B2C帐户错误 - 自定义错误页面还是调整自定义策略?
这将重定向到https://< host>/microsoftidentity/account/rorry
,据我了解,该页面是
”有两种可能性,要么:
- 自定义错误页面(以某种方式);或
- 更改自定义策略,以免引发异常并显示一个自我列出的页面(防止
sendClaims)
,我尝试找到有关如何如何可能会如何找到文档捕获错误或自定义此页面 - 但到目前为止我还没有发现任何内容。在ASP.NET核心中有文档有关创建自定义错误页面 - 但在这种情况下似乎不适用:
if (app.Environment.IsDevelopment())
{
//app.UseDeveloperExceptionPage();
app.UseExceptionHandler("/Error");
}
关于选项2,我尝试更改aad-aad-findb2cuserwithaidoid技术配置文件,以便rishErrorifclaimssprincipaldoesnotexist是错误的:
<TechnicalProfile Id="AAD-FindB2CUserWithAADOid">
<Metadata>
<Item Key="Operation">Read</Item>
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">false</Item>
<Item Key="UserMessageIfClaimsPrincipalDoesNotExist">An account could not be found for the provided user ID.</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="signInNames.oidToLink" Required="true" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId"/>
<OutputClaim ClaimTypeReferenceId="extension_requiresMigrationBool"/>
<!-- account flagged for linking -->
</OutputClaims>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
</TechnicalProfile>
但这导致了真实的例外 - API调用畸形。我不确定为什么会这样。
对于这种特殊情况,我想显示一个访问拒绝的消息。但是,如果我可以为任何帐户错误创建一个风格化页面,那将是很好的。
策略还可以吗?我想念什么吗?
In the sample that links a Federated login against a pre-created Local Account. If a user does not exist, then an exception is thrown.
This redirects to https://<host>/MicrosoftIdentity/Account/Error
Which, as far as I understand, is this page here
At this stage, I assume there are two possibilities, either:
- Customise the error page (somehow); or
- Change the Custom Policy so that it doesn't throw an exception and shows a self-asserted page instead (preventing
SendClaims)
With regards to option 1, I've tried to find documentation on how I might trap the error or customise this page - but I haven't found anything so far. There is documentation in asp.net core with regards to creating a custom error page - but it doesn't seem to apply in this case:
if (app.Environment.IsDevelopment())
{
//app.UseDeveloperExceptionPage();
app.UseExceptionHandler("/Error");
}
With regards to option 2, I tried changing the AAD-FindB2CUserWithAADOid technical profile so that RaiseErrorIfClaimsPrincipalDoesNotExist is false:
<TechnicalProfile Id="AAD-FindB2CUserWithAADOid">
<Metadata>
<Item Key="Operation">Read</Item>
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">false</Item>
<Item Key="UserMessageIfClaimsPrincipalDoesNotExist">An account could not be found for the provided user ID.</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="signInNames.oidToLink" Required="true" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId"/>
<OutputClaim ClaimTypeReferenceId="extension_requiresMigrationBool"/>
<!-- account flagged for linking -->
</OutputClaims>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
</TechnicalProfile>
But that resulted in a genuine exception - the api call becomes malformed. I'm not sure why this would be the case.
For this particular circumstance, I'd like to display an Access Denied message. But it would be nice if I could create a stylised page for any Account Error.
Is either strategy okay? Am I missing something?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我已经将以下内容介绍给我的
program.cs:在没有找到用户的情况下(在我的情况下,尚未预先创建它们),则将显示它们“访问被拒绝”页面。这意味着其他错误将像往常一样遇到。
我仍然不确定这是否是可接受的解决方案。
I've introduced the following to my
Program.cs:In the case where the user isn't found (in my case, they haven't been pre-created) then they'll be shown the "Access Denied" page. Which means other errors will come through as they always have.
I'm still not sure if this is an acceptable solution.