问题
When using Sign-in policies, there is a password reset link => "Can’t access your account". By click on this link, the users get Microsoft's out-of-the-box password reset process in which they are presented with a CAPTCHA to receive validation code and for which I can require MFA.
I want to reuse this feature on the unified "Sign-up or sign-in" policies which present a different link for this => "Forgot your password". I want that link to redirect to Microsoft's out-of-the-box password reset functionality as well.
I am not sure if this possible. If this is not possible, can I construct the link on "Sign-up or sign-in" response handler. I just want to see if anyone done this before or this not good approach.
回答1:
Doesn't work that way by design. Since you could have multiple reset policies to think about (different tenants, etc.) when you click on forgot password, they return to your code so you can decide what to do.
I want to do what you're proposing, too. But as I understand it, it can't be done. There are a lot of samples on what to put in your code to handle the "forgot" error when it comes back.
In the end, I just did what they suggested and gave up.
回答2:
I could use the link to reset password but I will get error at the end. What I did was by making a request to "Sign-in" policy and extract the "Can’t access your account" link and append my company brand.
This worked until the last step. It showed me my company brand. It allowed me to reset my password but at the end it will through error. And I was not be able to auto login. If I re-login with reset password it works.
I realized that getting the link is not enough as the CTX query string in the link is generated for for "Sign-in" policy and I am trying to use it in "Sign-up or sign-in". Long story short, "Can’t access your account" is for "Sign-in" Policy and can't be used for other policy.
回答3:
You can use the password reset policy that is part of B2C. However, when you click in the signin/signup policy on the password reset link, you have to handle an exception and redirect in your code to the password reset policy. When registering the OpenID connection, create an OpenIdConnectEvents instance and handle the failure. When the failure message contains AADB2C90118 , then redirect to the password reset policy.
来源:https://stackoverflow.com/questions/42213556/changing-azure-ad-b2c-sign-up-or-sign-in-policiess-forgot-password-link