在Azure AD B2C自定义策略中验证电子邮件地址以限制特定域名的最佳方法是什么?

vatpfxk5  于 2023-11-21  发布在  其他
关注(0)|答案(1)|浏览(146)

我们有一个要求,以限制域(假设gmail.com)不被用户在注册流程中使用。对于电子邮件地址验证,我们在自定义策略中使用正则表达式。

<ClaimType Id="email">
        <Restriction>
      <Pattern RegularExpression="^(?![a-zA-Z0-9.!#$%&amp;'^_`{}~\-]+@(gmail.com))" HelpText="Please enter an allowed email address." />
        </Restriction>

字符串
但是当用户尝试输入email protected(https://stackoverflow.com/cdn-cgi/l/email-protection)时,在电子邮件验证步骤中验证失败,因为正则表达式不区分大小写。请建议更好的方法来处理它。

o4hqfura

o4hqfura1#

我找到了一些解决方案,有多个技术配置文件。
1.触发“ChangeCase”声明转换的技术概要文件,将电子邮件地址转换为邮箱。

<ClaimsTransformation Id="ChangeToLower" 
 TransformationMethod="ChangeCase">
 <InputClaims>
 <InputClaim ClaimTypeReferenceId="email" 
 TransformationClaimType="inputClaim1" />
 </InputClaims>
 <InputParameters>
 <InputParameter Id="toCase" DataType="string" Value="LOWER"/>
 </InputParameters>
 <OutputClaims>
 <OutputClaim ClaimTypeReferenceId="email" 
  TransformationClaimType="outputClaim" />
  </OutputClaims>
  </ClaimsTransformation>

字符串
技术资料

<TechnicalProfiles>
     <TechnicalProfile Id="TP-ChangeEmailCaseToLower">
    <DisplayName>Check Company validity </DisplayName>
    <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
    <InputClaims>
        <InputClaim ClaimTypeReferenceId="email"/>
     </InputClaims>
    <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="email"/>
    </OutputClaims>
    <OutputClaimsTransformations>
        <OutputClaimsTransformation ReferenceId="ChangeToLower"/>
    </OutputClaimsTransformations>
</TechnicalProfile>


1.触发“ParseDomain”声明转换的技术配置文件。

<ClaimsTransformation Id="SetDomainName" 
 TransformationMethod="ParseDomain">
 <InputClaims>
 <InputClaim ClaimTypeReferenceId="email" 
 TransformationClaimType="emailAddress" />
 </InputClaims>
 <OutputClaims>
 <OutputClaim ClaimTypeReferenceId="domainName" 
 TransformationClaimType="domain" />
 </OutputClaims>
 </ClaimsTransformation>

  <TechnicalProfile Id="TP-ParseDomianName">
   <DisplayName>Unit test</DisplayName>
   <InputClaims>
     <InputClaim ClaimTypeReferenceId="email"/>
  </InputClaims>
   <OutputClaims>
     <OutputClaim ClaimTypeReferenceId="domainName" />
   </OutputClaims>
   <OutputClaimsTransformations>
     <OutputClaimsTransformation ReferenceId="SetDomainName" 
     />
   </OutputClaimsTransformations>
 </TechnicalProfile>


1.将域名声明与值“gmail.com“进行比较

<ClaimsTransformation Id="CompareEmailCalimToValue" 
 TransformationMethod="CompareClaimToValue">
 <InputClaims>
 <InputClaim ClaimTypeReferenceId="domainName" 
  TransformationClaimType="inputClaim1" />
 </InputClaims>
  <InputParameters>
  <InputParameter Id="compareTo" DataType="string" 
   Value="gmail.com" />
  <InputParameter Id="operator" DataType="string" Value="not 
  equal" />
 <InputParameter Id="ignoreCase" DataType="string" Value="true" 
   />
<TechnicalProfile Id="TP-ParseDomianNameClaimCheck">
   <DisplayName>Unit test</DisplayName>
   <Protocol Name="Proprietary" 
 Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
   <InputClaims>
     <InputClaim ClaimTypeReferenceId="domainName"/>
  </InputClaims>
   <OutputClaims>
     <OutputClaim ClaimTypeReferenceId="isDomainMatches"/>          
   </OutputClaims>
   <OutputClaimsTransformations>
     <OutputClaimsTransformation ReferenceId="CompareEmailCalimToValue" />
   </OutputClaimsTransformations>
 </TechnicalProfile>

的字符串
1.AssertBooleanClaim(isDomainMatches)IsEqual To Value

<ClaimsTransformation Id="AssertEmailDomainIsTrue" 
 TransformationMethod="AssertBooleanClaimIsEqualToValue">
 <InputClaims>
 <InputClaim ClaimTypeReferenceId="isDomainMatches" 
  TransformationClaimType="inputClaim" />
 </InputClaims>
 <InputParameters>
 <InputParameter Id="valueToCompareTo" DataType="boolean" 
  Value="true" />
 </InputParameters>
</ClaimsTransformation>


   <TechnicalProfile Id="Example-AssertBoolean">
 <DisplayName>Unit test</DisplayName>
 <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
 <OutputClaims>
   <OutputClaim ClaimTypeReferenceId="ComparisonResult" DefaultValue="false"/>
 </OutputClaims>
 <OutputClaimsTransformations>
   <OutputClaimsTransformation ReferenceId="AssertEmailDomainIsTrue" />
 </OutputClaimsTransformations>
 <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />


使用ValidationTechnicalProfile

<TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
          <Metadata>
            <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
            <Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
            <Item Key="UserMessageIfClaimsTransformationBooleanValueIsNotEqual">The Montgomery County work E-Address are not accepted.</Item>
          </Metadata>
     ..........
           <ValidationTechnicalProfiles>
    <ValidationTechnicalProfile ReferenceId="TP-ChangeEmailCaseToLower" ContinueOnError="false"/>
         <ValidationTechnicalProfile ReferenceId="TP-ParseDomianName" ContinueOnError="false" />
          <ValidationTechnicalProfile ReferenceId="TP-ParseDomianNameClaimCheck" ContinueOnError="false"/>
          <ValidationTechnicalProfile ReferenceId="Example-AssertBoolean" ContinueOnError="false"/>
     
            <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" >        
       </ValidationTechnicalProfiles>
         </TechnicalProfile>

相关问题