Menu
I just migrated my web app (ASP.NET MVC) to ASP Identity.
Everything works fine after quite some work, except the API which the web app provides. This is a WEB API 2, and it is using the bearer token mechanism to authenticate users. The authentication itself also works fine. but: When a user is locked out, the token for the user is still issued via the API-token-endpoint.
Is there a suggested way to handle this? I did not find any example...
Thanks!
300
ASP.NET Core Identity: Is an API that supports user interface (UI) login functionality. Manages users, passwords, profile data, roles, claims, tokens, email confirmation, and more.
To unlock an account, just call the UnlockUser method and provide an email address. It will find the user based on the email address, set the lockout enabled flag to false and then set the lockout end date to one minute in the past. The result of this method indicates if the change was successful.
LockoutEnabled is used when determining if the current user should be locked out such as when entering too many incorrect passwords. In other words, if LockoutEnd has a date in the future then the user is locked out, even if LockoutEnabled is false , .
SignInManager is a concrete class which handles the user sign in from the application. The SignInManager is responsible for Authenticating a user, i . e signing in and signing out a user. It issues the authentication cookie to the user.
Ok, that was a stupid one... I see clearer now :)
I had it all the time in front of my eyes: The Web-Api2-Template includes a class "ApplicationOAuthProvider". This one allows several places to intercept the pipe... I chose the method "GrantResourceOwnerCredentials" which was already overriden, and there I checked if the user is locked out, directly after the password check.
Sorry, hope it helps someone.
200
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
