仅允许某些用户使用具有 Azure AD B2C 授权的应用程序进行注册
Only allow certain users to sign up using app which has Azure AD B2C for authorization
我们正在推出一个应用程序,但只允许我们想要的人注册。有没有办法控制谁可以注册,如果可以,如何注册?我们正在使用 Azure AD B2C 进行注册和登录。如果您需要更多信息,请告诉我。
Azure AD B2C 不支持通过内置策略限制注册,因此您必须使用其中任何一个两个选项:
使用 Custom Policies to inject an extra step in the authentication flow. You would use the approach outlined in the "Integrate REST API claims exchanges in your Azure AD B2C user journeys as validation on user input" documentation 调用您在 return true/false 处创建的 REST API 指示用户是否应该是否允许注册。这个 API 需要您自己实现。
完全从您的应用程序执行此操作。Azure AD B2C 将允许所有用户注册。您将创建一个 custom user attribute indicating with a flag isAllowed or something like that. Lastly, you'd configure your sign up or unified sign in / sign up policy's application claims to send the 'User is new' claim. With this configuration in place, your application would check for the newUser claim and if that's true, perform the extra check to make sure the user is allowed in. If so, let the through and update isAllowed to true, otherwise set isAllowed to false and prevent them from using the application. Alternatively, you can not use isAllowed and simply delete users after the newUser check if they are not allowed in the application. Either approach, updating isAllowed or deleting the user, would require you to have your backend use the Azure AD Graph API.
中首先请求 class 支持此功能
我们正在推出一个应用程序,但只允许我们想要的人注册。有没有办法控制谁可以注册,如果可以,如何注册?我们正在使用 Azure AD B2C 进行注册和登录。如果您需要更多信息,请告诉我。
Azure AD B2C 不支持通过内置策略限制注册,因此您必须使用其中任何一个两个选项:
使用 Custom Policies to inject an extra step in the authentication flow. You would use the approach outlined in the "Integrate REST API claims exchanges in your Azure AD B2C user journeys as validation on user input" documentation 调用您在 return true/false 处创建的 REST API 指示用户是否应该是否允许注册。这个 API 需要您自己实现。
完全从您的应用程序执行此操作。Azure AD B2C 将允许所有用户注册。您将创建一个 custom user attribute indicating with a flag
isAllowedor something like that. Lastly, you'd configure your sign up or unified sign in / sign up policy's application claims to send the 'User is new' claim. With this configuration in place, your application would check for thenewUserclaim and if that's true, perform the extra check to make sure the user is allowed in. If so, let the through and updateisAllowedto true, otherwise setisAllowedto false and prevent them from using the application. Alternatively, you can not useisAllowedand simply delete users after thenewUsercheck if they are not allowed in the application. Either approach, updatingisAllowedor deleting the user, would require you to have your backend use the Azure AD Graph API.