How to disable a User in Identity 2.0?

后端 未结 3 1068
无人共我
无人共我 2020-12-30 13:15

I\'m trying to find a way to disable a user in Identity 2.0 and can\'t seem to find any info on it.

I would like to basically set a user to IsActive=false and would

相关标签:
3条回答
  • 2020-12-30 14:01

    When you create a site with the Identity bits installed, your site will have a file called "IdentityModels.cs". In this file is a class called ApplicationUser which inherits from IdentityUser.

    // You can add profile data for the user by adding more properties to your ApplicationUser class, please visit http://go.microsoft.com/fwlink/?LinkID=317594 to learn more.
    public class ApplicationUser : IdentityUser
    

    There is a nice link in the comments there, for ease click here

    This tutorial tells you exactly what you need to do to add custom properties for your user.

    And actually, don't even bother looking at the tutorial.

    1) add a property to the ApplicationUser class, eg:

    public bool? IsEnabled { get; set; }
    

    2) add a column with the same name on the AspNetUsers table in your DB.

    3) boom, that's it!

    Now in your AccountController, you have a Register action as follows:

    public async Task<ActionResult> Register(RegisterViewModel model)
            {
                if (ModelState.IsValid)
                {
                    var user = new ApplicationUser { UserName = model.Email, Email = model.Email, IsEnabled = true };
                    var result = await UserManager.CreateAsync(user, model.Password);
                    if (result.Succeeded)
    

    I've added the IsEnabled = true on the creation of the ApplicationUser object. The value will now be persisted in your new column in the AspNetUsers table.

    You would then need to deal with checking for this value as part of the sign in process, by overriding PasswordSignInAsync in ApplicationSignInManager.

    I did it as follows:

    public override Task<SignInStatus> PasswordSignInAsync(string userName, string password, bool rememberMe, bool shouldLockout)
        {
            var user = UserManager.FindByEmailAsync(userName).Result;
    
            if ((user.IsEnabled.HasValue && !user.IsEnabled.Value) || !user.IsEnabled.HasValue)
            {
                return Task.FromResult<SignInStatus>(SignInStatus.LockedOut);
            }
    
            return base.PasswordSignInAsync(userName, password, rememberMe, shouldLockout);
        }
    

    Your mileage may vary, and you may not want to return that SignInStatus, but you get the idea.

    0 讨论(0)
  • 2020-12-30 14:04

    Was doing some research on this and turns out the IdentityUser base class has some properties related to this topic. Namely: LockoutEnabled and LockoutEndDateUtc.

    It's sufficient to set LockoutEnabled to true and LockoutEndDateUtc to some future date in order for the standard SignInManager.PasswordSignInAsync to pick it up and act accordingly without any overrides or customizations.

    And if you want to just disable the user without specifying any exact date of reactivation you can just set it to DateTime.MaxValue.

    0 讨论(0)
  • 2020-12-30 14:14

    Step #1: Create a custom user store that implements IUserLockoutStore.

         public Task<DateTimeOffset> GetLockoutEndDateAsync(MyUser user)
        {
            //..
        }
    
        public Task SetLockoutEndDateAsync(MyUser user, DateTimeOffset lockoutEnd)
        {
            //..
        }
    
        public Task<int> IncrementAccessFailedCountAsync(MyUser user)
        {
            //..
        }
    
        public Task ResetAccessFailedCountAsync(MyUser user)
        {
            //..
        }
    
        public Task<int> GetAccessFailedCountAsync(MyUser user)
        {
            //..
        }
    
        public Task<bool> GetLockoutEnabledAsync(MyUser user)
        {
            //..
        }
    
        public Task SetLockoutEnabledAsync(MyUser user, bool enabled)
        {
            //..
        }
    }
    

    Step #2: Instead of UserManager, use the following class in your login/logout actions, passing it an instance of your custom user store.

        public class LockingUserManager<TUser, TKey> : UserManager<TUser, TKey>
        where TUser : class, IUser<TKey> 
        where TKey : IEquatable<TKey> 
    {
        private readonly IUserLockoutStore<TUser, TKey> _userLockoutStore;
    
        public LockingUserManager(IUserLockoutStore<TUser, TKey> store)
            : base(store)
        {
            if (store == null) throw new ArgumentNullException("store");
    
            _userLockoutStore = store;
        }
    
        public override async Task<TUser> FindAsync(string userName, string password)
        {
            var user = await FindByNameAsync(userName);
    
            if (user == null) return null;
    
            var isUserLockedOut = await GetLockoutEnabled(user);
    
            if (isUserLockedOut) return user;
    
            var isPasswordValid = await CheckPasswordAsync(user, password);
    
            if (isPasswordValid)
            {
                await _userLockoutStore.ResetAccessFailedCountAsync(user);
            }
            else
            {
                await IncrementAccessFailedCount(user);
    
                user = null;
            }
    
            return user;
        }
    
        private async Task<bool> GetLockoutEnabled(TUser user)
        {
            var isLockoutEnabled = await _userLockoutStore.GetLockoutEnabledAsync(user);
    
            if (isLockoutEnabled == false) return false;
    
            var shouldRemoveLockout = DateTime.Now >= await _userLockoutStore.GetLockoutEndDateAsync(user);
    
            if (shouldRemoveLockout)
            {
                await _userLockoutStore.ResetAccessFailedCountAsync(user);
    
                await _userLockoutStore.SetLockoutEnabledAsync(user, false);
    
                return false;
            }
    
            return true;
        }
    
        private async Task IncrementAccessFailedCount(TUser user)
        {
            var accessFailedCount = await _userLockoutStore.IncrementAccessFailedCountAsync(user);
    
            var shouldLockoutUser = accessFailedCount > MaxFailedAccessAttemptsBeforeLockout;
    
            if (shouldLockoutUser)
            {
                await _userLockoutStore.SetLockoutEnabledAsync(user, true);
    
                var lockoutEndDate = new DateTimeOffset(DateTime.Now + DefaultAccountLockoutTimeSpan);
    
                await _userLockoutStore.SetLockoutEndDateAsync(user, lockoutEndDate);
            }
        }
    }
    

    EXAMPLE

     [AllowAnonymous]
        [HttpPost]
        public async Task<ActionResult> Login(string userName, string password)
        {
            var userManager = new LockingUserManager<MyUser, int>(new MyUserStore())
            {
                DefaultAccountLockoutTimeSpan = /* get from appSettings */,
                MaxFailedAccessAttemptsBeforeLockout = /* get from appSettings */
            };
    
            var user = await userManager.FindAsync(userName, password);
    
            if (user == null)
            {
                // bad username or password; take appropriate action
            }
    
            if (await _userManager.GetLockoutEnabledAsync(user.Id))
            {
                // user is locked out; take appropriate action
            }
    
            // username and password are good
            // mark user as authenticated and redirect to post-login landing page
        }
    

    Source

    0 讨论(0)
提交回复
热议问题