This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 27%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGK%3C/text%3E%3C/svg%3E)
We have a requirement to restrict particular domain (assume gmail.com) not be used by user during the sign-up flow. For the email address Validation, we used regular expression in custom policy.
Hi @Gowtham K , yes you can do this with a regular expression.
Here's an example of how you can modify your custom policy to achieve this:
Define a new claim type to store the validated email address:
<ClaimType Id="validatedEmail">
<DisplayName>Validated Email</DisplayName>
<DataType>string</DataType>
</ClaimType>
Add a new validation technical profile to validate the email address:
<TechnicalProfile Id="EmailValidation">
<DisplayName>Email Validation</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RegexClaimsProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="RegularExpression">^[a-zA-Z0-9._%+-]+@(?!gmail\.com)[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$</Item>
<Item Key="IgnoreIfNotPresent">false</Item>
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
</Metadata>
<InputClaims>
<InputClaim ClaimTypeReferenceId="email" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="validatedEmail" />
</OutputClaims>
</TechnicalProfile>
In the RegularExpression metadata item, replace gmail\.com with the domain you want to restrict. This regular expression will match any email address that does not end with the restricted domain.
Modify the LocalAccountSignUpWithLogonEmail technical profile to include the email validation:
<TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
<DisplayName>Email signup</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
<Item Key="IpAddressClaimReferenceId">ipAddress</Item>
<Item Key="language.button_continue">Create</Item>
</Metadata>
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
</CryptographicKeys>
<InputClaimsTransformations>
<InputClaimsTransformation ReferenceId="CreateEmailFromLogonEmail" />
</InputClaimsTransformations>
<InputClaims>
<InputClaim ClaimTypeReferenceId="logonEmail" PartnerClaimType="Email" Required="true" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true" />
<OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
<OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
<OutputClaim ClaimTypeReferenceId="validatedEmail" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="EmailValidation" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
In the OutputClaims section, include the validatedEmail claim type to store the validated email address.
With these modifications, the email address entered by the user will be validated against the regular expression in the EmailValidation technical profile. If the email address matches the regular expression, it will be stored in the validatedEmail claim type. If it does not match, the validation will fail and the user will be prompted to enter a different email address.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James
@James Hamil , thank you for the answer. It's restricting the gmail.com domain. However, the regular expression doesn't handle the case. If I try with Gmail.com (caps G) it fails. I want to validate it while verifying the email address with the code. So, I tried adding the regular expression for the existing "email" claim type.
<ClaimType Id="email">
<Restriction>
<Pattern RegularExpression="^[a-zA-Z0-9._%+-]+@(?!gmail\.com)[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$" HelpText="Please enter an allowed email address." />
</Restriction>
</ClaimType>
Could you please help me with some workaround to handle the case? I know we can use claim transform to change the case, but I need to validate the email address while verifying it through code, not on while clicking sign up create button from the signup page.
@James Hamil , do you have any update on my finding?
any update on this ?
I found some workaround with multiple technical profiles.
<ClaimsTransformation Id="ChangeToLower"
TransformationMethod="ChangeCase">
<InputClaims>
<InputClaim ClaimTypeReferenceId="email"
TransformationClaimType="inputClaim1" />
</InputClaims>
<InputParameters>
<InputParameter Id="toCase" DataType="string" Value="LOWER"/>
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="email"
TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
Technical Profile
<TechnicalProfiles>
<TechnicalProfile Id="TP-ChangeEmailCaseToLower">
<DisplayName>Check Company validity </DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
<InputClaims>
<InputClaim ClaimTypeReferenceId="email"/>
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="email"/>
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="ChangeToLower"/>
</OutputClaimsTransformations>
</TechnicalProfile>
2.Technical profile to trigger the "ParseDomain" claim transform.
<ClaimsTransformation Id="SetDomainName"
TransformationMethod="ParseDomain">
<InputClaims>
<InputClaim ClaimTypeReferenceId="email"
TransformationClaimType="emailAddress" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="domainName"
TransformationClaimType="domain" />
</OutputClaims>
</ClaimsTransformation>
<TechnicalProfile Id="TP-ParseDomianName">
<DisplayName>Unit test</DisplayName>
<InputClaims>
<InputClaim ClaimTypeReferenceId="email"/>
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="domainName" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="SetDomainName"
/>
</OutputClaimsTransformations>
</TechnicalProfile>
3.Comparing the domainName Claim to value "gmail.com"
<ClaimsTransformation Id="CompareEmailCalimToValue"
TransformationMethod="CompareClaimToValue">
<InputClaims>
<InputClaim ClaimTypeReferenceId="domainName"
TransformationClaimType="inputClaim1" />
</InputClaims>
<InputParameters>
<InputParameter Id="compareTo" DataType="string"
Value="gmail.com" />
<InputParameter Id="operator" DataType="string" Value="not
equal" />
<InputParameter Id="ignoreCase" DataType="string" Value="true"
/>
<TechnicalProfile Id="TP-ParseDomianNameClaimCheck">
<DisplayName>Unit test</DisplayName>
<Protocol Name="Proprietary"
Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<InputClaims>
<InputClaim ClaimTypeReferenceId="domainName"/>
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="isDomainMatches"/>
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="CompareEmailCalimToValue" />
</OutputClaimsTransformations>
</TechnicalProfile>
4.Assert BooleanClaim(isDomainMatches) IsEqual To Value
<ClaimsTransformation Id="AssertEmailDomainIsTrue"
TransformationMethod="AssertBooleanClaimIsEqualToValue">
<InputClaims>
<InputClaim ClaimTypeReferenceId="isDomainMatches"
TransformationClaimType="inputClaim" />
</InputClaims>
<InputParameters>
<InputParameter Id="valueToCompareTo" DataType="boolean"
Value="true" />
</InputParameters>
</ClaimsTransformation>
<TechnicalProfile Id="Example-AssertBoolean">
<DisplayName>Unit test</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="ComparisonResult" DefaultValue="false"/>
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="AssertEmailDomainIsTrue" />
</OutputClaimsTransformations>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
Using the ValidationTechnicalProfile
<TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
<Metadata>
<Item Key="IpAddressClaimReferenceId">IpAddress</Item>
<Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
<Item Key="UserMessageIfClaimsTransformationBooleanValueIsNotEqual">The Montgomery County work E-Address are not accepted.</Item>
</Metadata>
..........
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="TP-ChangeEmailCaseToLower" ContinueOnError="false"/>
<ValidationTechnicalProfile ReferenceId="TP-ParseDomianName" ContinueOnError="false" />
<ValidationTechnicalProfile ReferenceId="TP-ParseDomianNameClaimCheck" ContinueOnError="false"/>
<ValidationTechnicalProfile ReferenceId="Example-AssertBoolean" ContinueOnError="false"/>
<ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" >
</ValidationTechnicalProfiles>
</TechnicalProfile>