【问题标题】:Error messages from REST API call is not showing in B2C custom policy来自 REST API 调用的错误消息未显示在 B2C 自定义策略中
【发布时间】:2020-05-20 13:12:44
【问题描述】:

我的自定义策略中有一个自我断言的技术配置文件,它有一个验证技术配置文件,它是一个 REST API(天蓝色函数)调用。我不是直接从 policy 调用 azure 函数,从 policy 会调用 azure APIM,APIM 会将请求传递给 azure function。

我面临的问题是,当我的函数返回自定义错误消息时,它没有按策略中的预期显示。

return new OkObjectResult(new ResponseContentModel
      {
       userMessage = "Sorry, Please provide valid information ",
       status = 409,
       retryCounter = data.RetryCounter
     });

我的技术简介如下:

<TechnicalProfile Id="Registration">
          <DisplayName>Email signup</DisplayName>
          <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
          <Metadata>
            <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
            <Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
            <Item Key="language.button_continue">Activate Account</Item>
            <!-- Sample: Remove sign-up email verification -->
            <Item Key="EnforceEmailVerification">False</Item>
            <Item Key="setting.retryLimit">5</Item>
          </Metadata>
          <InputClaimsTransformations>
            <!--Sample: Copy the email to ReadOnlyEamil claim type-->  
            <InputClaimsTransformation ReferenceId="CreateReadOnlyEmailAddress" />
          </InputClaimsTransformations>
          <InputClaims>
            <InputClaim ClaimTypeReferenceId="email" />
            <InputClaim ClaimTypeReferenceId="givenName" />
            <InputClaim ClaimTypeReferenceId="surname" />
          </InputClaims>
          <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="objectId" DefaultValue="123" />
            <OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
            <OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
            <OutputClaim ClaimTypeReferenceId="tncCheckbox" Required="true" />

            <OutputClaim ClaimTypeReferenceId="retryCounter" DefaultValue="0" />
            <OutputClaim ClaimTypeReferenceId="isFound" DefaultValue="false" />
            <OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true" />
            <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication"/>
            <OutputClaim ClaimTypeReferenceId="newUser" DefaultValue="true" />
          </OutputClaims>
          <ValidationTechnicalProfiles>
            <ValidationTechnicalProfile ReferenceId="API-Validate-UserInfo" />
            <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" />
          </ValidationTechnicalProfiles>
          <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
        </TechnicalProfile>

REST API 验证技术简介如下:

<TechnicalProfile Id="API-Validate-UserInfo">
                <DisplayName>User OTP Notifications</DisplayName>    
                <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
                <Metadata>
                  <Item Key="ServiceUrl">https://myapimurl</Item>
                  <Item Key="SendClaimsIn">Body</Item>                        
                  <Item Key="AuthenticationType">ClientCertificate</Item>
                </Metadata>
                <CryptographicKeys>
                    <Key Id="ClientCertificate" StorageReferenceId="B2C_1A_APIMClientCertificate" />
                </CryptographicKeys>
                <InputClaims>
                    <InputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="GivenName" />
                    <InputClaim ClaimTypeReferenceId="surname" PartnerClaimType="SurName"/>
                    <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="Email"/>
                    <InputClaim ClaimTypeReferenceId="retryCounter" PartnerClaimType="RetryCounter"/>
                </InputClaims>
                <OutputClaims>
                  <OutputClaim ClaimTypeReferenceId="retryCounter" />
                  <OutputClaim ClaimTypeReferenceId="isFound" />
                </OutputClaims>
                <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
            </TechnicalProfile>

用户界面中显示的错误消息是:

步骤“5”中指定的声明交换“API-Validate-UserInfo”返回 HTTP 错误响应,代码为“BadRequest”,原因为“Bad Request”。

关于函数,我使用的是.net core 3.1,函数运行时版本是~3

【问题讨论】:

  • 怀疑是因为 B2C 发送的是实际上返回一个 HTTP 400 错误请求,而不是您的自定义 HTTP 409 响应。它在一个好的场景中工作吗?
  • @JasSuri 是的,返回 OkObjectResult 时工作正常
  • @JasSuri 我尝试通过将 retruen 结果类型更改为 ConflictObjectResult,现在显示错误此消息步骤“5”中指定的声明交换“API-Validate-UserInfo”返回 HTTP 错误响应,代码为“冲突” ' 和原因'冲突'。
  • 我遇到了问题,检查了文档“docs.microsoft.com/en-us/azure/active-directory-b2c/…”。我必须在响应消息中包含版本属性。现在炒得很好。谢谢

标签: azure azure-ad-b2c identity-experience-framework


【解决方案1】:

发现问题提到this article. 需要在响应消息版本中包含version,status和userMessage是错误响应消息的必填字段。

{
  version = "1.0.0",
  userMessage = "Sorry, Something happened unexpectedly. Please try after sometime.",
  status = 409,
 }

【讨论】:

    【解决方案2】:

    按照本文档,这是所需的错误结构:

    Returning validation error message

    此外,请确保响应应具有与内容错误代码相对应的 http 错误代码:

    return StatusCode(409, new ResponseContent { userMessage = ex.Message });
    

    其中 ResponseContent 具有以下结构:

            public class ResponseContent : IResult
        {
            public string version { get; set; }
            public int status { get; set; }
            public string code { get; set; }
            public string userMessage { get; set; }
            public string developerMessage { get; set; }
            public string requestId { get; set; }
            public string moreInfo { get; set; }
    
            public ResponseContent()
            {
                version = "1.0.0";
                status = 409;
                code = "API12345";
                requestId = "50f0bd91-2ff4-4b8f-828f-00f170519ddb";
                userMessage = "Message for the user";
                developerMessage = "Verbose description of problem and how to fix it.";
                moreInfo = "https://docs.microsoft.com/en-us/azure/active-directory-b2c/restful-technical-profile#returning-validation-error-message";
            }
        }
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2021-04-27
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2022-07-11
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多