d93c18a-d111-4fff-8aaa-43ebedadd5b1</Item>
          </Metadata>
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>
  </ClaimsProviders>
  <!--UserJourneys>
  </UserJourneys-->

“”“

Answer 1

您可以使用类似的东西在强制密码更改期间显示一条消息。下面的样本是从github的蔚蓝广告-B2C样品中提取的。策略/强制-密码-重置

ClaimType

<ClaimType Id="userMsg">
    <DisplayName></DisplayName>
    <DataType>string</DataType>
    <AdminHelpText>A claim responsible for holding user messages</AdminHelpText>
    <UserInputType>Paragraph</UserInputType>
</ClaimType>   

技术概况

<TechnicalProfile Id="SelfAsserted-ForcePasswordReset-ExpiredPassword">
    <DisplayName>Password Expired</DisplayName>
    <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
    <Metadata>
        <Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
        <Item Key="UserMessageIfClaimsTransformationBooleanValueIsNotEqual">Please enter a different password</Item>
    </Metadata>
    <InputClaims>
        <InputClaim ClaimTypeReferenceId="userMsg" DefaultValue="Your password has expired, please change to a new password." />
    </InputClaims>
    <DisplayClaims>
        <DisplayClaim ClaimTypeReferenceId="userMsg" />
        <DisplayClaim ClaimTypeReferenceId="password" Required="true" />
        <DisplayClaim ClaimTypeReferenceId="newPassword" Required="true" />
        <DisplayClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
    </DisplayClaims>
    <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="objectId" />
    </OutputClaims>
    <ValidationTechnicalProfiles>
        <!-- 1) validate the old password. 2) Assert whether the new password is different than the old one.
                 3) get the user object ID 4) persist the new password to the directory, and reset the force reset password next logon. -->
        <ValidationTechnicalProfile ReferenceId="login-NonInteractive" />
        <ValidationTechnicalProfile ReferenceId="ThrowErrorWhenPassowrdIsSame" />
        <ValidationTechnicalProfile ReferenceId="AAD-UserReadUsingSignInName" />
        <ValidationTechnicalProfile ReferenceId="AAD-UserWritePasswordUsingObjectId-ResetNextLogin" />
    </ValidationTechnicalProfiles>
    <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
</TechnicalProfile>