Skip to content

Latest commit

 

History

History

pwd-reset-email-exists

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

Password Reset verification code only sent if email is registered

Demonstrate how to use a display control to send verification code to users only if the email is registered against a user in the directory.

Live demo

To test the policy, follow these steps:

  1. If you don't have an account, create a local account with your email address.
  2. Run the B2C_1A_Demo_PasswordReset_AccountExists policy to reset the password.
  3. Perform the following test:
    1. In the Email Address provide an email address that is not registered in that directory. For example, [email protected], and select Send verification code. You should get an error message that the email address is not registered in the system.
    2. Run the B2C_1A_Demo_PasswordReset_AccountExists policy again. This time type the email address your register in the first step. Complete the password reset process.

Prerequisites

How it works

Before generating and sending a verification code, we first take the users email and lookup the directory for a user. If a user is returned we will have the objectId claim in the claims bag.

Using a precondition, on the basis of the objectId existing in the claims bag, we will send out the verification code. The XML snippet below demonstrates this.

<Action Id="SendCode">
<ValidationClaimsExchange>
    <ValidationClaimsExchangeTechnicalProfile TechnicalProfileReferenceId="AAD-UserReadUsingEmailAddress-emailAddress" />
    <ValidationClaimsExchangeTechnicalProfile TechnicalProfileReferenceId="AadSspr-SendCode">
    <Preconditions>
        <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
        <Value>objectId</Value>
        <Action>SkipThisValidationTechnicalProfile</Action>
        </Precondition>
    </Preconditions>
    </ValidationClaimsExchangeTechnicalProfile>
</ValidationClaimsExchange>
</Action>

Community Help and Support

Use Stack Overflow to get support from the community. Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [azure-ad-b2c]. If you find a bug in the sample, please raise the issue on GitHub Issues. To provide product feedback, visit the Azure Active Directory B2C Feedback page.