I am creating an employee scheduling site in ASP.net MVC 6. I have an employee table, shift table and a shiftEmployee table to handle the many to many relationship.
我在ASP.net MVC 6中创建了一个员工调度站点。我有一个employee表,shift表和一个shiftEmployee表来处理多对多的关系。
It's configured so that each employee logs into the site using their employee ID number and a password. Then they can see each future shift they are scheduled to. They must acknowledge each assigned shift in a process known as "pulling their pin".
它被配置为使每个员工使用他们的员工ID号和密码登录站点。然后他们可以看到他们预定的每个未来班次。他们必须在称为“拔针”的过程中确认每个指定的班次。
So far everything is working as expected. My goal and my question is this:
到目前为止,一切都按预期工作。我的目标和问题是:
When an employee pulls their pin for each shift, I would like them to have to confirm this action by entering their password again, keeping in mind the user is already signed into the site. What is the easiest/correct/most secure way to accomplish this?
当员工为每个班次拉出他们的销钉时,我希望他们必须再次输入密码来确认此操作,请记住用户已经登录该站点。实现这一目标的最简单/最正确/最安全的方法是什么?
The Pull GET/POST methods are basically the same as a standard MVC edit action, simply renamed Pull.
Pull GET / POST方法与标准MVC编辑操作基本相同,只需重命名为Pull。
// GET: PullPin/Pull/5
public IActionResult Pull(int? id)
{
if (id == null)
{
return HttpNotFound();
}
var shiftEmp = _context.ShiftEmployees.Single(m => m.ShiftEmployeeID == id);
if (shiftEmployee == null)
{
return HttpNotFound();
}
}
// POST: PullPin/Pull/5
[HttpPost]
[ValidateAntiForgeryToken]
public IActionResult Pull(ShiftEmployee shiftEmployee)
{
var user = GetCurrentUserAsync();
pullPin.PinStatusID = 3; // Status ID #3 = Pulled
if (ModelState.IsValid)
{
_context.Update(shiftEmployee);
_context.SaveChanges();
return RedirectToAction("Index");
}
return View(shiftEmployee);
}
And here is my ShiftEmployee class
这是我的ShiftEmployee类
public class ShiftEmployee
{
public int ShiftEmployeeID { get; set; }
public int ShiftID { get; set; }
public int EmployeeID { get; set; }
public int PinStatusID { get; set; }
public virtual Shift Shift { get; set; }
[JsonIgnore]
public virtual Employee Employee { get; set; }
public virtual PinStatus PinStatus { get; set; }
}
1 个解决方案
#1
0
In the standard MVC6 template, it uses ASP.NET Core Identity for the login functionality. Part of that package is the UserManager object (you also get a SignInManager among other things.)
在标准MVC6模板中,它使用ASP.NET Core Identity作为登录功能。该软件包的一部分是UserManager对象(您还可以获得SignInManager等。)
The UserManager object has a method specifically for checking passwords called CheckPasswordAsync and is used like this:
UserManager对象有一个专门用于检查名为CheckPasswordAsync的密码的方法,如下所示:
_userManager.CheckPasswordAsync(user, password)
#1
0
In the standard MVC6 template, it uses ASP.NET Core Identity for the login functionality. Part of that package is the UserManager object (you also get a SignInManager among other things.)
在标准MVC6模板中,它使用ASP.NET Core Identity作为登录功能。该软件包的一部分是UserManager对象(您还可以获得SignInManager等。)
The UserManager object has a method specifically for checking passwords called CheckPasswordAsync and is used like this:
UserManager对象有一个专门用于检查名为CheckPasswordAsync的密码的方法,如下所示:
_userManager.CheckPasswordAsync(user, password)