0

我正在尝试在未设置密码时强制重定向用户设置密码。最初,用户将使用提供给用户的初始密码登录。(该PasswordHash值为空。我正在使用另一个值initialPassword)。

因此,当PasswordHash仍然为空时,用户将被重定向到 SetPassword 页面。

我制作的全局过滤器是这个

public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new HandleErrorAttribute());
        filters.Add(new CheckCandidatePasswordSetFilterAttribute());
    }
}



public class CheckCandidatePasswordSetFilterAttribute: ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        var principal = (ClaimsPrincipal)filterContext.HttpContext.User;

        if (principal.Identity.IsAuthenticated && principal.IsInRole(RoleNames.CandidateRole) &&
            !IsRouteSetToSetPassword(filterContext.RouteData.Values) && !IsRouteIsLogout(filterContext.RouteData.Values))
        {
            bool hasPassword = principal.HasClaim(CustomClaimTypes.CandidateHasPassword, true.ToString());
            if (!hasPassword)
            {
                filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new
                {
                    area = string.Empty,
                    controller = "Manage",
                    action = "SetPassword"
                }));
            }
            return;
        }

        base.OnActionExecuting(filterContext);
    }

    private bool IsRouteIsLogout(RouteValueDictionary routeData)
    {
        routeData.TryGetValue("area", out object area);
        if (area != null && !area.ToString().Equals(string.Empty))
            return false;

        if (!routeData.TryGetValue("controller", out object controller))
            return false;
        if (!routeData.TryGetValue("action", out object action))
            return false;

        return controller.ToString().Equals("Account", StringComparison.OrdinalIgnoreCase) && action.ToString().Equals("LogOff", StringComparison.OrdinalIgnoreCase);
    }

    private static bool IsRouteSetToSetPassword(RouteValueDictionary routeData)
    {
        routeData.TryGetValue("area", out object area);
        if (area != null && !area.ToString().Equals(string.Empty))
            return false;

        if (!routeData.TryGetValue("controller", out object controller))
            return false;
        if (!routeData.TryGetValue("action", out object action))
            return false;

        return controller.ToString().Equals("Manage", StringComparison.OrdinalIgnoreCase) && action.ToString().Equals("SetPassword", StringComparison.OrdinalIgnoreCase);
    }
}

问题是它给出了一个重定向循环。 这是浏览器网络选项卡的屏幕截图

我还是 MVC 的新手,仍然对此感到困惑。

路线配置:

public static void RegisterRoutes(RouteCollection routes)
    {
        routes.IgnoreRoute("{resource}.axd/{*pathInfo}");

        routes.MapRoute(
            name: "Default",
            url: "{controller}/{action}/{id}",
            defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional },
            namespaces: new string[] { "ERecruitment.Controllers" }
        );
    }
4

1 回答 1

0

我的错。这是导致此重定向循环的其他地方的问题

public ActionResult SetPassword()
    {
        var principal = (ClaimsPrincipal)User;
        if(principal.IsInRole(RoleNames.CandidateRole) 
              //the code below is the problem
             && principal.FindFirst(CustomClaimTypes.CandidateHasPassword).Equals(false.ToString()))
            return View();

        return RedirectToAction("Index", "Home");
    }

我只需要将代码更改为

if(principal.IsInRole(RoleNames.CandidateRole) && principal.HasClaim(CustomClaimTypes.CandidateHasPassword, false.ToString()))
于 2018-10-30T04:09:58.310 回答