通知用户帐户锁定,即在ASP .NET MVC2下

时间:2012-01-26 21:41:07

标签: c# asp.net asp.net-mvc-2 asp.net-membership

我必须在MVC2项目中为SqlMembershipProvider实现“您的帐户已锁定!”消息。

我怎么做?

基本上我的登录代码如下:

[RequireHttps]
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
      if (ModelState.IsValid)
      {
                if (MembershipService.ValidateUser(model.UserName, model.Password))
                {
                     FormsService.SignIn(model.UserName, model.RememberMe);

                     UserProfile profile = UserProfile.GetUserProfile(model.UserName);

                 //.... 
                }
                else
                {
          ModelState.AddModelError("", "The user name or password provided is incorrect.");
        }
   }

   return View(model);
}

2 个答案:

答案 0 :(得分:6)

是否像普通会员一样?

MembershipUser user = Membership.GetUser("Username")

if (user != null && user.IsLockedOut)
{
    return View("YourPasswordIsTooAmbiguousSoYouGotLockedOut");
}

MSDN:Membership.GetUser(string username)

- 旁注 -

您进行身份验证的顺序实际上是一个安全& UX的事情。我建议使用以下伪代码(但我不是专家):

public ActionResult LogOn(LogOnModel model)
{
    // Is model valid?
    if (!ModelState.IsValid)
    {
        this.ViewData["LogOnError"] = "Bad Credentials.";
        return this.View(model);
    }

    // Is user valid?
    if(!MembershipService.ValidateUser(model.UserName, model.Password))
    {
        this.ViewData["LogOnError"] = "Wrong Credentials.";
        return this.View(model);
    }

    MembershipUser user = Membership.GetUser(model.UserName);

    // Was the user deleted in the last nano-second?
    if (user == null)
    {
        this.ViewData["LogOnError"] = "Race Condition: User previously deleted.";
        return this.View(model);
    }

    // Is user locked out?
    if(user.IsLockedOut)
    {
        this.ViewData["LogOnError"] = "You are locked out.";
        return this.View(model);
    }

    // Sign the user in.
    FormsService.SignIn(model.UserName, model.RememberMe);

    return this.View("LogOnSuccessful");
}

答案 1 :(得分:1)

从您的代码我可以告诉您已经使用ModelState向用户显示错误。因此,您可以通知锁定帐户。在验证部分代码之前,请执行以下操作:

[RequireHttps]
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
      if (ModelState.IsValid)
      {
           UserProfile profile = UserProfile.GetUserProfile(model.UserName); // Moved this here because locking check should be done before ValidateUser()
           if (profile != null && !profile.IsLockedOut)
           {

                if (MembershipService.ValidateUser(model.UserName, model.Password))
                {
                     FormsService.SignIn(model.UserName, model.RememberMe);

                 //.... 
                }
                else
                {
                    ModelState.AddModelError("", "The user name or password provided is incorrect.");
                }
        }
        else
        {
           ModelState.AddModelError("", "The user account does not exist or has been locked out.");
        }
   }

   return View(model);
}
相关问题
最新问题