小贝子编程

阻止用户使用 ExternalLoginSignIn



我有一组用户是我们的支持人员。 不应允许他们使用外部登录。 我可以看到Identity可以配置为RequiredConfrmedEmail。

services.AddIdentity(config => config.SignIn.RequireConfirmedEmail = true)

如果用户的电子邮件未得到确认,则登录将返回result.IsNotAllowed = false.

所以我的问题有没有办法将 sigin 配置为自定义要求,即在应用程序用户上成为支持者 = false?

我目前的解决方案:

 var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false, bypassTwoFactor: _configurationSettings.ThirdPartyLoginCanUse2Fa);
            if (result.Succeeded)
            {
                // Todo can we make a policy that says supporter cant login using 3rd party apps.
                var user = await _userManager.FindByLoginAsync(info.LoginProvider, info.ProviderKey);
                if (!_configurationSettings.CanSupporterUse3RdPartyLogin && user.IsXenaSupporter)
                {
                    ErrorMessage = $"Xena supporter may not login with {info.LoginProvider} provider.";
                    _logger.LogInformation($"User {user.Id} is Xena supporter and may not login with {info.LoginProvider} provider.");
                    return RedirectToAction(nameof(Login));
                }
                _logger.LogInformation($"User logged in with {info.LoginProvider} provider.");
                return (returnUrl == null)
                    ? RedirectToAction(nameof(Index), "Manage")
                    : RedirectToLocal(returnUrl);
            }

当前的解决方案并不理想,因为从技术上讲,用户已登录,我将不得不以某种方式强制注销它们。 而不是只是将它们重定向到登录。

我想要的是让ExternalLoginSignInAsync返回result.IsNotAllowed如果user.IsXenaSupporter是真的。

我能够扩展登录管理器。 

public class ApplicationSignInManager : SignInManager<ApplicationUser>
    {
        private readonly ILogger _logger;
        private readonly ConfigurationSettings _configurationSettings;
        public ApplicationSignInManager(ConfigurationSettings configurationSettings, UserManager<ApplicationUser> userManager, IHttpContextAccessor contextAccessor, IUserClaimsPrincipalFactory<ApplicationUser> claimsFactory, IOptions<IdentityOptions> optionsAccessor,
            ILogger<ApplicationSignInManager> logger, IAuthenticationSchemeProvider schemes) : base(userManager, contextAccessor, claimsFactory, optionsAccessor, logger, schemes)
        {
            _configurationSettings = configurationSettings;
            _logger = logger;
        }
        public override async Task<SignInResult> ExternalLoginSignInAsync(string loginProvider, string providerKey, bool isPersistent, bool bypassTwoFactor)
        {
            var user = await UserManager.FindByLoginAsync(loginProvider, providerKey);
            if (user == null)
            {
                return SignInResult.Failed;
            }
            var error = await PreSignInCheck(user);
            if (error != null)
            {
                return error;
            }
            if (!_configurationSettings.CanSupporterUse3RdPartyLogin && user.IsXenaSupporter)
                return SignInResult.NotAllowed;
            return await SignInOrTwoFactorAsync(user, isPersistent, loginProvider, bypassTwoFactor);
        }
}

现在,当用户登录时,我会检查他们是否被允许。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium