我实现了openId connect to a AspNetCore应用程序。
当用户登录时,我想从数据库读取一个标志,并在用户被锁定时中止登录工作流。
我有权访问 OpenId 声明的唯一事件是OnTokenValidated
是否可以从OpenId中止"登录"工作流程?
services
.AddOpenIdConnect("Auth0", options => {
// code removed for simplicity
options.Events = new OpenIdConnectEvents
{
OnTokenValidated = async context =>
{
IUsersRepository usersRepository = context.HttpContext.RequestServices.GetService<IUsersRepository>();
ClaimsPrincipal principal = context.Principal;
string userId = principal.Claims.First(p => p.Type == "user_id").Value;
var user = usersRepository.GetByExternalProviderIdentifier(userId, false);
if(user.IsLocked == true)
{
// although i redirect the user, the cookies are already created, and the user is logged-in.
// How can i abort the login workflow? ie. prevent the cookies from being saved
string redirectUrl = $"/Auth/Login?error={WebUtility.UrlEncode("Your account is locked")}";
context.Response.Redirect(redirectUrl);
}
return Task.FromResult(true);
}
};
});
您可以使用Fail上下文方法:
if(user.IsLocked == true)
{
...
context.Fail("user is locked");
}