根据我在网上阅读的指南,要在x次尝试后锁定用户,您必须像这样配置管理器:
manager.UserLockoutEnabledByDefault = true;
manager.DefaultAccountLockoutTimeSpan = TimeSpan.FromDays(365);
manager.MaxFailedAccessAttemptsBeforeLockout = 1;
然后
var result = await SignInManager.PasswordSignInAsync(dto.Email, dto.Password, dto.RememberMe, shouldLockout: true);
当我尝试这样做时,我的用户永远不会被锁定。 我正在监视数据库,并看到以下字段:
LockoutEndDateUtc LockoutEnabled AccessFailedCount
2016-04-23 21:33:18.777 0 0
2016-04-23 21:32:36.470 1 0
访问失败计数永远不会增加,两个帐户的锁定启用似乎无关紧要,我尝试锁定两个帐户。
编辑:
我想知道问题是否出在我注射的方式上:
启动.cs
private IAppBuilder _app;
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
_app = app;
app.UseNinjectMiddleware(CreateKernel);
}
private IKernel CreateKernel()
{
var kernel = new StandardKernel();
kernel.Load(Assembly.GetExecutingAssembly());
kernel.Bind<DbContext>().ToSelf().InRequestScope();
kernel.Bind<IDbContext>().To<DbContext>().InRequestScope();
kernel.Bind<IUserStore<User>>().To<ApplicationUserStore>();
kernel.Bind<UserService>().ToSelf();
kernel.Bind<SignInService>().ToSelf();
kernel.Bind<IAuthenticationManager>().ToMethod(x => HttpContext.Current.GetOwinContext().Authentication);
kernel.Bind<IDataProtectionProvider>().ToMethod(x => _app.GetDataProtectionProvider());
return kernel;
}
失败尝试计数 ASP.NET MVC 中
最近我也发现了这一点,我的解决方案是手动增加失败的尝试。当达到最大值并激活定时帐户锁定时,它会自动重置。
if (!UserManager.CheckPassword(usr, password)) {
// incorrect password... increment failed count
if (UserManager.AccessFailed(usr.Id) != IdentityResult.Success) {
// increment of failed attempt gave an error
Log.Err("Error Message");
}
// warn the user
return View(model);
}
IdentityConfig.cs文件具有:
// configure user lockout defaults
manager.UserLockoutEnabledByDefault = true;
manager.DefaultAccountLockoutTimeSpan = TimeSpan.FromMinutes(15);
manager.MaxFailedAccessAttemptsBeforeLockout = 5;
如果帐户被锁定,则此代码会检查它:
if (UserManager.IsLockedOut(usr.Id)) {
// account locked, too many attempts
// warn user - number of minutes locked = UserManager.DefaultAccountLockoutTimeSpan.Minutes
return View(model);
}