字符串声明转换String claims transformations

备注

在 Azure Active Directory B2C 中,custom policies 主要用于解决复杂方案。In Azure Active Directory B2C, custom policies are designed primarily to address complex scenarios. 大多数情况下,建议使用内置的用户流For most scenarios, we recommend that you use built-in user flows.

本文提供了在 Azure Active Directory B2C (Azure AD B2C) 中使用标识体验框架架构的字符串声明转换的示例。This article provides examples for using the string claims transformations of the Identity Experience Framework schema in Azure Active Directory B2C (Azure AD B2C). 有关详细信息,请参阅 ClaimsTransformationsFor more information, see ClaimsTransformations.

AssertStringClaimsAreEqualAssertStringClaimsAreEqual

比较两个声明,如果根据指定的比较 inputClaim1、inputClaim2 和 stringComparison 它们不相等,将引发异常。Compare two claims, and throw an exception if they are not equal according to the specified comparison inputClaim1, inputClaim2 and stringComparison.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim inputClaim1inputClaim1 stringstring 要比较的第一个声明的类型。First claim's type, which is to be compared.
InputClaimInputClaim inputClaim2inputClaim2 stringstring 要比较的第二个声明的类型。Second claim's type, which is to be compared.
InputParameterInputParameter stringComparisonstringComparison stringstring 字符串比较,值为下列其中一项:Ordinal、OrdinalIgnoreCase。string comparison, one of the values: Ordinal, OrdinalIgnoreCase.

AssertStringClaimsAreEqual 声明转换始终从验证技术配置文件执行,该文件由自断言技术配置文件DisplayConrtol 调用。The AssertStringClaimsAreEqual claims transformation is always executed from a validation technical profile that is called by a self-asserted technical profile, or a DisplayConrtol. 自断言技术配置文件的 UserMessageIfClaimsTransformationStringsAreNotEqual 元数据控制向用户显示的错误消息。The UserMessageIfClaimsTransformationStringsAreNotEqual metadata of a self-asserted technical profile controls the error message that is presented to the user. 错误消息可以本地化The error messages can be localized.

AssertStringClaimsAreEqual 执行

可以使用此声明转换来确保两个 ClaimTypes 具有相同的值。You can use this claims transformation to make sure, two ClaimTypes have the same value. 如果没有,则会引发错误消息。If not, an error message is thrown. 以下示例检查 strongAuthenticationEmailAddress ClaimType 是否等同于 email ClaimType,The following example checks that the strongAuthenticationEmailAddress ClaimType is equal to email ClaimType. 否则会引发错误消息。Otherwise an error message is thrown.

<ClaimsTransformation Id="AssertEmailAndStrongAuthenticationEmailAddressAreEqual" TransformationMethod="AssertStringClaimsAreEqual">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="strongAuthenticationEmailAddress" TransformationClaimType="inputClaim1" />
    <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="inputClaim2" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="stringComparison" DataType="string" Value="ordinalIgnoreCase" />
  </InputParameters>
</ClaimsTransformation>

login-NonInteractive 验证技术配置文件调用 AssertEmailAndStrongAuthenticationEmailAddressAreEqual 声明转换。The login-NonInteractive validation technical profile calls the AssertEmailAndStrongAuthenticationEmailAddressAreEqual claims transformation.

<TechnicalProfile Id="login-NonInteractive">
  ...
  <OutputClaimsTransformations>
    <OutputClaimsTransformation ReferenceId="AssertEmailAndStrongAuthenticationEmailAddressAreEqual" />
  </OutputClaimsTransformations>
</TechnicalProfile>

自断言技术配置文件调用验证 login-NonInteractive 技术配置文件。The self-asserted technical profile calls the validation login-NonInteractive technical profile.

<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email">
  <Metadata>
    <Item Key="UserMessageIfClaimsTransformationStringsAreNotEqual">Custom error message the email addresses you provided are not the same.</Item>
  </Metadata>
  <ValidationTechnicalProfiles>
    <ValidationTechnicalProfile ReferenceId="login-NonInteractive" />
  </ValidationTechnicalProfiles>
</TechnicalProfile>

示例Example

  • 输入声明:Input claims:
    • inputClaim1: someone@contoso.cominputClaim1: someone@contoso.com
    • inputClaim2: someone@outlook.cominputClaim2: someone@outlook.com
  • 输入参数:Input parameters:
    • stringComparison: ordinalIgnoreCasestringComparison: ordinalIgnoreCase
  • 结果:引发错误Result: Error thrown

ChangeCaseChangeCase

将所提供的声明更改为小写或大写,具体要取决于运算符。Changes the case of the provided claim to lower or upper case depending on the operator.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim inputClaim1inputClaim1 stringstring 要更改的 ClaimType。The ClaimType to be changed.
InputParameterInputParameter toCasetoCase stringstring 以下值之一:LOWERUPPEROne of the following values: LOWER or UPPER.
OutputClaimOutputClaim outputClaimoutputClaim stringstring 调用此声明转换后生成的 ClaimType。The ClaimType that is produced after this claims transformation has been invoked.

使用此声明转换将任何字符串 ClaimType 更改为小写或大写。Use this claim transformation to change any string ClaimType to lower or upper case.

<ClaimsTransformation Id="ChangeToLower" TransformationMethod="ChangeCase">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="inputClaim1" />
  </InputClaims>
<InputParameters>
  <InputParameter Id="toCase" DataType="string" Value="LOWER" />
</InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="email" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • email: SomeOne@contoso.comemail: SomeOne@contoso.com
  • 输入参数:Input parameters:
    • toCase:LOWERtoCase: LOWER
  • 输出声明:Output claims:
    • email: someone@contoso.comemail: someone@contoso.com

CreateStringClaimCreateStringClaim

基于转换中提供的输入参数创建字符串声明。Creates a string claim from the provided input parameter in the transformation.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputParameterInputParameter valuevalue stringstring 要设置的字符串。The string to be set. 此输入参数支持字符串声明转换表达式This input parameter supports string claims transformation expressions.
OutputClaimOutputClaim createdClaimcreatedClaim stringstring 调用此声明转换后生成的 ClaimType,其值在输入参数中指定。The ClaimType that is produced after this claims transformation has been invoked, with the value specified in the input parameter.

使用此声明转换设置一个字符串 ClaimType 值。Use this claims transformation to set a string ClaimType value.

<ClaimsTransformation Id="CreateTermsOfService" TransformationMethod="CreateStringClaim">
  <InputParameters>
    <InputParameter Id="value" DataType="string" Value="Contoso terms of service..." />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="TOS" TransformationClaimType="createdClaim" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入参数:Input parameter:
    • value:Contoso 服务条款...value: Contoso terms of service...
  • 输出声明:Output claims:
    • createdClaim:TOS ClaimType 包含“Contoso 服务条款...”值。createdClaim: The TOS ClaimType contains the "Contoso terms of service..." value.

CompareClaimsCompareClaims

确定一个字符串声明是否等于另一个字符串声明。Determine whether one string claim is equal to another. 结果是新布尔型 ClaimType,值为 truefalseThe result is a new boolean ClaimType with a value of true or false.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim inputClaim1inputClaim1 stringstring 要比较的第一个声明类型。First claim type, which is to be compared.
InputClaimInputClaim inputClaim2inputClaim2 stringstring 要比较的第二个声明类型。Second claim type, which is to be compared.
InputParameterInputParameter operatoroperator stringstring 可能的值:EQUALNOT EQUALPossible values: EQUAL or NOT EQUAL.
InputParameterInputParameter ignoreCaseignoreCase booleanboolean 指定此比较是否应忽略所比较字符串的大小写。Specifies whether this comparison should ignore the case of the strings being compared.
OutputClaimOutputClaim outputClaimoutputClaim booleanboolean 调用此声明转换后生成的 ClaimType。The ClaimType that is produced after this claims transformation has been invoked.

使用此声明转换检查一个声明是否等于另一个声明。Use this claims transformation to check if a claim is equal to another claim. 例如,以下声明转换检查 email 声明的值是否等于 Verified.Email 声明的值。For example, the following claims transformation checks if the value of the email claim is equal to the Verified.Email claim.

<ClaimsTransformation Id="CheckEmail" TransformationMethod="CompareClaims">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="Email" TransformationClaimType="inputClaim1" />
    <InputClaim ClaimTypeReferenceId="Verified.Email" TransformationClaimType="inputClaim2" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="operator" DataType="string" Value="NOT EQUAL" />
    <InputParameter Id="ignoreCase" DataType="string" Value="true" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="SameEmailAddress" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • inputClaim1: someone@contoso.cominputClaim1: someone@contoso.com
    • inputClaim2: someone@outlook.cominputClaim2: someone@outlook.com
  • 输入参数:Input parameters:
    • operator:不等于operator: NOT EQUAL
    • ignoreCase: trueignoreCase: true
  • 输出声明:Output claims:
    • outputClaim: trueoutputClaim: true

CompareClaimToValueCompareClaimToValue

确定声明值是否等于输入参数值。Determines whether a claim value is equal to the input parameter value.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim inputClaim1inputClaim1 stringstring 要比较的声明类型。The claim's type, which is to be compared.
InputParameterInputParameter operatoroperator stringstring 可能的值:EQUALNOT EQUALPossible values: EQUAL or NOT EQUAL.
InputParameterInputParameter compareTocompareTo stringstring 字符串比较,值为下列其中一项:Ordinal、OrdinalIgnoreCase。string comparison, one of the values: Ordinal, OrdinalIgnoreCase.
InputParameterInputParameter ignoreCaseignoreCase booleanboolean 指定此比较是否应忽略所比较字符串的大小写。Specifies whether this comparison should ignore the case of the strings being compared.
OutputClaimOutputClaim outputClaimoutputClaim booleanboolean 调用此声明转换后生成的 ClaimType。The ClaimType that is produced after this claims transformation has been invoked.

可以使用此声明转换检查一个声明是否等于指定的值。You can use this claims transformation to check if a claim is equal to a value you specified. 例如,以下声明转换将检查 termsOfUseConsentVersion 声明的值是否等于 v1For example, the following claims transformation checks if the value of the termsOfUseConsentVersion claim is equal to v1.

<ClaimsTransformation Id="IsTermsOfUseConsentRequiredForVersion" TransformationMethod="CompareClaimToValue">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="termsOfUseConsentVersion" TransformationClaimType="inputClaim1" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="compareTo" DataType="string" Value="V1" />
    <InputParameter Id="operator" DataType="string" Value="not equal" />
    <InputParameter Id="ignoreCase" DataType="string" Value="true" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="termsOfUseConsentRequired" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • inputClaim1: v1inputClaim1: v1
  • 输入参数:Input parameters:
    • compareTo:V1compareTo: V1
    • operator:EQUALoperator: EQUAL
    • ignoreCase: trueignoreCase: true
  • 输出声明:Output claims:
    • outputClaim: trueoutputClaim: true

CreateRandomStringCreateRandomString

使用随机数生成器创建随机字符串。Creates a random string using the random number generator. 如果随机数生成器是 integer 类型,则可以选择提供种子参数和最大数。If the random number generator is of type integer, optionally a seed parameter and a maximum number may be provided. 可选字符串格式参数允许使用它来格式化输出,可选的 base64 参数指定输出是否为 base64 编码的 encoded randomGeneratorType [guid, integer] outputClaim(字符串)。An optional string format parameter allows the output to be formatted using it, and an optional base64 parameter specifies whether the output is base64 encoded randomGeneratorType [guid, integer] outputClaim (String).

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputParameterInputParameter randomGeneratorTyperandomGeneratorType stringstring 指定要生成的随机值,GUID(全局唯一 ID)或 INTEGER(数字)。Specifies the random value to be generated, GUID (global unique ID) or INTEGER (a number).
InputParameterInputParameter stringFormatstringFormat stringstring [可选]格式化随机值。[Optional] Format the random value.
InputParameterInputParameter base64base64 booleanboolean [可选]将随机值转换为 base64。[Optional] Convert the random value to base64. 如果应用字符串格式,则字符串格式之后的值将被编码为 base64。If string format is applied, the value after string format is encoded to base64.
InputParameterInputParameter maximumNumbermaximumNumber intint [可选]仅限 INTEGER randomGeneratorType。[Optional] For INTEGER randomGeneratorType only. 指定最大数。Specify the maximum number.
InputParameterInputParameter seedseed intint [可选]仅限 INTEGER randomGeneratorType。[Optional] For INTEGER randomGeneratorType only. 指定随机值的种子。Specify the seed for the random value. 注意:同一个种子生成相同的随机数字序列。Note: same seed yields same sequence of random numbers.
OutputClaimOutputClaim outputClaimoutputClaim stringstring 调用此声明转换后将生成的 ClaimTypes。The ClaimTypes that will be produced after this claims transformation has been invoked. 随机值。The random value.

下面的示例将生成全局唯一 ID。Following example generates a global unique ID. 此声明转换用于创建随机 UPN(用户主体名称)。This claims transformation is used to create the random UPN (user principle name).

<ClaimsTransformation Id="CreateRandomUPNUserName" TransformationMethod="CreateRandomString">
  <InputParameters>
    <InputParameter Id="randomGeneratorType" DataType="string" Value="GUID" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="upnUserName" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入参数:Input parameters:
    • randomGeneratorType:GUIDrandomGeneratorType: GUID
  • 输出声明:Output claims:
    • outputClaim: bc8bedd2-aaa3-411e-bdee-2f1810b73dfcoutputClaim: bc8bedd2-aaa3-411e-bdee-2f1810b73dfc

下面的示例生成 0 到 1000 之间的随机整数值。Following example generates an integer random value between 0 and 1000. 值被格式化为 OTP_{random value}。The value is formatted to OTP_{random value}.

<ClaimsTransformation Id="SetRandomNumber" TransformationMethod="CreateRandomString">
  <InputParameters>
    <InputParameter Id="randomGeneratorType" DataType="string" Value="INTEGER" />
    <InputParameter Id="maximumNumber" DataType="int" Value="1000" />
    <InputParameter Id="stringFormat" DataType="string" Value="OTP_{0}" />
    <InputParameter Id="base64" DataType="boolean" Value="false" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="randomNumber" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入参数:Input parameters:
    • randomGeneratorType:INTEGERrandomGeneratorType: INTEGER
    • maximumNumber:1000maximumNumber: 1000
    • stringFormat:OTP_{0}stringFormat: OTP_{0}
    • base64: falsebase64: false
  • 输出声明:Output claims:
    • outputClaim:OTP_853outputClaim: OTP_853

FormatStringClaimFormatStringClaim

根据提供的格式字符串格式化声明。Format a claim according to the provided format string. 此转换将使用 C# String.Format 方法。This transformation uses the C# String.Format method.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim inputClaiminputClaim stringstring 作为字符串格式 {0} 参数的 ClaimType。The ClaimType that acts as string format {0} parameter.
InputParameterInputParameter stringFormatstringFormat stringstring 字符串格式,包括 {0} 参数。The string format, including the {0} parameter. 此输入参数支持字符串声明转换表达式This input parameter supports string claims transformation expressions.
OutputClaimOutputClaim outputClaimoutputClaim stringstring 调用此声明转换后生成的 ClaimType。The ClaimType that is produced after this claims transformation has been invoked.

使用此声明转换格式化任何带一个参数 {0} 的字符串。Use this claims transformation to format any string with one parameter {0}. 以下示例创建一个 userPrincipalName。The following example creates a userPrincipalName. 所有社交标识提供者技术配置文件都调用 CreateUserPrincipalName 来生成 userPrincipalNameAll social identity provider technical profiles calls the CreateUserPrincipalName to generate a userPrincipalName.

<ClaimsTransformation Id="CreateUserPrincipalName" TransformationMethod="FormatStringClaim">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="upnUserName" TransformationClaimType="inputClaim" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="stringFormat" DataType="string" Value="cpim_{0}@{RelyingPartyTenantId}" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="userPrincipalName" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • inputClaim:5164db16-3eee-4629-bfda-dcc3326790e9inputClaim: 5164db16-3eee-4629-bfda-dcc3326790e9
  • 输入参数:Input parameters:
    • stringFormat: cpim_{0}@{RelyingPartyTenantId}stringFormat: cpim_{0}@{RelyingPartyTenantId}
  • 输出声明:Output claims:
    • outputClaim: cpim_5164db16-3eee-4629-bfda-dcc3326790e9@b2cdemo.partner.onmschina.cnoutputClaim: cpim_5164db16-3eee-4629-bfda-dcc3326790e9@b2cdemo.partner.onmschina.cn

FormatStringMultipleClaimsFormatStringMultipleClaims

根据提供的格式字符串格式化两个声明。Format two claims according to the provided format string. 此转换将使用 C# String.Format 方法。This transformation uses the C# String.Format method.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim inputClaiminputClaim stringstring 作为字符串格式 {0} 参数的 ClaimType。The ClaimType that acts as string format {0} parameter.
InputClaimInputClaim inputClaiminputClaim stringstring 作为字符串格式 {1} 参数的 ClaimType。The ClaimType that acts as string format {1} parameter.
InputParameterInputParameter stringFormatstringFormat stringstring 字符串格式,包括 {0} 和 {1} 参数。The string format, including the {0} and {1} parameters. 此输入参数支持字符串声明转换表达式This input parameter supports string claims transformation expressions.
OutputClaimOutputClaim outputClaimoutputClaim stringstring 调用此声明转换后生成的 ClaimType。The ClaimType that is produced after this claims transformation has been invoked.

使用此声明转换格式化任何带两个参数 {0} 和 {1} 的字符串。Use this claims transformation to format any string with two parameters, {0} and {1}. 下面的示例创建带指定格式的 displayName:The following example creates a displayName with the specified format:

<ClaimsTransformation Id="CreateDisplayNameFromFirstNameAndLastName" TransformationMethod="FormatStringMultipleClaims">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="givenName" TransformationClaimType="inputClaim1" />
    <InputClaim ClaimTypeReferenceId="surName" TransformationClaimType="inputClaim2" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="stringFormat" DataType="string" Value="{0} {1}" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="displayName" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • inputClaim1:JoeinputClaim1: Joe
    • inputClaim2:FernandoinputClaim2: Fernando
  • 输入参数:Input parameters:
    • stringFormat:{0} {1}stringFormat: {0} {1}
  • 输出声明:Output claims:
    • outputClaim:Joe FernandooutputClaim: Joe Fernando

GetLocalizedStringsTransformationGetLocalizedStringsTransformation

将本地化的字符串复制到声明中。Copies localized strings into claims.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
OutputClaimOutputClaim 本地化的字符串的名称The name of the localized string stringstring 调用此声明转换后生成的声明类型列表。List of claim types that are produced after this claims transformation has been invoked.

使用 GetLocalizedStringsTransformation 声明转换:To use the GetLocalizedStringsTransformation claims transformation:

  1. 定义本地化字符串并将其与 self-asserted-technical-profile 相关联。Define a localization string and associate it with a self-asserted-technical-profile.
  2. LocalizedString 元素的 ElementType 必须设为 GetLocalizedStringsTransformationClaimTypeThe ElementType of the LocalizedString element must be set to GetLocalizedStringsTransformationClaimType.
  3. StringId 是定义的唯一标识符,稍后会用于声明转换。The StringId is a unique identifier that you define, and use it later in your claims transformation.
  4. 在声明转换中,指定要使用本地化字符串设置的声明列表。In the claims transformation, specify the list of claims to be set with the localized string. ClaimTypeReferenceId 是对在策略的 ClaimsSchema 节中已定义的 ClaimType 的引用。The ClaimTypeReferenceId is a reference to a ClaimType already defined in the ClaimsSchema section in the policy. TransformationClaimType 是在 LocalizedString 元素的 StringId 中定义的已本地化字符串的名称。The TransformationClaimType is the name of the localized string as defined in the StringId of the LocalizedString element.
  5. 自我断言技术配置文件显示控制输入或输出声明转换中引用你的声明转换。In a self-asserted technical profile, or a display control input or output claims transformation, make a reference to your claims transformation.

GetLocalizedStringsTransformation

以下示例在本地化的字符串中查找电子邮件主题、正文、代码消息和电子邮件签名。The following example looks up the email subject, body, your code message, and the signature of the email, from localized strings. 稍后自定义电子邮件验证模板将使用这些声明。These claims later used by custom email verification template.

定义英语(默认)和西班牙语的已本地化字符串。Define localized strings for English (default) and Spanish.

<Localization Enabled="true">
  <SupportedLanguages DefaultLanguage="en" MergeBehavior="Append">
    <SupportedLanguage>en</SupportedLanguage>
    <SupportedLanguage>es</SupportedLanguage>
   </SupportedLanguages>

  <LocalizedResources Id="api.localaccountsignup.en">
    <LocalizedStrings>
      <LocalizedString ElementType="GetLocalizedStringsTransformationClaimType" StringId="email_subject">Contoso account email verification code</LocalizedString>
      <LocalizedString ElementType="GetLocalizedStringsTransformationClaimType" StringId="email_message">Thanks for verifying your account!</LocalizedString>
      <LocalizedString ElementType="GetLocalizedStringsTransformationClaimType" StringId="email_code">Your code is</LocalizedString>
      <LocalizedString ElementType="GetLocalizedStringsTransformationClaimType" StringId="email_signature">Sincerely</LocalizedString>
     </LocalizedStrings>
   </LocalizedResources>
   <LocalizedResources Id="api.localaccountsignup.es">
     <LocalizedStrings>
      <LocalizedString ElementType="GetLocalizedStringsTransformationClaimType" StringId="email_subject">Código de verificación del correo electrónico de la cuenta de Contoso</LocalizedString>
      <LocalizedString ElementType="GetLocalizedStringsTransformationClaimType" StringId="email_message">Gracias por comprobar la cuenta de </LocalizedString>
      <LocalizedString ElementType="GetLocalizedStringsTransformationClaimType" StringId="email_code">Su código es</LocalizedString>
      <LocalizedString ElementType="GetLocalizedStringsTransformationClaimType" StringId="email_signature">Atentamente</LocalizedString>
    </LocalizedStrings>
  </LocalizedResources>
</Localization>

声明转换使用 StringIdemail_subject 设置声明类型 subject 的值。The claims transformation sets the value of the claim type subject with the value of the StringId email_subject.

<ClaimsTransformation Id="GetLocalizedStringsForEmail" TransformationMethod="GetLocalizedStringsTransformation">
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="subject" TransformationClaimType="email_subject" />
    <OutputClaim ClaimTypeReferenceId="message" TransformationClaimType="email_message" />
    <OutputClaim ClaimTypeReferenceId="codeIntro" TransformationClaimType="email_code" />
    <OutputClaim ClaimTypeReferenceId="signature" TransformationClaimType="email_signature" />
   </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输出声明:Output claims:
    • subject:Contoso 帐户电子邮件验证码subject: Contoso account email verification code
    • message:感谢验证你的帐户!message: Thanks for verifying your account!
    • codeIntro:你的代码是codeIntro: Your code is
    • signature:此致signature: Sincerely

GetMappedValueFromLocalizedCollectionGetMappedValueFromLocalizedCollection

从声明 Restriction 集合中查找项。Looking up an item from a claim Restriction collection.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim mapFromClaimmapFromClaim stringstring 该声明包含要在带 Restriction 集合的 restrictionValueClaim 声明中查找的文本。The claim that contains the text to be looked up in the restrictionValueClaim claims with the Restriction collection.
OutputClaimOutputClaim restrictionValueClaimrestrictionValueClaim stringstring 包含 Restriction 集合的声明。The claim that contains the Restriction collection. 在调用声明转换后,此声明的值将包含选定项的值。After the claims transformation has been invoked, the value of this claim contains the value of the selected item.

下面的示例基于错误密钥查找错误消息描述。The following example looks up the error message description based on the error key. ResponseMsg 声明包含一系列要显示给最终用户或发送给信赖方的错误消息。The responseMsg claim contains a collection of error messages to present to the end user or to be sent to the relying party.

<ClaimType Id="responseMsg">
  <DisplayName>Error message: </DisplayName>
  <DataType>string</DataType>
  <UserInputType>Paragraph</UserInputType>
  <Restriction>
    <Enumeration Text="B2C_V1_90001" Value="You cannot sign in because you are a minor" />
    <Enumeration Text="B2C_V1_90002" Value="This action can only be performed by gold members" />
    <Enumeration Text="B2C_V1_90003" Value="You have not been enabled for this operation" />
  </Restriction>
</ClaimType>

声明转换将查找项文本,并返回其值。The claims transformation looks up the text of the item and returns its value. 如果使用 <LocalizedCollection> 本地化限制,则声明转换返回本地化的值。If the restriction is localized using <LocalizedCollection>, the claims transformation returns the localized value.

<ClaimsTransformation Id="GetResponseMsgMappedToResponseCode" TransformationMethod="GetMappedValueFromLocalizedCollection">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="responseCode" TransformationClaimType="mapFromClaim" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="responseMsg" TransformationClaimType="restrictionValueClaim" />        
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • mapFromClaim:B2C_V1_90001mapFromClaim: B2C_V1_90001
  • 输出声明:Output claims:
    • restrictionValueClaim:无法登录,因为你未成年。restrictionValueClaim: You cannot sign in because you are a minor.

LookupValueLookupValue

基于另一个声明的值从值列表中查找声明值。Look up a claim value from a list of values based on the value of another claim.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim inputParameterIdinputParameterId stringstring 包含查找值的声明The claim that contains the lookup value
InputParameterInputParameter stringstring inputParameters 集合。Collection of inputParameters.
InputParameterInputParameter errorOnFailedLookuperrorOnFailedLookup booleanboolean 控制在没有任何匹配查找时是否返回错误。Controlling whether an error is returned when no matching lookup.
OutputClaimOutputClaim inputParameterIdinputParameterId stringstring 调用此声明转换后将生成的 ClaimTypes。The ClaimTypes that will be produced after this claims transformation has been invoked. 匹配 Id 的值。The value of the matching Id.

下面的示例在某一个 inputParameters 集合中查找域名。The following example looks up the domain name in one of the inputParameters collections. 声明转换查找标识符中的域名,并返回其值(应用程序 ID)。The claims transformation looks up the domain name in the identifier and returns its value (an application ID).

 <ClaimsTransformation Id="DomainToClientId" TransformationMethod="LookupValue">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="domainName" TransformationClaimType="inputParameterId" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="contoso.com" DataType="string" Value="13c15f79-8fb1-4e29-a6c9-be0d36ff19f1" />
    <InputParameter Id="microsoft.com" DataType="string" Value="0213308f-17cb-4398-b97e-01da7bd4804e" />
    <InputParameter Id="test.com" DataType="string" Value="c7026f88-4299-4cdb-965d-3f166464b8a9" />
    <InputParameter Id="errorOnFailedLookup" DataType="boolean" Value="false" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="domainAppId" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • inputParameterId: test.cominputParameterId: test.com
  • 输入参数:Input parameters:
    • contoso.com:13c15f79-8fb1-4e29-a6c9-be0d36ff19f1contoso.com: 13c15f79-8fb1-4e29-a6c9-be0d36ff19f1
    • microsoft.com:0213308f-17cb-4398-b97e-01da7bd4804emicrosoft.com: 0213308f-17cb-4398-b97e-01da7bd4804e
    • test.com: c7026f88-4299-4cdb-965d-3f166464b8a9test.com: c7026f88-4299-4cdb-965d-3f166464b8a9
    • errorOnFailedLookup: falseerrorOnFailedLookup: false
  • 输出声明:Output claims:
    • outputClaim:c7026f88-4299-4cdb-965d-3f166464b8a9outputClaim: c7026f88-4299-4cdb-965d-3f166464b8a9

errorOnFailedLookup 输入参数设置为 true 时,LookupValue 声明转换始终从验证技术配置文件执行,该文件由自断言技术配置文件DisplayConrtol 调用。When errorOnFailedLookup input parameter is set to true, the LookupValue claims transformation is always executed from a validation technical profile that is called by a self-asserted technical profile, or a DisplayConrtol. 自断言技术配置文件的 LookupNotFound 元数据控制向用户显示的错误消息。The LookupNotFound metadata of a self-asserted technical profile controls the error message that is presented to the user.

AssertStringClaimsAreEqual 执行

下面的示例在某一个 inputParameters 集合中查找域名。The following example looks up the domain name in one of the inputParameters collections. 声明转换查找标识符中的域名,并返回其值(应用程序 ID)或引发错误消息。The claims transformation looks up the domain name in the identifier and returns its value (an application ID), or raises an error message.

 <ClaimsTransformation Id="DomainToClientId" TransformationMethod="LookupValue">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="domainName" TransformationClaimType="inputParameterId" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="contoso.com" DataType="string" Value="13c15f79-8fb1-4e29-a6c9-be0d36ff19f1" />
    <InputParameter Id="microsoft.com" DataType="string" Value="0213308f-17cb-4398-b97e-01da7bd4804e" />
    <InputParameter Id="test.com" DataType="string" Value="c7026f88-4299-4cdb-965d-3f166464b8a9" />
    <InputParameter Id="errorOnFailedLookup" DataType="boolean" Value="true" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="domainAppId" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • inputParameterId: live.cominputParameterId: live.com
  • 输入参数:Input parameters:
    • contoso.com:13c15f79-8fb1-4e29-a6c9-be0d36ff19f1contoso.com: 13c15f79-8fb1-4e29-a6c9-be0d36ff19f1
    • microsoft.com:0213308f-17cb-4398-b97e-01da7bd4804emicrosoft.com: 0213308f-17cb-4398-b97e-01da7bd4804e
    • test.com: c7026f88-4299-4cdb-965d-3f166464b8a9test.com: c7026f88-4299-4cdb-965d-3f166464b8a9
    • errorOnFailedLookup: trueerrorOnFailedLookup: true
  • 错误:Error:
    • 在输入参数 ID 列表中找不到输入声明值的匹配项,errorOnFailedLookup 为 true。No match found for the input claim value in the list of input parameter ids and errorOnFailedLookup is true.

NullClaimNullClaim

清除给定声明的值。Clean the value of a given claim.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
OutputClaimOutputClaim claim_to_nullclaim_to_null stringstring 声明的值设置为 NULL。The claim's value is set to NULL.

使用此声明转换可从声明属性包中删除不必要的数据,因此会话 Cookie 会更小。Use this claim transformation to remove unnecessary data from the claims property bag so the session cookie will be smaller. 以下示例将删除 TermsOfService 声明类型的值。The following example removes the value of the TermsOfService claim type.

<ClaimsTransformation Id="SetTOSToNull" TransformationMethod="NullClaim">
  <OutputClaims>
  <OutputClaim ClaimTypeReferenceId="TermsOfService" TransformationClaimType="claim_to_null" />
  </OutputClaims>
</ClaimsTransformation>
  • 输入声明:Input claims:
    • outputClaim:欢迎使用 Contoso 应用。outputClaim: Welcome to Contoso App. 如果继续浏览和使用本网站,表示你同意遵守并受下列条款和条件的约束...If you continue to browse and use this website, you are agreeing to comply with and be bound by the following terms and conditions...
  • 输出声明:Output claims:
    • outputClaim:NulloutputClaim: NULL

ParseDomainParseDomain

获取电子邮件地址的域部分。Gets the domain portion of an email address.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim emailAddressemailAddress stringstring 包含电子邮件地址的 ClaimType。The ClaimType that contains the email address.
OutputClaimOutputClaim domain stringstring 调用此声明转换后生成的 ClaimType - 域。The ClaimType that is produced after this claims transformation has been invoked - the domain.

使用此声明转换分析用户 @ 符号之后的域名。Use this claims transformation to parse the domain name after the @ symbol of the user. 以下声明转换演示如何分析 email 声明中的域名。The following claims transformation demonstrates how to parse the domain name from an email claim.

<ClaimsTransformation Id="SetDomainName" TransformationMethod="ParseDomain">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="emailAddress" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="domainName" TransformationClaimType="domain" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • emailAddress: joe@outlook.comemailAddress: joe@outlook.com
  • 输出声明:Output claims:
    • domain: outlook.comdomain: outlook.com

SetClaimsIfRegexMatchSetClaimsIfRegexMatch

检查字符串声明 claimToMatchmatchTo 输入参数是否相等,并使用 outputClaimIfMatched 输入参数中提供的值设置输出声明,以及比较结果输出声明,将基于比较结果将此声明设置为 truefalseChecks that a string claim claimToMatch and matchTo input parameter are equal, and sets the output claims with the value present in outputClaimIfMatched input parameter, along with compare result output claim, which is to be set as true or false based on the result of comparison.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
inputClaiminputClaim claimToMatchclaimToMatch stringstring 要比较的声明类型。The claim type, which is to be compared.
InputParameterInputParameter matchTomatchTo stringstring 要匹配的正则表达式。The regular expression to match.
InputParameterInputParameter outputClaimIfMatchedoutputClaimIfMatched stringstring 字符串相等情况下要设置的值。The value to be set if strings are equal.
InputParameterInputParameter extractGroupsextractGroups booleanboolean [可选] 指定正则表达式匹配是否应提取组值。[Optional] Specifies whether the Regex match should extract groups values. 可能的值:truefalse(默认)。Possible values: true, or false (default).
OutputClaimOutputClaim outputClaimoutputClaim stringstring 如果正则表达式是匹配项,此输出声明包含 outputClaimIfMatched 输入参数的值。If regular expression is match, this output claim contains the value of outputClaimIfMatched input parameter. 如果没有匹配项,则为 null。Or null, if no match.
OutputClaimOutputClaim regexCompareResultClaimregexCompareResultClaim booleanboolean 正则表达式匹配结果输出声明类型,将基于匹配结果设置为 truefalseThe regular expression match result output claim type, which is to be set as true or false based on the result of matching.
OutputClaimOutputClaim 声明名称The name of the claim stringstring 如果 extractGroups 输入参数设置为 true,调用此声明转换后生成的声明类型列表。If the extractGroups input parameter set to true, list of claim types that are produced after this claims transformation has been invoked. ClaimType 的名称必须与正则表达式组名称匹配。The name of the claimType must match the Regex group name.

示例 1Example 1

根据电话号码正则表达式模式检查提供的电话号码是否有效。Checks whether the provided phone number is valid, based on phone number regular expression pattern.

<ClaimsTransformation Id="SetIsPhoneRegex" TransformationMethod="SetClaimsIfRegexMatch">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="phone" TransformationClaimType="claimToMatch" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="matchTo" DataType="string" Value="^[0-9]{4,16}$" />
    <InputParameter Id="outputClaimIfMatched" DataType="string" Value="isPhone" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="validationResult" TransformationClaimType="outputClaim" />
    <OutputClaim ClaimTypeReferenceId="isPhoneBoolean" TransformationClaimType="regexCompareResultClaim" />
  </OutputClaims>
</ClaimsTransformation>
  • 输入声明:Input claims:
    • claimToMatch:"64854114520"claimToMatch: "64854114520"
  • 输入参数:Input parameters:
    • matchTo: "^[0-9]{4,16}$"matchTo: "^[0-9]{4,16}$"
    • outputClaimIfMatched: "isPhone"outputClaimIfMatched: "isPhone"
  • 输出声明:Output claims:
    • outputClaim: "isPhone"outputClaim: "isPhone"
    • regexCompareResultClaim:trueregexCompareResultClaim: true

示例 2Example 2

检查提供的电子邮件地址是否有效,并返回电子邮件别名。Checks whether the provided email address is valid, and return the email alias.

<ClaimsTransformation Id="GetAliasFromEmail" TransformationMethod="SetClaimsIfRegexMatch">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="claimToMatch" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="matchTo" DataType="string" Value="(?&lt;mailAlias&gt;.*)@(.*)$" />
    <InputParameter Id="outputClaimIfMatched" DataType="string" Value="isEmail" />
    <InputParameter Id="extractGroups" DataType="boolean" Value="true" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="validationResult" TransformationClaimType="outputClaim" />
    <OutputClaim ClaimTypeReferenceId="isEmailString" TransformationClaimType="regexCompareResultClaim" />
    <OutputClaim ClaimTypeReferenceId="mailAlias" />
  </OutputClaims>
</ClaimsTransformation>
  • 输入声明:Input claims:
    • claimToMatch: "emily@contoso.com"claimToMatch: "emily@contoso.com"
  • 输入参数:Input parameters:
    • matchTo: (?&lt;mailAlias&gt;.*)@(.*)$matchTo: (?&lt;mailAlias&gt;.*)@(.*)$
    • outputClaimIfMatched: "isEmail"outputClaimIfMatched: "isEmail"
    • extractGroups: trueextractGroups: true
  • 输出声明:Output claims:
    • outputClaim: "isEmail"outputClaim: "isEmail"
    • regexCompareResultClaim:trueregexCompareResultClaim: true
    • mailAlias: emilymailAlias: emily

SetClaimsIfStringsAreEqualSetClaimsIfStringsAreEqual

检查字符串声明和 matchTo 输入参数是否相等,并使用 stringMatchMsgstringMatchMsgCode 输入参数中提供的值设置输出声明,以及比较结果输出声明,将基于比较结果将此声明设置为 truefalseChecks that a string claim and matchTo input parameter are equal, and sets the output claims with the value present in stringMatchMsg and stringMatchMsgCode input parameters, along with compare result output claim, which is to be set as true or false based on the result of comparison.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim inputClaiminputClaim stringstring 要比较的声明类型。The claim type, which is to be compared.
InputParameterInputParameter matchTomatchTo stringstring 要与 inputClaim 进行比较的字符串。The string to be compared with inputClaim.
InputParameterInputParameter stringComparisonstringComparison stringstring 可能的值:OrdinalOrdinalIgnoreCasePossible values: Ordinal or OrdinalIgnoreCase.
InputParameterInputParameter stringMatchMsgstringMatchMsg stringstring 字符串相等情况下第一个要设置的值。First value to be set if strings are equal.
InputParameterInputParameter stringMatchMsgCodestringMatchMsgCode stringstring 字符串相等情况下第二个要设置的值。Second value to be set if strings are equal.
OutputClaimOutputClaim outputClaim1outputClaim1 stringstring 如果字符串相等,则此输出声明包含 stringMatchMsg 输入参数的值。If strings are equals, this output claim contains the value of stringMatchMsg input parameter.
OutputClaimOutputClaim outputClaim2outputClaim2 stringstring 如果字符串相等,则此输出声明包含 stringMatchMsgCode 输入参数的值。If strings are equals, this output claim contains the value of stringMatchMsgCode input parameter.
OutputClaimOutputClaim stringCompareResultClaimstringCompareResultClaim booleanboolean 比较结果输出声明类型,将基于比较结果设置为 truefalseThe compare result output claim type, which is to be set as true or false based on the result of comparison.

可以使用此声明转换检查一个声明是否等于指定的值。You can use this claims transformation to check if a claim is equal to value you specified. 例如,以下声明转换将检查 termsOfUseConsentVersion 声明的值是否等于 v1For example, the following claims transformation checks if the value of the termsOfUseConsentVersion claim is equal to v1. 如果是,则将值更改为 v2If yes, change the value to v2.

<ClaimsTransformation Id="CheckTheTOS" TransformationMethod="SetClaimsIfStringsAreEqual">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="termsOfUseConsentVersion" TransformationClaimType="inputClaim" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="matchTo" DataType="string" Value="v1" />
    <InputParameter Id="stringComparison" DataType="string" Value="ordinalIgnoreCase" />
    <InputParameter Id="stringMatchMsg" DataType="string" Value="B2C_V1_90005" />
    <InputParameter Id="stringMatchMsgCode" DataType="string" Value="The TOS is upgraded to v2" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="termsOfUseConsentVersion" TransformationClaimType="outputClaim1" />
    <OutputClaim ClaimTypeReferenceId="termsOfUseConsentVersionUpgradeCode" TransformationClaimType="outputClaim2" />
    <OutputClaim ClaimTypeReferenceId="termsOfUseConsentVersionUpgradeResult" TransformationClaimType="stringCompareResultClaim" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • inputClaim: v1inputClaim: v1
  • 输入参数:Input parameters:
    • matchTo:V1matchTo: V1
    • stringComparison: ordinalIgnoreCasestringComparison: ordinalIgnoreCase
    • stringMatchMsg:B2C_V1_90005stringMatchMsg: B2C_V1_90005
    • stringMatchMsgCode:TOS 升级到 v2stringMatchMsgCode: The TOS is upgraded to v2
  • 输出声明:Output claims:
    • outputClaim1:B2C_V1_90005outputClaim1: B2C_V1_90005
    • outputClaim2:TOS 升级到 v2outputClaim2: The TOS is upgraded to v2
    • stringCompareResultClaim: truestringCompareResultClaim: true

SetClaimsIfStringsMatchSetClaimsIfStringsMatch

检查字符串声明和 matchTo 输入参数是否相等,并使用 outputClaimIfMatched 输入参数中提供的值设置输出声明,以及比较结果输出声明,将基于比较结果将此声明设置为 truefalseChecks that a string claim and matchTo input parameter are equal, and sets the output claims with the value present in outputClaimIfMatched input parameter, along with compare result output claim, which is to be set as true or false based on the result of comparison.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim claimToMatchclaimToMatch stringstring 要比较的声明类型。The claim type, which is to be compared.
InputParameterInputParameter matchTomatchTo stringstring 要与 inputClaim 进行比较的字符串。The string to be compared with inputClaim.
InputParameterInputParameter stringComparisonstringComparison stringstring 可能的值:OrdinalOrdinalIgnoreCasePossible values: Ordinal or OrdinalIgnoreCase.
InputParameterInputParameter outputClaimIfMatchedoutputClaimIfMatched stringstring 字符串相等情况下要设置的值。The value to be set if strings are equal.
OutputClaimOutputClaim outputClaimoutputClaim stringstring 如果字符串相等,则此输出声明包含 outputClaimIfMatched 输入参数的值。If strings are equals, this output claim contains the value of outputClaimIfMatched input parameter. 或者如果字符串不匹配,则为 NULL。Or null, if the strings aren't match.
OutputClaimOutputClaim stringCompareResultClaimstringCompareResultClaim booleanboolean 比较结果输出声明类型,将基于比较结果设置为 truefalseThe compare result output claim type, which is to be set as true or false based on the result of comparison.

例如,以下声明转换检查 ageGroup 声明的值是否等于 MinorFor example, the following claims transformation checks if the value of ageGroup claim is equal to Minor. 如果是,则返回 B2C_V1_90001 值。If yes, return the value to B2C_V1_90001.

<ClaimsTransformation Id="SetIsMinor" TransformationMethod="SetClaimsIfStringsMatch">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="ageGroup" TransformationClaimType="claimToMatch" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="matchTo" DataType="string" Value="Minor" />
    <InputParameter Id="stringComparison" DataType="string" Value="ordinalIgnoreCase" />
    <InputParameter Id="outputClaimIfMatched" DataType="string" Value="B2C_V1_90001" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="isMinor" TransformationClaimType="outputClaim" />
    <OutputClaim ClaimTypeReferenceId="isMinorResponseCode" TransformationClaimType="stringCompareResultClaim" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • claimToMatch:MinorclaimToMatch: Minor
  • 输入参数:Input parameters:
    • matchTo:MinormatchTo: Minor
    • stringComparison: ordinalIgnoreCasestringComparison: ordinalIgnoreCase
    • outputClaimIfMatched:B2C_V1_90001outputClaimIfMatched: B2C_V1_90001
  • 输出声明:Output claims:
    • isMinorResponseCode:B2C_V1_90001isMinorResponseCode: B2C_V1_90001
    • isMinor: trueisMinor: true

StringContainsStringContains

确定输入声明中是否出现了指定的子字符串。Determine whether a specified substring occurs within the input claim. 结果是新布尔型 ClaimType,值为 truefalseThe result is a new boolean ClaimType with a value of true or false. 如果此字符串中出现了值参数,则为 true;否则为 falsetrue if the value parameter occurs within this string, otherwise, false.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim inputClaiminputClaim stringstring 要搜索的声明类型。The claim type, which is to be searched.
InputParameterInputParameter containscontains stringstring 要搜索的值。The value to search.
InputParameterInputParameter ignoreCaseignoreCase stringstring 指定此项比较是否应忽略所比较字符串的大小写。Specifies whether this comparison should ignore the case of the string being compared.
OutputClaimOutputClaim outputClaimoutputClaim stringstring 调用此 ClaimsTransformation 后生成的 ClaimType。The ClaimType that is produced after this ClaimsTransformation has been invoked. 一个布尔值,指示输入声明中是否出现了该子字符串。A boolean indicator if the substring occurs within the input claim.

使用此声明转换可以检查字符串声明类型是否包含某个子字符串。Use this claims transformation to check if a string claim type contains a substring. 以下示例检查 roles 字符串声明类型是否包含 admin 值。Following example, checks whether the roles string claim type contains the value of admin.

<ClaimsTransformation Id="CheckIsAdmin" TransformationMethod="StringContains">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="roles" TransformationClaimType="inputClaim"/>
  </InputClaims>
  <InputParameters>
    <InputParameter  Id="contains" DataType="string" Value="admin"/>
    <InputParameter  Id="ignoreCase" DataType="string" Value="true"/>
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="isAdmin" TransformationClaimType="outputClaim"/>
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • inputClaim:"Admin, Approver, Editor"inputClaim: "Admin, Approver, Editor"
  • 输入参数:Input parameters:
    • contains: "admin,"contains: "admin,"
    • ignoreCase: trueignoreCase: true
  • 输出声明:Output claims:
    • outputClaim: trueoutputClaim: true

StringSubstringStringSubstring

提取字符串声明类型的组成部分(从位于指定位置处的字符开始),并返回指定数目的字符。Extracts parts of a string claim type, beginning at the character at the specified position, and returns the specified number of characters.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim inputClaiminputClaim stringstring 包含该字符串的声明类型。The claim type, which contains the string.
InputParameterInputParameter startIndexstartIndex intint 某个子字符串在此实例中的从零开始的起始字符位置。The zero-based starting character position of a substring in this instance.
InputParameterInputParameter lengthlength intint 子字符串中的字符数。The number of characters in the substring.
OutputClaimOutputClaim outputClaimoutputClaim booleanboolean 与此实例中在 startIndex 处开头、具有指定长度的子字符串等效的一个字符串;如果 startIndex 等于此实例的长度且长度为零,则为空。A string that is equivalent to the substring of length that begins at startIndex in this instance, or Empty if startIndex is equal to the length of this instance and length is zero.

例如,获取国家/地区电话号码前缀。For example, get the phone number country/region prefix.

<ClaimsTransformation Id="GetPhonePrefix" TransformationMethod="StringSubstring">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="phoneNumber" TransformationClaimType="inputClaim" />
  </InputClaims>
<InputParameters>
  <InputParameter Id="startIndex" DataType="int" Value="0" />
  <InputParameter Id="length" DataType="int" Value="2" />
</InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="phonePrefix" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • inputClaim: "+1644114520"inputClaim: "+1644114520"
  • 输入参数:Input parameters:
    • startIndex:0startIndex: 0
    • length:2length: 2
  • 输出声明:Output claims:
    • outputClaim: "+1"outputClaim: "+1"

StringReplaceStringReplace

在声明类型字符串中搜索指定的值,并返回一个新的声明类型字符串,在该字符串中,当前字符串中出现的所有指定字符串已替换为另一个指定的字符串。Searches a claim type string for a specified value, and returns a new claim type string in which all occurrences of a specified string in the current string are replaced with another specified string.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim inputClaiminputClaim stringstring 包含该字符串的声明类型。The claim type, which contains the string.
InputParameterInputParameter oldValueoldValue stringstring 要搜索的字符串。The string to be searched.
InputParameterInputParameter newValuenewValue stringstring 用于替换出现的所有 oldValue 的字符串The string to replace all occurrences of oldValue
OutputClaimOutputClaim outputClaimoutputClaim booleanboolean 等效于当前字符串的字符串,只不过 oldValue 的所有实例已替换为 newValue。A string that is equivalent to the current string except that all instances of oldValue are replaced with newValue. 如果在当前实例中找不到 oldValue,该方法将按原样返回当前实例。If oldValue is not found in the current instance, the method returns the current instance unchanged.

例如,通过删除 - 字符来规范化某个电话号码For example, normalize a phone number, by removing the - characters

<ClaimsTransformation Id="NormalizePhoneNumber" TransformationMethod="StringReplace">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="phoneNumber" TransformationClaimType="inputClaim" />
  </InputClaims>
<InputParameters>
  <InputParameter Id="oldValue" DataType="string" Value="-" />
  <InputParameter Id="newValue" DataType="string" Value="" />
</InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="phoneNumber" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • inputClaim: "+164-411-452-054"inputClaim: "+164-411-452-054"
  • 输入参数:Input parameters:
    • oldValue: "-"oldValue: "-"
    • newValue:""newValue: ""
  • 输出声明:Output claims:
    • outputClaim: "+164411452054"outputClaim: "+164411452054"

StringJoinStringJoin

在每个元素或成员之间使用指定的分隔符,串联指定字符串集合声明类型的元素。Concatenates the elements of a specified string collection claim type, using the specified separator between each element or member.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim inputClaiminputClaim stringCollectionstringCollection 包含要串联的字符串的集合。A collection that contains the strings to concatenate.
InputParameterInputParameter delimiterdelimiter stringstring 用作分隔符的字符串,例如逗号 ,The string to use as a separator, such as comma ,.
OutputClaimOutputClaim outputClaimoutputClaim stringstring inputClaim 字符串集合的成员组成的字符串,以 delimiter 输入参数分隔。A string that consists of the members of the inputClaim string collection, delimited by the delimiter input parameter.

以下示例提取用户角色的字符串集合,并将其转换为逗号分隔符字符串。The following example takes a string collection of user roles, and converts it to a comma delimiter string. 可以使用此方法在 Azure AD 用户帐户中存储字符串集合。You can use this method to store a string collection in Azure AD user account. 以后在从目录读取帐户时,可以使用 StringSplit 将逗号分隔符字符串转换回字符串集合。Later, when you read the account from the directory, use the StringSplit to convert the comma delimiter string back to string collection.

<ClaimsTransformation Id="ConvertRolesStringCollectionToCommaDelimiterString" TransformationMethod="StringJoin">
  <InputClaims>
   <InputClaim ClaimTypeReferenceId="roles" TransformationClaimType="inputClaim" />
  </InputClaims>
  <InputParameters>
    <InputParameter DataType="string" Id="delimiter" Value="," />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="rolesCommaDelimiterConverted" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • inputClaim: [ "Admin", "Author", "Reader" ]inputClaim: [ "Admin", "Author", "Reader" ]
  • 输入参数:Input parameters:
    • delimiter: ","delimiter: ","
  • 输出声明:Output claims:
    • outputClaim:"Admin,Author,Reader"outputClaim: "Admin,Author,Reader"

StringSplitStringSplit

返回一个字符串数组,其中包含此实例中由指定字符串的元素分隔的子字符串。Returns a string array that contains the substrings in this instance that are delimited by elements of a specified string.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim inputClaiminputClaim stringstring 包含要拆分的子字符串的字符串声明类型。A string claim type that contains the sub strings to split.
InputParameterInputParameter delimiterdelimiter stringstring 用作分隔符的字符串,例如逗号 ,The string to use as a separator, such as comma ,.
OutputClaimOutputClaim outputClaimoutputClaim stringCollectionstringCollection 一个字符串集合,其元素包含此字符串中由 delimiter 输入参数分隔的子字符串。A string collection whose elements contain the substrings in this string that are delimited by the delimiter input parameter.

以下示例提取用户角色的逗号分隔符字符串,并将其转换为字符串集合。The following example takes a comma delimiter string of user roles, and converts it to a string collection.

<ClaimsTransformation Id="ConvertRolesToStringCollection" TransformationMethod="StringSplit">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="rolesCommaDelimiter" TransformationClaimType="inputClaim" />
  </InputClaims>
  <InputParameters>
  <InputParameter DataType="string" Id="delimiter" Value="," />
    </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="roles" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • inputClaim:"Admin,Author,Reader"inputClaim: "Admin,Author,Reader"
  • 输入参数:Input parameters:
    • delimiter: ","delimiter: ","
  • 输出声明:Output claims:
    • outputClaim:[ "Admin", "Author", "Reader" ]outputClaim: [ "Admin", "Author", "Reader" ]

字符串声明转换表达式String claim transformations expressions

Azure AD B2C 自定义策略中的声明转换表达式提供了有关租户 ID 和技术配置文件 ID 的上下文信息。Claim transformations expressions in Azure AD B2C custom policies provide context information about the tenant ID and technical profile ID.

表达式Expression 说明Description 示例Example
{TechnicalProfileId} 技术 profileId 名称。The technical profileId name.
{RelyingPartyTenantId} 信赖方策略的租户 ID。The tenant ID of the relying party policy. your-tenant.partner.onmschina.cnyour-tenant.partner.onmschina.cn
{TrustFrameworkTenantId} 信任框架的租户 ID。The tenant ID of the trust framework. your-tenant.partner.onmschina.cnyour-tenant.partner.onmschina.cn