prevent用户没有确认的电子邮件在ASP.Net MVC与身份登录2 [英] prevent users without confirmed email from logging in ASP.Net MVC with Identity 2
问题描述
在Microsoft身份2有能力的用户可以确认有电子邮件地址,我下载的身份2示例项目从的在这个项目中没有用户确认他们的电子邮件和谁不我想人们不确认他们的电子邮件无法登录此之间的任何差别>是我的尝试:
In microsoft Identity 2 there is ability to users can confirm there email addresses I downloaded Identity 2 sample project from here in this project there isn't any difference between users confirmed their emails and who doesn't I want to people how don't confirmed their emails can't login this is what I tried :
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: true);
switch (result)
{
case SignInStatus.Success:
{
var user = await UserManager.FindByNameAsync(model.Email);
if (user != null)
{
if (!await UserManager.IsEmailConfirmedAsync(user.Id))
{
//first I tried this.
//return LogOff();
HttpContext.Server.TransferRequest("~/Account/LogOff");
return RedirectToAction("Login");
}
}
return RedirectToLocal(returnUrl);
}
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl });
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return View(model);
我试图通过调用注销等()动作方法来强制用户注销,但是。后来我试图用它没有工作和用户认证仍 Server.TransferRequest()但我不知道为什么它做的工作,但它重定向用户RETURNURL =帐户/注销登录页
所以他们证实了他们的电子邮件,并试图后登录他们得到注销我得到真的很困惑!
这是我的注销等()操作方法:
I tried to force user to Logoff by calling LogOff() action method but It didn't work and user remain authenticated .then I tried to use Server.TransferRequest() but I don't know why it did the job but it redirects users to login page with returnUrl="Account/Logoff"
so after they confirmed their email and tried to login they get logoff I get really confused!!
this is my LogOff() action method:
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult LogOff()
{
AuthenticationManager.SignOut();
return RedirectToAction("About", "Home");
}
我GOOGLE了好几天没有任何运气!!!!
I have googled it for days without any luck !!!!
推荐答案
也许它有点晚,但我希望这可以帮助别人。
Maybe its a little late but I hope it may help others.
将此
var userid = UserManager.FindByEmail(model.Email).Id;
if (!UserManager.IsEmailConfirmed(userid))
{
return View("EmailNotConfirmed");
}
在
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
code的第一个块只是检查,如果模型中的电子邮件数据库中存在,并得到它的ID,以检查它是否没有确认过,如果是返回,以便用户至极是这么说的,如果它是证实只是让在用户登录。
The first block of code just checks if the email in the model exists in the database and gets it's id to check if it is not confirmed and if so returns a view to the user wich says so and if it is confirmed just lets the user sign in.
和删除修改的结果交换机这样
And delete your changes to the result switch like this
switch (result)
{
case SignInStatus.Success:
return RedirectToLocal(returnUrl);
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl });
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return View(model);
}
这篇关于prevent用户没有确认的电子邮件在ASP.Net MVC与身份登录2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
