Closed qq1176914912 closed 2 weeks ago
qq1176914912
commented
2 weeks ago I found when I removed the judgment, I open a browser can have direct access to this address "https://localhost:5001/master/pwd/Register" normal access and registration page, but fill in the registration contents and click the register button, there will not be any hints and content. It only clears the form.
simpleidserver
commented
2 weeks ago Hello,
If a registration workflow has not been initialized by the user and the user is not authenticated, then the URL https://localhost:5001/master/pwd/register should not be accessible. The registration workflow is considered initialized when the user navigates to the URL https://localhost:5001/master/registration?workflowName=pwd.
When the user accesses this URL, there are three possible scenarios:
| Pre-condition | Action |
|---|---|
| The user is not authenticated, and the workflow is not initialized | Display an error message |
| The user is authenticated, but the workflow is not initialized | Display the screen to update credentials |
| The workflow is initialized | Display the screen with all actions defined in the registration workflow |
I tried to have direct access to the registered address: https://localhost:5001/master/pwd/Register, you will be prompted me without permission, I saw your source discovered that a "IsNotAllowed" attribute, to control the display permissions, you do what is the meaning of it? The registration page should generally be accessible to anyone directly, so if I remove this judgment, what impact will it have?