在点击确认电子邮件之前,可以访问.net网络应用程序的授权部分

时间:2017-03-09 12:55:29

标签: asp.net-mvc sendgrid

我正在使用.net 4.5.2和sendgrid。我使用下面的链接作为指南,而不是使用sendgrid v2我使用sendgrid v3。

https://docs.microsoft.com/en-us/aspnet/identity/overview/features-api/account-confirmation-and-password-recovery-with-aspnet-identity

电子邮件确认使用发送到注册用户电子邮件地址的链接。当点击该链接时,"电子邮件确认" AspNetUsers中的字段从false变为true。

但是当用户首次提交注册表单时 - 在点击确认电子邮件之前 - 他们会登录系统。不知何故正在调用_LoginPartial,因为用户的电子邮件地址和注销最终位于导航栏的顶部。

因此,在稍微考虑一下后,ActionController中的登录操作显然是在注册后但在点击电子邮件确认之前调用的。那个不在微软文档中的我不会想到。

但任何解决这个问题的建议都会很棒。我可以检查AspNetUser表中的EmailConfirmation == false。但有没有合适的地方呢?

我查看了这篇文章Prevent login when EmailConfirmed is false,并注明了默认的登录操作代码,并将其替换为以下内容,但它似乎没有什么区别。

 if (ModelState.IsValid)
            {
                var user = await UserManager.FindByNameAsync(model.Email);
                if (user == null)
                {
                    ModelState.AddModelError("", "Invalid login attempt.");
                    return View(model);
                }
                //Add this to check if the email was confirmed.
                if (!await UserManager.IsEmailConfirmedAsync(user.Id))
                {
                    ModelState.AddModelError("", "You need to confirm your email.");
                    return View(model);
                }
                if (await UserManager.IsLockedOutAsync(user.Id))
                {
                    return View("Lockout");
                }
                if (await UserManager.CheckPasswordAsync(user, model.Password))
                {
                    // Uncomment to enable lockout when password login fails
                    //await UserManager.ResetAccessFailedCountAsync(user.Id);
                    return await LoginCommon(user, model.RememberMe, returnUrl);
                }
                else
                {
                    // Uncomment to enable lockout when password login fails
                    //await UserManager.AccessFailedAsync(user.Id);
                    ModelState.AddModelError("", "Invalid login attempt.");
                    return View(model);
                }
            }

            // If we got this far, something failed, redisplay form
            return View(model);

注册行动:

 public async Task<ActionResult> Register(RegisterViewModel model)
        {
            if (ModelState.IsValid)
            {
                var user = new ApplicationUser {UserName = model.Email, Email = model.Email };
                var result = await UserManager.CreateAsync(user, model.Password);
                if (result.Succeeded)
                {
                    await SignInManager.SignInAsync(user, isPersistent:false, rememberBrowser:false);

                    // For more information on how to enable account confirmation and password reset please visit http://go.microsoft.com/fwlink/?LinkID=320771
                    // Send an email with this link 

                    /*These bottom three lines were commented out */
                     string code = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
                     var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme);
                     await UserManager.SendEmailAsync(user.Id, "Confirm your account", "Please confirm your account by clicking <a href=\"" + callbackUrl + "\"></a>");
                    return RedirectToAction("ConfirmRegistration");
                }
                AddErrors(result);
            }

            // If we got this far, something failed, redisplay form
            return View(model);
        }

登录操作:

public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
        if (!ModelState.IsValid)
        {
            return View(model);
        }

        // This doesn't count login failures towards account lockout
        // To enable password failures to trigger account lockout, change to shouldLockout: true
        var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
        switch (result)
        {
            case SignInStatus.Success:
                return RedirectToLocal(returnUrl);
            case SignInStatus.LockedOut:
                return View("Lockout");
            case SignInStatus.RequiresVerification:
                return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
            case SignInStatus.Failure:
            default:
                ModelState.AddModelError("", "Invalid login attempt.");
                return View(model);
        }
    }

1 个答案:

答案 0 :(得分:0)

Register操作中,评论/删除该行:

await SignInManager.SignInAsync(user, isPersistent:false, rememberBrowser:false);

这将在注册时禁用自动登录。然后,在Login操作中,在初始ModelState.IsValid检查后添加以下代码,以检查用户的电子邮件是否已确认:

var user = await UserManager.FindByEmailAsync(model.Email);
if (user != null && !await UserManager.IsEmailConfirmedAsync(user.Id))
{
    ModelState.AddModelError("", "Please confirm your email address before signing in.");
    return View(model);
}