[英]Prevent user from using ExternalLoginSignIn
我有一群用戶是我們的支持人員。 不應允許他們使用外部登錄。 我可以看到可以將Identity配置為RequiredConfrmedEmail。
services.AddIdentity(config => config.SignIn.RequireConfirmedEmail = true)
如果未確認用戶的電子郵件,則登錄將返回result.IsNotAllowed = false.
所以我的問題是有沒有一種方法可以將sigin配置為ApplicationUser上Supporter = false的自定義要求?
我當前的解決方案:
var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false, bypassTwoFactor: _configurationSettings.ThirdPartyLoginCanUse2Fa);
if (result.Succeeded)
{
// Todo can we make a policy that says supporter cant login using 3rd party apps.
var user = await _userManager.FindByLoginAsync(info.LoginProvider, info.ProviderKey);
if (!_configurationSettings.CanSupporterUse3RdPartyLogin && user.IsXenaSupporter)
{
ErrorMessage = $"Xena supporter may not login with {info.LoginProvider} provider.";
_logger.LogInformation($"User {user.Id} is Xena supporter and may not login with {info.LoginProvider} provider.");
return RedirectToAction(nameof(Login));
}
_logger.LogInformation($"User logged in with {info.LoginProvider} provider.");
return (returnUrl == null)
? RedirectToAction(nameof(Index), "Manage")
: RedirectToLocal(returnUrl);
}
我當前的解決方案並不理想,因為從技術上來說,用戶已登錄,並且我將不得不以某種方式強制注銷他們。 而是將它們重定向到登錄名。
我想要的是ExternalLoginSignInAsync
返回result.IsNotAllowed
如果user.IsXenaSupporter
是真實的。
我能夠擴展SignInManager。
public class ApplicationSignInManager : SignInManager<ApplicationUser>
{
private readonly ILogger _logger;
private readonly ConfigurationSettings _configurationSettings;
public ApplicationSignInManager(ConfigurationSettings configurationSettings, UserManager<ApplicationUser> userManager, IHttpContextAccessor contextAccessor, IUserClaimsPrincipalFactory<ApplicationUser> claimsFactory, IOptions<IdentityOptions> optionsAccessor,
ILogger<ApplicationSignInManager> logger, IAuthenticationSchemeProvider schemes) : base(userManager, contextAccessor, claimsFactory, optionsAccessor, logger, schemes)
{
_configurationSettings = configurationSettings;
_logger = logger;
}
public override async Task<SignInResult> ExternalLoginSignInAsync(string loginProvider, string providerKey, bool isPersistent, bool bypassTwoFactor)
{
var user = await UserManager.FindByLoginAsync(loginProvider, providerKey);
if (user == null)
{
return SignInResult.Failed;
}
var error = await PreSignInCheck(user);
if (error != null)
{
return error;
}
if (!_configurationSettings.CanSupporterUse3RdPartyLogin && user.IsXenaSupporter)
return SignInResult.NotAllowed;
return await SignInOrTwoFactorAsync(user, isPersistent, loginProvider, bypassTwoFactor);
}
}
現在,當用戶登錄時,我檢查它們是否被允許。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.