阻止用户使用ExternalLoginSignIn
[英]Prevent user from using ExternalLoginSignIn
问题描述
I have a group of users who are our support staff. 
我有一群用户是我们的支持人员。 They should not be allowed to use external login. 不应允许他们使用外部登录。 I can see that Identity can be configured to RequiredConfrmedEmail. 我可以看到可以将Identity配置为RequiredConfrmedEmail。
services.AddIdentity(config => config.SignIn.RequireConfirmedEmail = true)
If the users email is not confirmed then signin will return result.IsNotAllowed = false. 如果未确认用户的电子邮件,则登录将返回result.IsNotAllowed = false.
So my question is there a way to configure sigin to a custom requirement that being Supporter = false on ApplicationUser? 所以我的问题是有没有一种方法可以将sigin配置为ApplicationUser上Supporter = false的自定义要求?
My current solution: 我当前的解决方案:
var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false, bypassTwoFactor: _configurationSettings.ThirdPartyLoginCanUse2Fa);
if (result.Succeeded)
{
// Todo can we make a policy that says supporter cant login using 3rd party apps.
var user = await _userManager.FindByLoginAsync(info.LoginProvider, info.ProviderKey);
if (!_configurationSettings.CanSupporterUse3RdPartyLogin && user.IsXenaSupporter)
{
ErrorMessage = $"Xena supporter may not login with {info.LoginProvider} provider.";
_logger.LogInformation($"User {user.Id} is Xena supporter and may not login with {info.LoginProvider} provider.");
return RedirectToAction(nameof(Login));
}
_logger.LogInformation($"User logged in with {info.LoginProvider} provider.");
return (returnUrl == null)
? RedirectToAction(nameof(Index), "Manage")
: RedirectToLocal(returnUrl);
}
My current solution isn't ideal as technically the user is signed in and I am going to have to force log them out somehow. 我当前的解决方案并不理想,因为从技术上来说,用户已登录,并且我将不得不以某种方式强制注销他们。 Rather then just redirect them to login. 而是将它们重定向到登录名。
What i want is for ExternalLoginSignInAsync to return result.IsNotAllowed if user.IsXenaSupporter is true. 我想要的是ExternalLoginSignInAsync返回result.IsNotAllowed如果user.IsXenaSupporter是真实的。
1 个解决方案
解决方案1
0 2018-01-05 11:58:03
I was able to extend the SignInManager. 我能够扩展SignInManager。
public class ApplicationSignInManager : SignInManager<ApplicationUser>
{
private readonly ILogger _logger;
private readonly ConfigurationSettings _configurationSettings;
public ApplicationSignInManager(ConfigurationSettings configurationSettings, UserManager<ApplicationUser> userManager, IHttpContextAccessor contextAccessor, IUserClaimsPrincipalFactory<ApplicationUser> claimsFactory, IOptions<IdentityOptions> optionsAccessor,
ILogger<ApplicationSignInManager> logger, IAuthenticationSchemeProvider schemes) : base(userManager, contextAccessor, claimsFactory, optionsAccessor, logger, schemes)
{
_configurationSettings = configurationSettings;
_logger = logger;
}
public override async Task<SignInResult> ExternalLoginSignInAsync(string loginProvider, string providerKey, bool isPersistent, bool bypassTwoFactor)
{
var user = await UserManager.FindByLoginAsync(loginProvider, providerKey);
if (user == null)
{
return SignInResult.Failed;
}
var error = await PreSignInCheck(user);
if (error != null)
{
return error;
}
if (!_configurationSettings.CanSupporterUse3RdPartyLogin && user.IsXenaSupporter)
return SignInResult.NotAllowed;
return await SignInOrTwoFactorAsync(user, isPersistent, loginProvider, bypassTwoFactor);
}
}
Now when a user signs in i check that they are allowed. 现在,当用户登录时,我检查它们是否被允许。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.