尝试跟踪失败

时间:2014-11-08 01:58:08

标签: c# entity-framework authentication

我正在尝试跟踪我的登录尝试,但它只留在一个我需要保持失败的登录尝试的运行轨道可能是我执行的简单错误。

 public int validateUser(string username, string userPassword)
   {
     var _currentUser = _db.users.FirstOrDefault(a => a.username == username);
      int _loginAttempts = =0;
       if (_currentUser != null)
       {

           if (isEncryptionEnabled == true)
           {

               string descriptedPassword = encrypt.DecryptRijndael(_currentUser.password, _currentUser.salt.ToString());

               if (descriptedPassword == userPassword)
                   return 0;
               else
                   _loginAttempts++;


           }
           else
           {
               var _unecryptedUser = _db.users.FirstOrDefault(a => a.username == username && a.password == userPassword);

               if (_unecryptedUser != null)
                   return 0;//zero represents sufcessfull login attempts

               return _loginAttempts++; // if anything greater zero is a failed login attempt send it back.
           }
       }
       return _loginAttempts;
   }

这是函数被称为Login.aspx按钮单击的方式,这是一个webforms应用程序。

 protected void btnLogin_Click(object sender, EventArgs e)
    {
        DBContext _db = new DBContext();


        int canILogin = _db.validateUser(txtUsername.Text, txtPassword.Text);

        if (canILogin == 0)// if i can loging after checking the encripted password then lets go to default page

            Response.Redirect("default.aspx");
        else
            Response.Redirect("login.aspx?attempt=" + canILogin.ToString());

        if (Convert.ToInt16(Request.QueryString["attempt"]) > 0)
        {
            lblFailed.Text = "Failed Login Attempts"+ canILogin.ToString(); 
            lblFailed.Visible = true;
        }

    }

1 个答案:

答案 0 :(得分:0)

grovesNL是正确的。将声明for_loginAttempts移到方法之外。尝试在父类中声明它。像这样:

class DBContext
{
    private int _loginAttempts = 0; // I assume private to keep from exposing it for security

    public int validateUser(string username, string userPassword)
    {
        // some code to test userPassword and increase or reset counter as needed
    }

    // more methods etc.
}
相关问题
最新问题