在 ASP.NET Core 中首次登录时强制重定向到另一个页面

Question

currently I'm building web apps for local.目前我正在为本地构建网络应用程序。 When I create new user, I'm setup the user with Default Password.当我创建新用户时，我使用默认密码设置用户。 And I want to, if the User login with the Default Password it will redirect to Change Password Page.我想，如果用户使用默认密码登录，它将重定向到更改密码页面。 And User will not be able to access any page until they change the password.并且用户在更改密码之前将无法访问任何页面。

My current workaround is checking in each controller, is there any Smart way to do this?我目前的解决方法是检查每个控制器，是否有任何智能方法可以做到这一点？

Here's some code after doing login这是登录后的一些代码

[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login([FromForm] LoginViewModel vm, string returnUrl = null)
{
    if (ModelState.IsValid)
    {
        var result = await repository.Login(vm);
        if (result.IsSuccess)
        {
            await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, result.Data,
                new AuthenticationProperties
                {
                    IssuedUtc = DateTime.UtcNow,
                    ExpiresUtc = DateTime.UtcNow.AddDays(1),
                    IsPersistent = false
                });

            if (vm.Password != Password.DefaultPassword)
            {
                return RedirectToLocal(returnUrl);
            }
            else
            {
                return RedirectToAction(nameof(UserController.NewPassword));
            }
        }
        else
        {
            ViewBag.ErrorMessage = result.ErrorMessage;
        }
    }

    return View(vm);
}

For the other Controller, we always check the Password from session.对于另一个控制器，我们总是从会话中检查密码。 If the Password is same as Default Password we redirect it to NewPassword Page如果密码与默认密码相同，我们会将其重定向到NewPassword页面

Thanks in advance!提前致谢！

Answer 1

As @JHBonarius said, my current workaround now is to use Custom Middleware for Redirecting to New Password Page.正如@JHBonarius 所说，我现在的解决方法是使用自定义中间件重定向到新密码页面。

My middleware look like this:我的中间件如下所示：

public class CheckPasswordMiddleware
{
    private readonly RequestDelegate next;

    public CheckPasswordMiddleware(RequestDelegate next)
    {
        this.next = next;
    }

    public async Task Invoke(HttpContext context)
    {
        if (context.Request.Path != "/User/NewPassword" && context.User.Identity.IsAuthenticated)
        {
            var userId = context.User.Identity.GetUserId();
            if (!string.IsNullOrEmpty(userId))
            {
                var dbContext = context.RequestServices.GetRequiredService<DatabaseContext>();
                var passwordHash = await dbContext.User.Where(x => x.Id.ToLower() == userId.ToLower()).Select(x => x.Password).FirstOrDefaultAsync();
                if (Hash.Verify(Password.DefaultPassword, passwordHash))
                {
                    context.Response.Redirect("/User/NewPassword");
                }
            }
        }

        await next(context);
    }
}

and now I can get rid the check in my other controller, and my Login will just look like this:现在我可以摆脱其他控制器中的检查，我的登录将如下所示：

[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login([FromForm] LoginViewModel vm, string returnUrl = null)
{
    if (ModelState.IsValid)
    {
        var result = await repository.Login(vm);
        if (result.IsSuccess)
        {
            await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, result.Data,
                new AuthenticationProperties
                {
                    IssuedUtc = DateTime.UtcNow,
                    ExpiresUtc = DateTime.UtcNow.AddDays(1),
                    IsPersistent = false
                });
            return RedirectToLocal(returnUrl);
        }
        else
        {
            ViewBag.ErrorMessage = result.ErrorMessage;
        }
    }

    return View(vm);
}

Hope this help anyone who want to achieve the same goals.希望这可以帮助任何想要实现相同目标的人。

Thanks!谢谢！

Answer 2

You can store user password using session as below您可以使用session存储用户密码，如下所示

HttpContext.Session.SetString("Password", vm.password);

Then create a filter to check if the user login with the Default Password or not然后创建一个过滤器来检查用户是否使用默认密码登录

public class PasswordFilter: IAuthorizationFilter
    {
        private readonly IHttpContextAccessor _httpContextAccessor;
        private readonly ISession _session;
        public PasswordFilter(IHttpContextAccessor httpContextAccessor)
        {
            _httpContextAccessor = httpContextAccessor;
            _session = _httpContextAccessor.HttpContext.Session;
        }

        public void OnAuthorization(AuthorizationFilterContext context)
        {

            if (_session.GetString("Password") == Password.DefaultPassword)
            {
                context.Result = new RedirectResult(nameof(UserController.NewPassword));

            }
        }
    }

Finally, you can use this filter by adding this attribute to your controllers最后，您可以通过将此属性添加到控制器来使用此过滤器

[TypeFilter(typeof(PasswordFilter))]

I hope this approach achieves your goal.我希望这种方法可以实现您的目标。

在 ASP.NET Core 中首次登录时强制重定向到另一个页面

问题描述

2 个解决方案

解决方案1
1 2021-11-12 01:35:35

解决方案2
0 2021-11-11 10:48:50

在 ASP.NET Core 中首次登录时强制重定向到另一个页面

问题描述

2 个解决方案

解决方案1 1 2021-11-12 01:35:35

解决方案2 0 2021-11-11 10:48:50

解决方案1
1 2021-11-12 01:35:35

解决方案2
0 2021-11-11 10:48:50