![]() ![]() Unfortunately we do not have the time to contact each individual person to resolve violation issues - it is physically impossible for us to do so and there are people who are simply "trolls" who simple cannot be reasoned with. Because of this, we have to treat violations of terms of service seriously. We get a large volume of work being published and many issues that we have to deal with. Why was my account disabled without warning?ĪrtStation is provided as a free service for artists with the best intentions for a community that impacts many lives positively. redirect to an error page.Ĭ typically only disable accounts due to a violation of our terms of service. Clear the exception, otherwise it is re-thrown after this event. When a user is not active this will result in a 401 Options.Events = new OpenIdConnectEvents() This is just a simple example: services.AddOpenIdConnect("oidc", "Open Id connect", options => Luckily there is an option to handle the exception. The client will then throw an exception, because the request has to be succesful: HttpResponseMessage.EnsureSuccessStatusCode. Instead it will lead to a 401: User is not active. Now suppose the user did login and was deactivated later, then the ProfileService will not return claims. You can add any message you like using ModelState.AddModelError. Var vm = await BuildLoginViewModelAsync(model) something went wrong, show form with error ModelState.AddModelError("", AccountOptions.InvalidCredentialsErrorMessage) You can implement this anyway you like. Assume user has property IsActive for this example. Var user = await _userManager.FindByNameAsync(model.Username) ![]() Var result = await _signInManager.PasswordSignInAsync(model.Username, model.Password, model.RememberLogin, lockoutOnFailure: true) Public async Task Login(LoginInputModel model, string button) The following snippet is taken from one of the samples of IdentityServer. I think this is the best place to check, because it'll prevent a lot of actions. When the user is not active you can respond with an error message. These seperate calls are initiated by the client and follow after the user did login.įor a direct response you can add code to the Login method. The 'problem' is that the client starts multiple calls to the ProfileService to retrieve information. Now, supposing that my IsActive = false code was not a bug, but was actually by-design (because, for example, the user's account really was disabled in the microseconds between different OAuth/OpenIDConnect HTTP requests), in which case how can I ensure this message is presented to the user and/or client software?Īfter some investigation I've decided to update the answer.įirst of all, context.IsActive is used to indicate whether GetProfileDataAsync should be executed. ![]() The IdentityServer4 logs do display the reason: No new querystring parameters were added either. Users would be confused why they had successfully authenticated but prompted to login again. AccessTokenValidation (without the User's Claims)ĭue to a bug my code set context.IsActive = false - and when this happened the web-browser which was used to get to the login-page was just redirected back to the login page with no error message or reason information.AuthorizationCodeValidation (with the User's Claims).AuthorizeEndpoint (with the User's Claims).I've noticed it's invoked when context.Caller is one of these values: The IsActiveAsync method is invoked a number of times after the human-user has successfully authenticated through the login web-page when using Implicit and Hybrid flows. In my IdentityServer4 project I implement IProfileService. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |