使用 Azure Active Directory B2C 设置直接登录Set up direct sign-in using Azure Active Directory B2C

使用 Azure Active Directory (AD) B2C 为应用程序设置登录时,可以预填充登录名或直接登录到特定的社交标识提供者,例如 LinkedIn。When setting up sign-in for your application using Azure Active Directory (AD) B2C, you can prepopulate the sign-in name or direct sign-in to a specific social identity provider, such as LinkedIn.

预填充登录名Prepopulate the sign-in name

在登录用户旅程中,信赖方应用程序可以针对特定用户或域名。During a sign-in user journey, a relying party application may target a specific user or domain name. 当针对用户时,应用程序可以在授权请求中使用用户登录名指定 login_hint 查询参数。When targeting a user, an application can specify, in the authorization request, the login_hint query parameter with the user sign-in name. Azure AD B2C 自动填充登录名,而用户只需提供密码。Azure AD B2C automatically populates the sign-in name, while the user only needs to provide the password.

URL 中突出显示了 login_hint 查询参数的注册登录页

用户可以更改登录文本框中的值。The user is able to change the value in the sign-in textbox.

如果使用自定义策略,将重写 SelfAsserted-LocalAccountSignin-Email 技术配置文件。If you are using a custom policy, override the SelfAsserted-LocalAccountSignin-Email technical profile. <InputClaims> 节中,将 signInName 声明的 DefaultValue 设置为 {OIDC:LoginHint}In the <InputClaims> section, set the DefaultValue of the signInName claim to {OIDC:LoginHint}. {OIDC:LoginHint} 变量包含 login_hint 参数的值。The {OIDC:LoginHint} variable contains the value of the login_hint parameter. Azure AD B2C 将读取 signInName 声明的值并预填充 signInName 文本框。Azure AD B2C reads the value of the signInName claim and pre-populates the signInName textbox.

<ClaimsProvider>
  <DisplayName>Local Account</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email">
      <InputClaims>
        <!-- Add the login hint value to the sign-in names claim type -->
        <InputClaim ClaimTypeReferenceId="signInName" DefaultValue="{OIDC:LoginHint}" />
      </InputClaims>
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

将登录重定向到社交提供者Redirect sign-in to a social provider

如果已将应用程序的登录旅程配置为包括社交帐户(如 LinkedIn),则可以指定 domain_hint 参数。If you configured the sign-in journey for your application to include social accounts, such as LinkedIn, you can specify the domain_hint parameter. 此查询参数向 Azure AD B2C 提供有关应该用于登录的社交标识提供者的提示。This query parameter provides a hint to Azure AD B2C about the social identity provider that should be used for sign-in.