我想通了.schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod 声明的 URI 应使用 http.不是 https.

I figured it out. The URI for the schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod claim should use http. Not https.

你应该改变下面的行

if (pin == "12345")
        {
            System.Security.Claims.Claim claim = new System.Security.Claims.Claim("https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "https://schemas.microsoft.com/ws/2012/12/authmethod/otp");
            claims = new System.Security.Claims.Claim[] { claim };
        }

到

if (pin == "12345")
        {
            System.Security.Claims.Claim claim = new System.Security.Claims.Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", "https://schemas.microsoft.com/ws/2012/12/authmethod/otp");
            claims = new System.Security.Claims.Claim[] { claim };
        }

然后它就会起作用.

当我从 https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-build-custom-认证方法

我已经提交了https://github.com/MicrosoftDocs/windowsserverdocs/pull/4165 github 上的更正，应该很快就会提交.

I have submitted the https://github.com/MicrosoftDocs/windowsserverdocs/pull/4165 correction on github which should get committed soon.