设置AspNet身份令牌的计数器

时间:2019-06-21 08:46:04

标签: c# asp.net asp.net-identity token

我正在使用此方法重置密码

public ResetTokenResult DoPasswordResetTokenForChange(string userId, string token)
    {
        switch (UserManager.FindById(userId))
        {
            case null:
                return ResetTokenResult.UnknownUserId;

            case CatalystUser user when ! (user.PasswordInvalidatedByReset ?? false):
                return ResetTokenResult.TokenIsExpired;

            case CatalystUser user when ! ((user.PasswordResetTokenExpiration ?? DateTime.MinValue) > DateTime.UtcNow):
                return ResetTokenResult.TokenIsExpired;

            case CatalystUser user when UserManager.VerifyUserToken(user.Id, "ResetPassword", token):
                user.PasswordResetTokenExpiration = DateTime.UtcNow.AddDays(-1); // 1-time use. Invalidate now.UserManager.Update(user);
                return ResetTokenResult.Success;

            default:
                return ResetTokenResult.InvalidToken;

        }
  }

我正在使用此方法的控制器

    [RequireHttpsWhenConfigured]
    public async Task<ActionResult> Index(PasswordChangePage currentPage, 
    string userId, string token, string returnUrl = "")
    {
        var model = new PasswordChangePageViewModel(currentPage);
        var isResetPasswordRequest = !string.IsNullOrEmpty(userId) && !string.IsNullOrEmpty(token);
        if (!isResetPasswordRequest)
        {
            if (!RequestContext.IsCurrentUserAuthorized()) 

                return Redirect(NavigationService.GetLoginLink());

            model.PasswordChangeModel = new PasswordChangeViewModel {ReturnUrl = returnUrl};
            model.ReturnUrl = returnUrl;
            return View("Index", model);
        }

        if (RequestContext.IsCurrentUserAuthorized())
        {
            SignInManager.AuthenticationManager.SignOut();
            return Redirect(Request.Url?.AbsoluteUri ?? "~/");
        }

        var loginLink = NavigationService.GetLoginLink();
        var result = UserAccountService.DoPasswordResetTokenForChange(userId,Base64ForUrlDecode(token));
        if ((result & ResetTokenResult.Failure) != ResetTokenResult.None)
        {
            model.ChangeCanProceed = false;
            model.ErrorMessage = GetMessageForTokenResult(result);
            model.LoginLink = loginLink;
        }
        else
        {
            model.PasswordChangeModel = new PasswordChangeViewModel { CurrentPassword = "null", IsResetPassword = true, UserId = userId, ResetPasswordToken = token };
            model.ReturnUrl = loginLink;
        }

        return View("Index", model);
    }

当用户想要重设密码时,他们会收到一封带有令牌链接的电子邮件,并且一切正常。据我所知,默认的ASPNET Identity令牌在单击1次链接后便会燃烧。 我的问题是实现逻辑的最佳方法是什么,令牌链接将在单击5次链接后燃烧,该链接将被发送到电子邮件。

0 个答案:

没有答案
相关问题
最新问题