问题是,当我使用被阻止的帐户登录时,会显示模式,但是当我尝试再次登录时,我会看到一个包含 400 错误的页面。
我的 Login.cshtml.cs 中有此代码:
public async Task<IActionResult> OnPostAsync(string returnUrl = null)
{
returnUrl ??= Url.Content("~/");
ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList();
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync(Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: false);
//------------------------ Registrar ultima coneccion
DetalleUsuarioDA detalleUsuarioDA = new DetalleUsuarioDA();
DetalleUsuario detalleUsuario = detalleUsuarioDA.GetDetalleUsuario(Input.Email);
if (detalleUsuario != null)
{
detalleUsuario.UltimaConexion = DateTime.Now;
detalleUsuarioDA.EditarDetalleUsuario(detalleUsuario);
RegistroDA registroDA = new RegistroDA();
Registro registro = new Registro();
registro.DescripcionRegistro = "Hubo un inicio de sesión desde la ip: " + HttpContext.Connection.RemoteIpAddress;
registro.Fk_Usuario = detalleUsuario.Fk_User;
registro.TipoRegistro = "Notificación";
registro.FechaRegistro = DateTime.Now;
registro.Estado = "No leido";
registroDA.InsertRegistro(registro);
}
//------------------------ Registrar ultima coneccion
if (result.Succeeded)
{
if (detalleUsuario.EstadoUsuario == "Bloqueado")
{
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
ViewData["showModalBloqueo"] = true;
return Page();
}
_logger.LogInformation("User logged in.");
return LocalRedirect(returnUrl);
}
if (result.RequiresTwoFactor)
{
return RedirectToPage("./LoginWith2fa", new { ReturnUrl = returnUrl, RememberMe = Input.RememberMe });
}
if (result.IsLockedOut)
{
_logger.LogWarning("User account locked out.");
return RedirectToPage("./Lockout");
}
else
{
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return Page();
}
}
// If we got this far, something failed, redisplay form
return Page();
}
Login.cshtml 中的代码:
@page
@model LoginModel
@{
ViewData["Title"] = "Iniciar Sesión";
}
<!-- Form -->
<form id="account" method="post">
<div class="mb-4">
<label class="form-label text-white" for="signinSrEmail">Usuario</label>
<input type="email" class="form-control form-control-xl" name="email" id="signinSrEmail" tabindex="1" placeholder="[email protected]" aria-label="[email protected]" asp-for="Input.Email">
<span class="invalid-feedback">Please enter a valid email address.</span>
</div>
<div class="mb-4">
<label class="form-label w-100" for="signupSrPassword" tabindex="0">
<span class="d-flex justify-content-between align-items-center text-white">
<span>Contraseña</span>
<a class="form-label-link mb-0" href="#">Olvidaste tu contraseña?</a>
</span>
</label>
<div class="input-group input-group-merge" data-hs-validation-validate-class>
<input type="password" class="js-toggle-password form-control form-control-xl" asp-for="Input.Password" name="password" id="signupSrPassword" placeholder="8+ characters required" aria-label="8+ characters required" required minlength="8" data-hs-toggle-password-options='{
"target": "#changePassTarget",
"defaultClass": "bi-eye-slash",
"showClass": "bi-eye",
"classChangeTarget": "#changePassIcon"
}'>
<a id="changePassTarget" class="input-group-append input-group-text" href="javascript:;">
<i id="changePassIcon" class="bi-eye"></i>
</a>
</div>
<span class="invalid-feedback">Please enter a valid password.</span>
</div>
<div class="form-check mb-4">
<input class="form-check-input" type="checkbox" value="" id="termsCheckbox">
<label class="form-check-label text-white" for="termsCheckbox">
Recuerdame
</label>
</div>
<div class="d-grid">
<button type="submit" class="btn btn-primary">Ingresar</button>
</div>
</form>
<div class="modal fade" id="modal_bloqueo" tabindex="-1">
<div class="modal-dialog modal-dialog-centered">
<div class="modal-content">
<!-- Header -->
<div class="modal-close">
<button type="button" class="btn btn-ghost-secondary btn-icon btn-sm" data-bs-dismiss="modal" aria-label="Close">
<i class="bi-x-lg"></i>
</button>
</div>
<!-- End Header -->
<!-- Body -->
<div class="modal-body p-sm-5">
<div class="text-center mb-5">
<h4 class="h1">¡Tu cuenta fue bloqueada!</h4>
</div>
<!-- Media -->
<div class="d-flex">
<div class="flex-shrink-0">
<div class="d-flex justify-content-center">
<img src="~/theme/front-v2-1/dist/assets/imagen/iconos/robot_feliz_fondo.svg" alt="Mi imagen" class="img-fluid" width="120px">
</div>
</div>
<div class="flex-grow-1 ms-4">
<h4>Cuenta bloqueada!</h4>
<p>Tu cuenta ha sido bloqueada debido a la gran cantidad de faltas que has cometido</p>
</div>
</div>
<!-- End Media -->
</div>
<!-- End Body -->
<!-- Footer -->
<div class="modal-footer justify-content-center">
<button type="button" class="btn btn-primary" data-bs-dismiss="modal"> Cerrar </button>
</div>
<!-- End Footer -->
</div>
</div>
</div>
<!-- End Form -->
@section Scripts {
<partial name="_ValidationScriptsPartial" />
@if ((bool?)ViewData["showModalBloqueo"] == true)
{
<script>
$(window).load(function () {
$('#modal_bloqueo').modal('show');
})
</script>
}
}
我尝试在 Login.chtml.cs 中放置一个断点以查看发生了什么,但该断点从未被调用。
问题是,当我使用被阻止的帐户登录时,模式 已显示,但是当我尝试再次登录时,我有一个包含 400 的页面 错误。
在 Razor 中,页面被设计为默认启动以防止跨站请求伪造攻击,并且防伪造令牌生成和验证会自动包含在 Razor 页面中。您可以打开页面的开发者工具查看表单中是否存在隐藏的input元素,其中包含__RequestVerificationToken的相关配置。
如果没有找到,您可以通过以下形式启用防伪令牌:
<form id="account" method="post">
@Html.AntiForgeryToken()
</form>
如果不想使用防伪令牌生成,可以在program.cs中全局禁用防伪令牌认证:
builder.Services.AddMvc().AddRazorPagesOptions(o =>
{
o.Conventions.ConfigureFilter(new IgnoreAntiforgeryTokenAttribute());
}).InitializeTagHelper<FormTagHelper>((helper, context) => helper.Antiforgery = false);