我正在使用此Dotnet核心MVC / Razor Pages应用程序,它应该防止用户通过搜索栏访问某些控制器路由,除非他们在注册表格中指定了它。我该如何实现? dotnet核心MVC是否为此具有关键字?我被卡住了。下面显示了一些用于身份/帐户/注册的相关代码,显示正在注册
[Required]
[Display(Name = "Choose businesslisting or choice")]
public string Decision { get; set; }
}
public void OnGet(string returnUrl = null)
{
ReturnUrl = returnUrl;
}
public async Task<IActionResult> OnPostAsync(string returnUrl = null)
{
returnUrl = returnUrl ?? Url.Content("~/");
if (ModelState.IsValid)
{
var user = new IdentityUser { UserName = Input.Email, Email = Input.Email };
var result = await _userManager.CreateAsync(user, Input.Password);
if (Input.Decision == "Business Listing" || Input.Decision == "business listing")
{
if (result.Succeeded)
{
_logger.LogInformation("User created a new account with password.");
var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
var callbackUrl = Url.Page(
"/Account/ConfirmEmail",
pageHandler: null,
values: new { userId = user.Id, code = code },
protocol: Request.Scheme);
await _emailSender.SendEmailAsync(Input.Email, "Change your password",
$"Please change your password by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>.");
await _signInManager.SignInAsync(user, isPersistent: false);
return LocalRedirect(returnUrl);
}
}
答案 0 :(得分:0)
我将从ASP.NET Core授权文档https://docs.microsoft.com/en-us/aspnet/core/security/authorization/introduction?view=aspnetcore-2.2
开始在这种情况下,您可能会发现基于声明的身份验证很有用https://docs.microsoft.com/en-us/aspnet/core/security/authorization/claims?view=aspnetcore-2.2
创建用户后,您可以添加特定的声明,以允许他们访问特定的控制器/ URL。