如何验证用户身份?

时间:2015-09-01 13:55:55

标签: c# authentication

我会保持简单。我有一个超时,当用户使用双因素身份验证时,我存储我的数据库。如果用户被记住,但日期超过了超时日期,我想对用户进行身份验证。现在我已经使用发送/验证代码完成了类似的事情,但我想知道是否有办法验证用户,而不必使用AuthenticationManager跳过任何环节。

public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{    
    if (!ModelState.IsValid) 
    {
        return View(model);
    }    
    // This counts login failures towards account lockout
    // To enable password failures to trigger account lockout, change to shouldLockout: false
    var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: true);

    switch (result) 
    {
        case SignInStatus.Success:
           return RedirectToAction("SuccessfulSignIn");
        case SignInStatus.LockedOut:
           return View("Lockout");
        case SignInStatus.RequiresVerification:    
           var user = await UserManager.FindByNameAsync(model.Email);    
           bool Active = ActiveCheck(user);    
           bool RememberMeTimeOut = RememberMeTimeOutCheck(user);    
           if (!Active) 
           {    
               string code = await UserManager.GeneratePasswordResetTokenAsync(user.Id);
               ViewBag.Expired = "Password Expired";

               return RedirectToAction("ResetPassword", "Account", new { userId = user.Id, code = code });
           }
           else if (Active && !RememberMeTimeOut) 
           {    
               return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
           }
           else 
           {
               //Quickly sign the user in
               return RedirectToAction("SuccessfulSignIn");
           }    
        case SignInStatus.Failure:
           default:
           ModelState.AddModelError("", "Invalid login attempt");
           return View(model);
     }
}

1 个答案:

答案 0 :(得分:0)

如果其他人正在考虑这个问题,我会得出结论,你不能简单地跳过&#39;跳过&#39;登录过程。为了解决这个问题,我创建了一个代码(双因素身份验证),而不是将其发送给用户。然后验证了代码。这似乎是对用户进行身份验证的最快(在我看来,很脏)的方式。

 public async Task<ActionResult> TwoFSignIn(string Email) {
            var user = await UserManager.FindByNameAsync(Email);
            string code = await UserManager.GenerateTwoFactorTokenAsync(user.Id, "Email Code");
            await SignInManager.TwoFactorSignInAsync("Email Code", code, isPersistent: false, rememberBrowser: false);
            return RedirectToAction("SuccessfulSignIn");
        }
相关问题
最新问题