出于对某些操作的安全目的,要求已登录用户再次确认其密码的页面。一旦确认,它将回到他们最初提出的任何请求(操作)。我应该为此使用用户 API 吗?我怎样才能实现这样的目标?
Public IActionResult IndexMethod()
{
//process request only if user was verified using that verification page.
//It can take in parameters such as tokens if needed
}
【问题讨论】:
标签: asp.net-core .net-core asp.net-core-mvc
在我看来,如果您想在某些操作中出于安全目的再次确认他们的密码。我建议您可以尝试使用操作过滤器而不是直接进入操作,您可以将之前的 url 存储到会话中。
更多细节,你可以参考下面的测试演示:
1.启用会话:
在 Startup.cs 的 ConfigureServices 方法中添加以下代码:
services.AddSession();
将以下代码添加到配置方法中:
app.UseSession();
2.创建过滤器:
public class ConfirmActionFilter : ActionFilterAttribute
{
public override void OnActionExecuted(ActionExecutedContext context)
{
base.OnActionExecuted(context);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
//We will store the user is comfirmed into session and check it at the filter
if (String.IsNullOrEmpty(context.HttpContext.Session.GetString("checked")))
{
//store the path into session route .
context.HttpContext.Session.SetString("route", context.HttpContext.Request.Path);
//redirect to the confrim controller action
context.Result = new RedirectToActionResult("Index", "Confirm", context.HttpContext.Request.RouteValues);
}
}
}
3.添加确认控制器:
public class ConfirmController : Controller
{
public IActionResult Index()
{
//You could get the path
HttpContext.Session.SetString("checked","true");
return View();
}
public IActionResult Checked() {
// redirect to the path user has accessed.
var re = HttpContext.Session.GetString("route");
return new RedirectResult(re);
}
}
过滤器使用:
[ConfirmActionFilter]
public class HomeController : Controller
结果:
如果用户首先访问,你会发现它会进入确认方法。
【讨论】: