Hi,
I am a new user to the ASPNetZero. I have read the documentation on how to extend the login mechanism to check against another table. I am extending the DefaultExternalAuthenticationSource class. Basically here is my code
<span style="color:#8000FF">public override async Task<bool> TryAuthenticateAsync(string userNameOrEmailAddress, string plainPassword, Tenant tenant) { if (tenant != null) { if (tenant.Id == i1holidayConsts.TravelAgentTenantId) // TravelAgent { //Authenticate against WcvCredentials table; var agentcredential = await _agentCredentialRepo.FirstOrDefaultAsync(cr => cr.EmailAddress == userNameOrEmailAddress.Trim()); var result = new PasswordHasher().VerifyHashedPassword(agentcredential.Password, plainPassword); if(result == PasswordVerificationResult.Success) { //check if company is approved var agent = _travelAgentRepo.FirstOrDefault(a => a.Id == agentcredential.TravelAgentId); if (agent == null) return false; if (agent.IsApproved == true) return true; } return false; } } return false; } </span> What I noticed is that, after first successful login, users will inserted into AbpUsers table which is fine...
If I changed the password in my own WcvCredentials table, when I unsucccessfully authenticate using my WcvCredentials table and return false, the system still check and compare the password in AbpUsers table. Since AbpUsers table still used the old password, the login will go thru successfully.
I assumed the basis of external login is that if you return false, it will not check against AbpUsers table at all. Am I doing it correctly?