Alby96/Mimante
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0a50ba7df5cff60f696fcc49cfbabe05b8386305
Mimante/Mimante/Pages/Account/Login.cshtml.cs
T
Alby96 ed42a41bcd Autenticazione Identity: login sicuro, lockout, UI aggiornata 
- Integra ASP.NET Core Identity: login/password, lockout brute-force, cookie sicuri, password policy forte
- Seed automatico utente admin da variabili ambiente (fallback password temporanea forte)
- Tutte le pagine principali ora protette con [Authorize] e redirect automatico a /login
- Nuovo layout login/logout pulito senza sidebar, spinner durante redirect
- NavMenu mostra utente autenticato e logout
- Rimosse credenziali Bidoo da env/Docker: ora solo cookie sessione da UI
- Aggiornata documentazione: sicurezza, deploy, backup, troubleshooting
- Fix NavigationException, SectionRegistry, errori header read-only
- Versione incrementata a 1.2.0, pronto per deploy production Tailscale/Unraid
2026-01-21 17:00:51 +01:00

90 lines
2.3 KiB
C#
Raw Blame History

using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;
using AutoBidder.Models;
namespace AutoBidder.Pages.Account;
public class LoginModel : PageModel
{
private readonly SignInManager<ApplicationUser> _signInManager;
private readonly UserManager<ApplicationUser> _userManager;
public LoginModel(SignInManager<ApplicationUser> signInManager, UserManager<ApplicationUser> userManager)
{
_signInManager = signInManager;
_userManager = userManager;
}
[BindProperty]
public string Username { get; set; } = string.Empty;
[BindProperty]
public string Password { get; set; } = string.Empty;
[BindProperty]
public bool RememberMe { get; set; }
public string? ErrorMessage { get; set; }
[FromQuery(Name = "returnUrl")]
public string? ReturnUrl { get; set; }
public async Task<IActionResult> OnGetAsync()
{
// Se già autenticato, vai alla home
if (User.Identity?.IsAuthenticated == true)
{
return LocalRedirect(GetSafeReturnUrl());
}
// Logout eventuali sessioni precedenti
await HttpContext.SignOutAsync(IdentityConstants.ApplicationScheme);
return Page();
}
public async Task<IActionResult> OnPostAsync()
{
if (string.IsNullOrEmpty(Username) || string.IsNullOrEmpty(Password))
{
ErrorMessage = "Inserisci username e password.";
return Page();
}
var result = await _signInManager.PasswordSignInAsync(
Username,
Password,
RememberMe,
lockoutOnFailure: true
);
if (result.Succeeded)
{
return LocalRedirect(GetSafeReturnUrl());
}
if (result.IsLockedOut)
{
ErrorMessage = "Account bloccato. Riprova tra qualche minuto.";
}
else
{
ErrorMessage = "Username o password non validi.";
}
return Page();
}
private string GetSafeReturnUrl()
{
// Ritorna solo URL locali sicuri
if (!string.IsNullOrEmpty(ReturnUrl) && Url.IsLocalUrl(ReturnUrl))
{
return ReturnUrl;
}
return "/";
}
}
Reference in New Issue View Git Blame Copy Permalink