Closed pawepaw closed 8 years ago
I've spotted that external accounts are able to login to system even if they are locked.
i fixed it by overriding ProcessExistingExternalAccountAsync method and checking if user is locked out.
protected override async Task<AuthenticateResult> ProcessExistingExternalAccountAsync(int userID, string provider, string providerId, IEnumerable<Claim> claims) { if (userManager.IsLockedOut(userID)) { return new AuthenticateResult(Messages.InvalidUserNameOrPassword); } return await base.ProcessExistingExternalAccountAsync(userID, provider, providerId, claims); }
if you want i can create pull request for checking if user is active.
Sure, PR away.
I've spotted that external accounts are able to login to system even if they are locked.
i fixed it by overriding ProcessExistingExternalAccountAsync method and checking if user is locked out.
if you want i can create pull request for checking if user is active.