Use Stack Overflow to get support from the community. Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [azure-ad-b2c]. If you find a bug in the sample, please raise the issue on GitHub Issues. To provide product feedback, visit the Azure Active Directory B2C Feedback page.
This set of policies demonstrates how to integrate Google Captcha into the Sign In page.
- JavaScript is used to embed the Captcha control.
The Captcha response is inserted into a hidden field which the
SelfAsserted-LocalAccountSignin-Emailtechnical profile exposes to the sign in page. - The
SelfAsserted-LocalAccountSignin-Emailtechnical profile retrieves the Captcha response from the hidden field and validates the blob against the Google servers using thelogin-Recaptchavalidation technical profile. This technical profile is a REST API call to the Captcha API. - If the response from the Google server is successful, B2C continues to validate the credentials against the directory using
login-noninteractive. - Otherwise, the API responds back to AAD B2C indicating the Captcha was invalid and must try again. The error can be changed in the API source.
- Each time the user submits the page, the Captcha is reset using JavaScript.
A live version of this policy is available to test.
This sample policy is based on SocialAndLocalAccounts starter pack. All changes are marked with Sample: comment inside the policy XML files. Make the necessary changes in the Sample action required sections.