更改密码时从所有浏览器注销用户 [英] Logout User From all Browser When Password is changed

问题描述

我有一个重置密码页面:

I have a Reset Password page:

当用户填写详细信息并单击重置密码按钮时.调用以下控制器:

When the user fills the details and clicks the Reset Password button. The following controller is called:

public ActionResult ResetPassword(ResetPassword model)
{
    ...
    return RedirectToAction("Logout");
}

当用户更改他们的密码时，他们会从浏览器获得Logged Out.但是，如果他们同时登录到另一个浏览器，则他们会在另一个浏览器上保持登录状态.

When the user changes their password, they get Logged Out from the browser. However, if they are logged into another browser at the same time they remain logged in on the other browser.

我想在用户更改密码时从他们登录的所有浏览器中注销.

I want to log out the user from all browsers they are logged into when they change their password.

推荐答案

所以我回到家并决定整理一些代码.给我看代码！！！

So I got home and decided to put together some code. Show me the code !!!

我会使用一个处理程序，所以验证总是在用户第一次访问应用程序时完成，并且对于每个操作方法访问都在一个地方完成.

I would use a handler so the verification is always done when the user first access the application and it is done at one place for every action method access.

这个想法是当用户重置密码时，应用程序记录用户重置密码并且没有第一次登录并注销用户.

The idea is when the user reset their password, the application records the user has reset their password and have not logged in for the first time and sign out the user.

user.HasResetPassword = true;
user.IsFirstLoginAfterPasswordReset = false;

当用户登录时，应用程序会验证用户之前是否重置了密码并且现在是第一次登录.如果这些声明有效，应用程序会更新其记录，说明您尚未重置密码并且您不是第一次登录.

When the user signs in, the application verifies if the user had previously reset their password and is now signing in for the first time. If these statements are valid the application updates its records to say you have not reset your password and you are not signing in for the first time.

第一步

向 ApplicationUser 模型添加两个属性

Add two properties to ApplicationUser model

步骤 2

在 Models 文件夹中添加一个类 AuthHandler.cs，实现如下.在此阶段，您将验证用户是否已重置密码并且自密码重置后是否未首次登录.如果这是真的，将用户重定向到登录.

Add a class AuthHandler.cs in Models folder with the implementation below. At this stage you verify if the user has reset their password and has not logged in for the first time since the password was reset. If this is true, redirect the user to the login.

步骤 3

在 RouteConfig.cs 中调用 AuthHandler，以便为应用程序的每个传入 http 请求调用它.

In RouteConfig.cs call the AuthHandler so that it is invoked for each incoming http request to your application.

步骤 4

在 ResetPassword 方法中添加如下实现.在这一步，当用户重置密码时，更新属性说，他们已经重置密码并且没有第一次登录.请注意，用户在重置密码时也会明确退出.

In ResetPassword method add implementation as below. At this step when a user has reset their password update the properties to say , they have reset their password and have not logged in for the first time. Notice the user is also signed out explicitly when they reset their password.

步骤 5

在 Login 方法中添加下面的实现.在这一步如果用户登录成功，验证他们的密码是否被重置并且他们第一次登录是假的.如果所有条件都为真，则更新数据库中的属性，以便将来用户重置密码时这些属性处于准备就绪状态.确定和更新密码重置状态和重置密码后首次登录的循环.

In Login method add the implementation below. At this step if a user logins in successfully, verify their password was reset and they has logged for the first time is false. If all the conditions are true, update the properties in the database, so the properties are in a state ready for when the user resets the password in the future. So kind of a loop determining and updating the state of the password reset and first logins after resetting the password.

最后

您的 AspnetUsers 表应如下所示

Your AspnetUsers table should look as below

评论

这就是我的处理方式.我没有测试过，所以如果遇到异常，你可以修改它.它也是硬编码来显示解决问题的方法.

This is how I would approach it. I have not tested it so you may have modify it if you encounter exception. It is all also hard coded to show the approach to solved the problem.

这篇关于更改密码时从所有浏览器注销用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！