登录中身份框架出现错误 400 - OnPostAsync

问题描述 投票:0回答:1

问题是,当我使用被阻止的帐户登录时,会显示模式,但是当我尝试再次登录时,我会看到一个包含 400 错误的页面。

我的 Login.cshtml.cs 中有此代码:

public async Task<IActionResult> OnPostAsync(string returnUrl = null)
{
    returnUrl ??= Url.Content("~/");

    ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList();

    if (ModelState.IsValid)
    {
        // This doesn't count login failures towards account lockout
        // To enable password failures to trigger account lockout, set lockoutOnFailure: true
        var result = await _signInManager.PasswordSignInAsync(Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: false);

        //------------------------ Registrar ultima coneccion
        DetalleUsuarioDA detalleUsuarioDA = new DetalleUsuarioDA();

        DetalleUsuario detalleUsuario = detalleUsuarioDA.GetDetalleUsuario(Input.Email);

        if (detalleUsuario != null)
        {
            detalleUsuario.UltimaConexion = DateTime.Now;
            detalleUsuarioDA.EditarDetalleUsuario(detalleUsuario);

            RegistroDA registroDA = new RegistroDA();

            Registro registro = new Registro();

            registro.DescripcionRegistro = "Hubo un inicio de sesión desde la ip: " + HttpContext.Connection.RemoteIpAddress;
            registro.Fk_Usuario = detalleUsuario.Fk_User;
            registro.TipoRegistro = "Notificación";
            registro.FechaRegistro = DateTime.Now;
            registro.Estado = "No leido";
            registroDA.InsertRegistro(registro);
        }
        //------------------------ Registrar ultima coneccion
        if (result.Succeeded)
        {
            if (detalleUsuario.EstadoUsuario == "Bloqueado")
            {
                ModelState.AddModelError(string.Empty, "Invalid login attempt.");
                ViewData["showModalBloqueo"] = true;
                return Page();
            }

            _logger.LogInformation("User logged in.");
            return LocalRedirect(returnUrl);
        }
        if (result.RequiresTwoFactor)
        {
            return RedirectToPage("./LoginWith2fa", new { ReturnUrl = returnUrl, RememberMe = Input.RememberMe });
        }
        if (result.IsLockedOut)
        {
            _logger.LogWarning("User account locked out.");
            return RedirectToPage("./Lockout");
        }
        else
        {
            ModelState.AddModelError(string.Empty, "Invalid login attempt.");
            return Page();
        }
    }

    // If we got this far, something failed, redisplay form
    return Page();
}

Login.cshtml 中的代码:


@page
@model LoginModel

@{

    ViewData["Title"] = "Iniciar Sesión";
}

<!-- Form -->
<form id="account" method="post">
    <div class="mb-4">
        <label class="form-label text-white" for="signinSrEmail">Usuario</label>
        <input type="email" class="form-control form-control-xl" name="email" id="signinSrEmail" tabindex="1" placeholder="[email protected]" aria-label="[email protected]" asp-for="Input.Email">
        <span class="invalid-feedback">Please enter a valid email address.</span>
    </div>

    <div class="mb-4">
        <label class="form-label w-100" for="signupSrPassword" tabindex="0">
            <span class="d-flex justify-content-between align-items-center text-white">
                <span>Contraseña</span>
                <a class="form-label-link mb-0" href="#">Olvidaste tu contraseña?</a>
            </span>
        </label>

        <div class="input-group input-group-merge" data-hs-validation-validate-class>
            <input type="password" class="js-toggle-password form-control form-control-xl" asp-for="Input.Password" name="password" id="signupSrPassword" placeholder="8+ characters required" aria-label="8+ characters required" required minlength="8" data-hs-toggle-password-options='{
              "target": "#changePassTarget",
              "defaultClass": "bi-eye-slash",
              "showClass": "bi-eye",
              "classChangeTarget": "#changePassIcon"
                }'>
            <a id="changePassTarget" class="input-group-append input-group-text" href="javascript:;">
                <i id="changePassIcon" class="bi-eye"></i>
            </a>
        </div>

        <span class="invalid-feedback">Please enter a valid password.</span>
    </div>

    <div class="form-check mb-4">
        <input class="form-check-input" type="checkbox" value="" id="termsCheckbox">
        <label class="form-check-label text-white" for="termsCheckbox">
            Recuerdame
        </label>
    </div>

    <div class="d-grid">
        <button type="submit" class="btn btn-primary">Ingresar</button>
    </div>
</form>

<div class="modal fade" id="modal_bloqueo" tabindex="-1">
    <div class="modal-dialog modal-dialog-centered">
        <div class="modal-content">
            <!-- Header -->
            <div class="modal-close">
                <button type="button" class="btn btn-ghost-secondary btn-icon btn-sm" data-bs-dismiss="modal" aria-label="Close">
                    <i class="bi-x-lg"></i>
                </button>
            </div>
            <!-- End Header -->
            <!-- Body -->
            <div class="modal-body p-sm-5">
                <div class="text-center mb-5">
                    <h4 class="h1">¡Tu cuenta fue bloqueada!</h4>
                </div>

                <!-- Media -->
                <div class="d-flex">
                    <div class="flex-shrink-0">
                        <div class="d-flex justify-content-center">
                            <img src="~/theme/front-v2-1/dist/assets/imagen/iconos/robot_feliz_fondo.svg" alt="Mi imagen" class="img-fluid" width="120px">
                        </div>
                    </div>

                    <div class="flex-grow-1 ms-4">
                        <h4>Cuenta bloqueada!</h4>
                        <p>Tu cuenta ha sido bloqueada debido a la gran cantidad de faltas que has cometido</p>
                    </div>
                </div>
                <!-- End Media -->


            </div>
            <!-- End Body -->
            <!-- Footer -->
            <div class="modal-footer justify-content-center">
                <button type="button" class="btn btn-primary" data-bs-dismiss="modal"> Cerrar </button>
            </div>
            <!-- End Footer -->
        </div>
    </div>
</div>



<!-- End Form -->
@section Scripts {
    <partial name="_ValidationScriptsPartial" />
    @if ((bool?)ViewData["showModalBloqueo"] == true)
    {
        <script>

            $(window).load(function () {
                $('#modal_bloqueo').modal('show');
            })

        </script>
    
    }
    

}

我尝试在 Login.chtml.cs 中放置一个断点以查看发生了什么,但该断点从未被调用。

javascript c# html asp.net-core asp.net-identity
1个回答
0
投票

问题是,当我使用被阻止的帐户登录时,模式 已显示,但是当我尝试再次登录时,我有一个包含 400 的页面 错误。

在 Razor 中,页面被设计为默认启动以防止跨站请求伪造攻击,并且防伪造令牌生成和验证会自动包含在 Razor 页面中。您可以打开页面的开发者工具查看表单中是否存在隐藏的input元素,其中包含__RequestVerificationToken的相关配置。

并且您可以在请求发送后在网络中检查此令牌。

如果没有找到,您可以通过以下形式启用防伪令牌:

<form id="account" method="post">
    @Html.AntiForgeryToken()
 
 </form>

如果不想使用防伪令牌生成,可以在program.cs中全局禁用防伪令牌认证:

builder.Services.AddMvc().AddRazorPagesOptions(o =>
{
    o.Conventions.ConfigureFilter(new IgnoreAntiforgeryTokenAttribute());
}).InitializeTagHelper<FormTagHelper>((helper, context) => helper.Antiforgery = false);

禁用后:

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.