azureazure-active-directoryazure-ad-b2cazure-security

how to limit code verification email Spaming in Azure B2C


I've been trying to see how can I limit the number of codes being send to an email during the signup/reset password. I couldn't find a simple solution from Azure for that.

What I could find is: configuring AFD (azure front door) limit for API calls but that's also kind of complicated and doesn't work 100%.

is there any better solution? there has to be something. thanks.


Solution

  • Have you tried OneTimePasswordProtocolProvider's NumCodeGenerationAttempts? This is still not the ideal solution as the user can start a new session and still continue to spam

    https://learn.microsoft.com/en-us/azure/active-directory-b2c/one-time-password-technical-profile#protocol