我正在使用asp.net创建一个电子商务网站项目。我创建了一个login.aspx文件,里面包含一个登录控件(在LoginView中构建)。如果用户在1分钟内有2次无效密码尝试(用于测试目的),则用户会将帐户锁定。我设法实现了这一点,在ASPNETDB中,“IsLockOut”列已更改为“True”。
但是,我遇到解锁用户帐户的问题。我使用了UnlockUser()方法,但似乎没有工作。即使一分钟过去了,用户仍然无法登录系统。
这是我背后的代码:
protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
{
System.Web.UI.WebControls.Login Login1 = (System.Web.UI.WebControls.Login)LoginView1.FindControl("Login1");
TextBox UserName = (TextBox)Login1.FindControl("UserName");
//Check to see if the current user exists
if (Membership.GetUser(Login1.UserName) != null)
{
//Check to see if the user is currently locked out
if (Membership.GetUser(Login1.UserName).IsLockedOut)
{
//Get the last lockout date from the user
DateTime lastLockout = Membership.GetUser(Login1.UserName).LastLockoutDate;
//Calculate the time the user should be unlocked
DateTime unlockDate = lastLockout.AddMinutes(Membership.PasswordAttemptWindow);
//Check to see if it is time to unlock the user
if (DateTime.Now > unlockDate)
Membership.GetUser(Login1.UserName).UnlockUser();
}
}
}
web.config:
<add name="ASPNETDBConnectionString1"
type="System.Web.Security.SqlMembershipProvider"
connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True"
minRequiredPasswordLength="8"
minRequiredNonalphanumericCharacters="0"
requiresUniqueEmail="false"
requiresQuestionAndAnswer="true"
passwordFormat="Hashed"
enablePasswordRetrieval="false"
enablePasswordReset="true"
maxInvalidPasswordAttempts="2"
passwordAttemptWindow="1"
/>
非常感谢任何建议或帮助(: