常规声明转换General claims transformations

备注

在 Azure Active Directory B2C 中,custom policies 主要用于解决复杂方案。In Azure Active Directory B2C, custom policies are designed primarily to address complex scenarios. 大多数情况下,建议使用内置的用户流For most scenarios, we recommend that you use built-in user flows.

本文提供了有关在 Azure Active Directory B2C (Azure AD B2C) 中使用 Identity Experience Framework 架构的常规声明转换的示例。This article provides examples for using general claims transformations of the Identity Experience Framework schema in Azure Active Directory B2C (Azure AD B2C). 有关详细信息,请参阅 ClaimsTransformationsFor more information, see ClaimsTransformations.

CopyClaimCopyClaim

将声明的值复制到另一个声明。Copy value of a claim to another. 这两个声明的类型必须相同。Both claims must be from the same type.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim inputClaiminputClaim string, intstring, int 要复制的声明类型。The claim type which is to be copied.
OutputClaimOutputClaim outputClaimoutputClaim string, intstring, int 调用此 ClaimsTransformation 后生成的 ClaimType。The ClaimType that is produced after this ClaimsTransformation has been invoked.

使用此声明转换可以将字符串或数值声明中的值复制到另一个声明。Use this claims transformation to copy a value from a string or numeric claim, to another claim. 以下示例将 externalEmail 声明值复制到电子邮件声明。The following example copies the externalEmail claim value to email claim.

<ClaimsTransformation Id="CopyEmailAddress" TransformationMethod="CopyClaim">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="externalEmail" TransformationClaimType="inputClaim"/>
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="email" TransformationClaimType="outputClaim"/>
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • inputClaim: bob@contoso.cominputClaim: bob@contoso.com
  • 输出声明:Output claims:
    • outputClaim: bob@contoso.comoutputClaim: bob@contoso.com

DoesClaimExistDoesClaimExist

检查 inputClaim 是否存在并将 outputClaim 相应地设置为 true 或 false。Checks if the inputClaim exists or not and sets outputClaim to true or false accordingly.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim inputClaiminputClaim 任意Any 需要验证是否存在的输入声明。The input claim whose existence needs to be verified.
OutputClaimOutputClaim outputClaimoutputClaim booleanboolean 调用此 ClaimsTransformation 后生成的 ClaimType。The ClaimType that is produced after this ClaimsTransformation has been invoked.

使用此声明转换检查声明是否存在或是否包含任何值。Use this claims transformation to check if a claim exists or contains any value. 返回值是指示声明是否存在的布尔值。The return value is a boolean that indicates whether the claim exists. 以下示例检查电子邮件地址是否存在。Following example checks if the email address exists.

<ClaimsTransformation Id="CheckIfEmailPresent" TransformationMethod="DoesClaimExist">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="inputClaim" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="isEmailPresent" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • inputClaim: someone@contoso.cominputClaim: someone@contoso.com
  • 输出声明:Output claims:
    • outputClaim: trueoutputClaim: true

哈希Hash

使用加密盐和机密对提供的纯文本执行哈希。Hash the provided plain text using the salt and a secret. 使用的哈希算法是 SHA-256。The hashing algorithm used is SHA-256.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim 明文plaintext stringstring 要加密的输入声明The input claim to be encrypted
InputClaimInputClaim 加密盐salt stringstring 加密盐参数。The salt parameter. 可以使用 CreateRandomString 声明转换创建随机值。You can create a random value, using CreateRandomString claims transformation.
InputParameterInputParameter randomizerSecretrandomizerSecret stringstring 指向现有的 Azure AD B2C 策略密钥Points to an existing Azure AD B2C policy key. 若要创建新策略密钥,请执行以下操作:在 Azure AD B2C 租户的管理下,选择 Identity Experience FrameworkTo create a new policy key: In your Azure AD B2C tenant, under Manage, select Identity Experience Framework. 选择“策略密钥”,以查看租户中的可用密钥。 Select Policy keys to view the keys that are available in your tenant. 选择“添加” 。Select Add. 对于“选项”,请选择“手动” 。For Options, select Manual. 提供名称(可能会自动添加前缀 B2C_1A_ )。Provide a name (the prefix B2C_1A_ might be added automatically.). 在“机密” 文本框中,输入要使用的任何机密,如 1234567890。In the Secret text box, enter any secret you want to use, such as 1234567890. 对于“密钥用法”,请选择“签名” 。For Key usage, select Signature. 选择“创建” 。Select Create.
OutputClaimOutputClaim hashhash stringstring 调用此声明转换后生成的 ClaimType。The ClaimType that is produced after this claims transformation has been invoked. plaintext inputClaim 中配置的声明。The claim configured in the plaintext inputClaim.
<ClaimsTransformation Id="HashPasswordWithEmail" TransformationMethod="Hash">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="password" TransformationClaimType="plaintext" />
    <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="salt" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="randomizerSecret" DataType="string" Value="B2C_1A_AccountTransformSecret" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="hashedPassword" TransformationClaimType="hash" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • plaintext: MyPass@word1plaintext: MyPass@word1
    • 加密盐:487624568salt: 487624568
    • randomizerSecret:B2C_1A_AccountTransformSecretrandomizerSecret: B2C_1A_AccountTransformSecret
  • 输出声明:Output claims:
    • outputClaim:CdMNb/KTEfsWzh9MR1kQGRZCKjuxGMWhA5YQNihzV6U=outputClaim: CdMNb/KTEfsWzh9MR1kQGRZCKjuxGMWhA5YQNihzV6U=