Demonstrate how to use a display control to send verification code to users only if the email is registered against a user in the directory.
To test the policy, follow these steps:
- If you don't have an account, create a local account with your email address.
- Run the B2C_1A_Demo_PasswordReset_AccountExists policy to reset the password.
- Perform the following test:
- In the Email Address provide an email address that is not registered in that directory. For example,
[email protected]
, and select Send verification code. You should get an error message that the email address is not registered in the system. - Run the B2C_1A_Demo_PasswordReset_AccountExists policy again. This time type the email address your register in the first step. Complete the password reset process.
- In the Email Address provide an email address that is not registered in that directory. For example,
-
You can automate the pre requisites by visiting the setup tool if you already have an Azure AD B2C tenant. Some policies can be deployed directly through this app via the Experimental menu.
-
You will require to create an Azure AD B2C directory.
-
To use the sample policies in this repo, follow the instructions here to setup your AAD B2C environment for Custom Policies.
Before generating and sending a verification code, we first take the users email and lookup the directory for a user. If a user is returned we will have the objectId claim in the claims bag.
Using a precondition, on the basis of the objectId existing in the claims bag, we will send out the verification code. The XML snippet below demonstrates this.
<Action Id="SendCode">
<ValidationClaimsExchange>
<ValidationClaimsExchangeTechnicalProfile TechnicalProfileReferenceId="AAD-UserReadUsingEmailAddress-emailAddress" />
<ValidationClaimsExchangeTechnicalProfile TechnicalProfileReferenceId="AadSspr-SendCode">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="false">
<Value>objectId</Value>
<Action>SkipThisValidationTechnicalProfile</Action>
</Precondition>
</Preconditions>
</ValidationClaimsExchangeTechnicalProfile>
</ValidationClaimsExchange>
</Action>
Use Stack Overflow to get support from the community. Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [azure-ad-b2c]. If you find a bug in the sample, please raise the issue on GitHub Issues. To provide product feedback, visit the Azure Active Directory B2C Feedback page.