Rest of the "SelfAsserted-LocalAccount-EmailVerification" is the same as previous post and the claims etc. <TechnicalProfile Id="SelfAsserted-LocalAccount-EmailVerification"> <DisplayName>Local Account Email Address Verification</DisplayName> <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" /> <Metadata> <Item Key="ContentDefinitionReferenceId">api.localaccount.emailverification</Item> <Item Key="EnforceEmailVerification">true</Item> </Metadata> <InputClaimsTransformations> <InputClaimsTransformation ReferenceId="CreateReadonlyEmailClaim" /> </InputClaimsTransformations> <InputClaims> <InputClaim ClaimTypeReferenceId="readonlyEmail" /> </InputClaims> <OutputClaims> <OutputClaim ClaimTypeReferenceId="readonlyEmail" PartnerClaimType="verified.email" Required="true" /> </OutputClaims></TechnicalProfile> CreateReadonlyEmailClaim声明转换定义为:<ClaimsTransformation Id="CreateReadonlyEmailClaim" TransformationMethod="FormatStringClaim"> <InputClaims> <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="inputClaim" /> </InputClaims> <InputParameters> <InputParameter Id="stringFormat" DataType="string" Value="{0}" /> </InputParameters> <OutputClaims> <OutputClaim ClaimTypeReferenceId="readonlyEmail" TransformationClaimType="outputClaim" /> </OutputClaims></ClaimsTransformation> readonlyEmail声明类型声明为:<ClaimType Id="readonlyEmail"> <DisplayName>E-mail Address</DisplayName> <DataType>string</DataType> <UserInputType>Readonly</UserInputType></ClaimType>我在这里想念什么?我也尝试过此操作，但登录后出现500错误I also tried this but get a 500 error after login<TechnicalProfile Id="LocalAccountDiscoveryUsingEmailAddressEmailOTP"> <DisplayName>Reset password using email address</DisplayName> <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" /> <Metadata> <Item Key="IpAddressClaimReferenceId">IpAddress</Item> <Item Key="ContentDefinitionReferenceId">api.localaccountpasswordreset</Item> </Metadata> <CryptographicKeys> <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" /> </CryptographicKeys> <IncludeInSso>false</IncludeInSso> <InputClaimsTransformations> <InputClaimsTransformation ReferenceId="CreateReadonlyEmailClaim" /> </InputClaimsTransformations> <InputClaims> <InputClaim ClaimTypeReferenceId="readonlyEmail" /> </InputClaims> <OutputClaims> <OutputClaim ClaimTypeReferenceId="readonlyEmail" PartnerClaimType="verified.email" Required="true" /> <OutputClaim ClaimTypeReferenceId="objectId" /> <OutputClaim ClaimTypeReferenceId="userPrincipalName" /> <OutputClaim ClaimTypeReferenceId="authenticationSource" /> </OutputClaims> <ValidationTechnicalProfiles> <ValidationTechnicalProfile ReferenceId="AAD-UserReadUsingEmailAddressEmailOTP" /> </ValidationTechnicalProfiles></TechnicalProfile>此外，电子邮件经过验证后，还有一个更改电子邮件选项-我们希望将其禁用或更好-使其删除，以便他们在验证后无法继续操作并移至下一步Also once email has been verified there is a change email option - we want that disabled or better - removed so that they can't do it after verification and moved to next step推荐答案按照@ChrisPadgett注释-AAD-UserReadUsingObjectId TP返回signInNames.emailAddress的输出声明，而不是email，因此CreateReadonlyEmailClaim声明转换应引用输入声明signInNames.emailAddress，而不是电子邮件.As per @ChrisPadgett comment - The AAD-UserReadUsingObjectId TP returns an output claim of signInNames.emailAddress, not email, so the CreateReadonlyEmailClaim claims transformation should refer to an input claim of signInNames.emailAddress, not email.通过更改转换来固定. 这篇关于电子邮件地址自动填充在Azure B2C自定义策略中不起作用并禁用更改电子邮件选项的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！