Web API 2和ASP身份-处理被锁定的用户 [英] Web API 2 and ASP Identity - Handling of locked out users

问题描述

我刚刚将我的Web应用程序(ASP.NET MVC)迁移到了ASP Identity.

I just migrated my web app (ASP.NET MVC) to ASP Identity.

除了网络应用程序提供的API外，一切工作都可以正常进行.这是一个WEB API 2，它使用不记名令牌机制对用户进行身份验证.身份验证本身也可以正常工作.但是:当用户被锁定时，仍然会通过API令牌端点为该用户分发令牌.

Everything works fine after quite some work, except the API which the web app provides. This is a WEB API 2, and it is using the bearer token mechanism to authenticate users. The authentication itself also works fine. but: When a user is locked out, the token for the user is still issued via the API-token-endpoint.

有没有建议的方法来解决这个问题?我没有找到任何例子...

Is there a suggested way to handle this? I did not find any example...

谢谢！

推荐答案

好，那是一个愚蠢的...我现在看得更清楚了:)

Ok, that was a stupid one... I see clearer now :)

我一直在眼前:Web-Api2-Template包含一个类"ApplicationOAuthProvider".这个允许多个地方截取管道...我选择了已经被覆盖的方法"GrantResourceOwnerCredentials"，然后在密码检查之后立即检查用户是否被锁定.

I had it all the time in front of my eyes: The Web-Api2-Template includes a class "ApplicationOAuthProvider". This one allows several places to intercept the pipe... I chose the method "GrantResourceOwnerCredentials" which was already overriden, and there I checked if the user is locked out, directly after the password check.

对不起，希望对您有所帮助.

Sorry, hope it helps someone.

这篇关于Web API 2和ASP身份-处理被锁定的用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！