问题描述

最新的ASP.NET相同位（2.0测试版），包括用于确认用户的电子邮件地址的基础。该包的NuGet微软Asp.Net身份样本包含一个显示这种流动的样本。但样品中，即使在 EmailConfirmed = FALSE ，还有在用户体验上没有什么不同的行为。

The newest ASP.NET identity bits (2.0 beta) include the foundation for confirming user email addresses. The NuGet package "Microsoft Asp.Net Identity Samples" contains a sample showing this flow. But in that sample, even when EmailConfirmed = false, there is no different behavior in the user experience.

如何从能够登录时，他们的电子邮件地址尚未确认prevent用户？我知道我可以有用户登录，无论再上执行检查 EmailConfirmed 字段，但是现在看来似乎会更有效的，如果我可以在所有的时候 EmailConfirmed =成功登录prevent用户= FALSE

How can I prevent users from being able to login when their email address is not yet confirmed? I understand that I can have the users log in regardless and then perform the check on the EmailConfirmed field, but it seems like it would be much more efficient if I could prevent the user from successfully logging in at all when EmailConfirmed == false

推荐答案

您需要几行添加到登录操作（POST方法）来验证用户确认他们的电子邮件。要检查的方法就是 UserManager.IsEmailConfirmed 。这里是你的登录操作将是什么样子。

You need to add a few lines to the Login action (POST method) to verify that the user has confirmed their email. The method you want to check is UserManager.IsEmailConfirmed. Here is what your Login action will look like.

    public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
    {
        if (ModelState.IsValid)
        {
            var user = await UserManager.FindByNameAsync(model.Email);
            if (user == null)
            {
                ModelState.AddModelError("", "Invalid login attempt.");
                return View(model);
            }
            //Add this to check if the email was confirmed.
            if (!await UserManager.IsEmailConfirmedAsync(user.Id))
            {
                ModelState.AddModelError("", "You need to confirm your email.");
                return View(model);
            }
            if (await UserManager.IsLockedOutAsync(user.Id))
            {
                return View("Lockout");
            }
            if (await UserManager.CheckPasswordAsync(user, model.Password))
            {
                // Uncomment to enable lockout when password login fails
                //await UserManager.ResetAccessFailedCountAsync(user.Id);
                return await LoginCommon(user, model.RememberMe, returnUrl);
            }
            else
            {
                // Uncomment to enable lockout when password login fails
                //await UserManager.AccessFailedAsync(user.Id);
                ModelState.AddModelError("", "Invalid login attempt.");
                return View(model);
            }
        }

        // If we got this far, something failed, redisplay form
        return View(model);
    }

在这个例子中我只是用户返回到登录视图，并显示一条错误消息。你可以将它们返还给提供有关下一步骤的详细信息，以确认他们的电子邮件，甚至让他们重新发送电子邮件确认了该选项的视图。

In this example I just return the user to the login view and display an error message. You could return them to another view that provides more details on the next steps to confirm their email, or even give them the option to resend the email confirmation.

这篇关于prevent登录时EmailConfirmed是假的的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！