使用此代码,即使用户帐户(IsAuthorized)在我的数据库中为false,它仍然会登录。
使用断点,它前进到
else
{
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return Page();
}
但仍然登录用户并显示我的主页。
这是我的代码:
public async Task<IActionResult> OnPostAsync(string returnUrl = null)
{
returnUrl = returnUrl ?? Url.Content("~/");
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync(Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: true);
var a = _context.Users.Where(x => x.Email == Input.Email).FirstOrDefault();
if (result.Succeeded)
{
if (a.IsAuthorized == true)
{
_logger.LogInformation("User logged in.");
return LocalRedirect(returnUrl);
} else
{
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return Page();
}
}
if (result.RequiresTwoFactor)
{
return RedirectToPage("./LoginWith2fa", new { ReturnUrl = returnUrl, RememberMe = Input.RememberMe });
}
if (result.IsLockedOut)
{
_logger.LogWarning("User account locked out.");
return RedirectToPage("./Lockout");
}
else
{
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return Page();
}
}
// If we got this far, something failed, redisplay form
return Page();
}