Hi @Gowtham K , yes you can do this with a regular expression.
Here's an example of how you can modify your custom policy to achieve this:
Define a new claim type to store the validated email address:
<ClaimType Id="validatedEmail">
<DisplayName>Validated Email</DisplayName>
<DataType>string</DataType>
</ClaimType>
Add a new validation technical profile to validate the email address:
<TechnicalProfile Id="EmailValidation">
<DisplayName>Email Validation</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RegexClaimsProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="RegularExpression">^[a-zA-Z0-9._%+-]+@(?!gmail\.com)[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$</Item>
<Item Key="IgnoreIfNotPresent">false</Item>
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
</Metadata>
<InputClaims>
<InputClaim ClaimTypeReferenceId="email" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="validatedEmail" />
</OutputClaims>
</TechnicalProfile>
In the RegularExpression
metadata item, replace gmail\.com
with the domain you want to restrict. This regular expression will match any email address that does not end with the restricted domain.
Modify the LocalAccountSignUpWithLogonEmail
technical profile to include the email validation:
<TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
<DisplayName>Email signup</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
<Item Key="IpAddressClaimReferenceId">ipAddress</Item>
<Item Key="language.button_continue">Create</Item>
</Metadata>
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
</CryptographicKeys>
<InputClaimsTransformations>
<InputClaimsTransformation ReferenceId="CreateEmailFromLogonEmail" />
</InputClaimsTransformations>
<InputClaims>
<InputClaim ClaimTypeReferenceId="logonEmail" PartnerClaimType="Email" Required="true" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true" />
<OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
<OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
<OutputClaim ClaimTypeReferenceId="validatedEmail" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="EmailValidation" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
In the OutputClaims
section, include the validatedEmail
claim type to store the validated email address.
With these modifications, the email address entered by the user will be validated against the regular expression in the EmailValidation
technical profile. If the email address matches the regular expression, it will be stored in the validatedEmail
claim type. If it does not match, the validation will fail and the user will be prompted to enter a different email address.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James