asp.net-mvc – 防止没有确认电子邮件的用户登录ASP.NET MVC Web API身份(OWIN安全性)
发布时间:2020-05-24 16:16:05 所属栏目:asp.Net 来源:互联网
导读:我有一个MVC和一个Web API项目,使用ASP.NET MVC Web API身份(OWIN安全性)进行身份验证. 我向Register函数添加了一个电子邮件确认,该函数正常工作但我不确定如何在登录之前检查emailConfirmed = true是否因为Web API Identity上没有显式的Login函数,它是隐式的
|
我有一个MVC和一个Web API项目,使用ASP.NET MVC Web API身份(OWIN安全性)进行身份验证. 我向Register函数添加了一个电子邮件确认,该函数正常工作但我不确定如何在登录之前检查emailConfirmed = true是否因为Web API Identity上没有显式的Login函数,它是隐式的. 我知道微软有充分的理由深度封装授权功能,但是没有办法实现这一目标吗? 请指教. 这是我的注册功能: [AllowAnonymous]
[Route("Register")]
public async Task<IHttpActionResult> Register(RegisterBindingModel model)
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
var user = new ApplicationUser() { UserName = model.Email,Email = model.Email };
IdentityResult result = await UserManager.CreateAsync(user,model.Password);
if (!result.Succeeded)
{
return GetErrorResult(result);
}
try
{
var code = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
var callbackUrl = new Uri(Url.Link("ConfirmEmailRoute",new { userId = user.Id,code = code }));
var email = new Email();
email.To = user.Email;
email.From = "info@mycompany.com";
email.Subject = "Please confirm your account";
email.Body = "Please confirm your account by clicking this link: <a href="" + callbackUrl + "">link</a>";
JsonSerializerSettings settings = new JsonSerializerSettings();
settings.ContractResolver = new CamelCasePropertyNamesContractResolver();
var data = JsonConvert.SerializeObject(email);
WebClient client = new WebClient();
client.Headers.Add(HttpRequestHeader.ContentType,"application/json");
var resp = client.UploadString(@"http:...",data);
}
catch (Exception ex)
{
throw new Exception(ex.ToString());
}
return Ok();
}
解决方法经过大量的研究,我找到了答案.我添加了以下代码来检查emailconfirmed = true: var userid = userManager.FindByEmail(context.UserName).Id;
if (!userManager.IsEmailConfirmed(userid))
{
context.SetError("invalid_grant","Email registration wasn't confirmed.");
return;
}
到ApplicationOAuthProvider.cs类中的GrantResourceOwnerCredentials函数(在Provider文件夹下). 这是整个功能: public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
ApplicationUser user = await userManager.FindAsync(context.UserName,context.Password);
if (user == null)
{
context.SetError("invalid_grant","The user name or password is incorrect.");
return;
}
////Added code here
var userid = userManager.FindByEmail(context.UserName).Id;
if (!userManager.IsEmailConfirmed(userid))
{
context.SetError("invalid_grant","Email registration wasn't confirmed.");
return;
}
////
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity,properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
这完美地运行并且在他确认注册电子邮件之前阻止用户登录. (编辑:安卓应用网) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
相关内容
- asp.net-mvc – ASP.NET MVC – 服务层 – 业务层 – 数据层
- asp.net-mvc – 使用ModelState.Remove处理ModelState是否正
- asp.net repeater手写分页实例代码
- asp.net – 表单验证忽略默认文档
- 在ASP.Net MVC中禁用会话状态每请求
- asp.net-core-signalr – 在ClientSide上获取SignalrR Conn
- 无法找到asp.net-mvc – System.Data.Entity.DataBase
- asp.net – WebAPI在控制器上找不到任何操作
- asp.net-mvc-3 – 当不需要/需要使用AntiForgeryToken时?
- Asp.Net MVC缺少样式并默认为登录页面
推荐文章
站长推荐
- 在ASP.NET中实现多文件上传的方法
- asp.net-web-api – WebApi DelegatingHandler未
- asp.net – 如何在EF Core中向Identity用户添加外
- asp.net – 错误:远程服务器返回错误:(401)未经
- 对于单个控件,asp.net – ValidateRequest =“fa
- asp.net-mvc – Asp.net MVC 3验证在TryUpdateMo
- .net – Castle Windsor有没有什么缺点?
- asp.net-mvc – 在BaseController的OnActionExec
- asp.net – 缓存解决方案
- asp.net-mvc – ASP.NET MVC中的AntiForgeryToke
热点阅读