Question

我实现了openId连接到AspNetCore应用程序。

当用户登录时，我想从db读取一个标志，并在用户被锁定时中止登录工作流程。

我可以访问OpenId声明的唯一事件是OnTokenValidated

是否可以从OpenId中止“登录”工作流程？

services
    .AddOpenIdConnect("Auth0", options => {
        // code removed for simplicity

        options.Events = new OpenIdConnectEvents
        {
            OnTokenValidated = async context =>
            {
                IUsersRepository usersRepository = context.HttpContext.RequestServices.GetService<IUsersRepository>();

                ClaimsPrincipal principal = context.Principal;
                string userId = principal.Claims.First(p => p.Type == "user_id").Value;

                var user = usersRepository.GetByExternalProviderIdentifier(userId, false);
                if(user.IsLocked == true)
                {
                    // although i redirect the user, the cookies are already created, and the user is logged-in.

                    // How can i abort the login workflow? ie. prevent the cookies from being saved
                    string redirectUrl = $"/Auth/Login?error={WebUtility.UrlEncode("Your account is locked")}";
                    context.Response.Redirect(redirectUrl);
                }

                return Task.FromResult(true);
            }
        };
    });

Answer 1

您可以使用Fail上下文方法：

if(user.IsLocked == true)
{
     ...
     context.Fail("user is locked");
}

OpenIdConnect中止工作流程

1 个答案: