MVC5锁定用户无法正常工作

时间:2016-04-23 21:47:02

标签: c# asp.net-mvc-5 asp.net-identity

根据我在线阅读的指南,要在多次尝试后锁定用户,你必须像这样配置管理员:

manager.UserLockoutEnabledByDefault = true;
manager.DefaultAccountLockoutTimeSpan = TimeSpan.FromDays(365);
manager.MaxFailedAccessAttemptsBeforeLockout = 1;

然后

var result = await SignInManager.PasswordSignInAsync(dto.Email, dto.Password, dto.RememberMe, shouldLockout: true);

当我尝试这个时,我的用户永远不会被锁定。我正在监视数据库,我看到以下字段:

LockoutEndDateUtc          LockoutEnabled   AccessFailedCount
2016-04-23 21:33:18.777           0                0
2016-04-23 21:32:36.470           1                0

AccessFailedCount永远不会增加,并且两个帐户的锁定启用似乎并不重要,我尝试锁定两者。

编辑:

我想知道问题是否与我注射的方式有关:

Startup.cs

private IAppBuilder _app;
public void Configuration(IAppBuilder app)
{
    ConfigureAuth(app);
    _app = app;
    app.UseNinjectMiddleware(CreateKernel);
}

private IKernel CreateKernel()
{
    var kernel = new StandardKernel();
    kernel.Load(Assembly.GetExecutingAssembly());

    kernel.Bind<DbContext>().ToSelf().InRequestScope();
    kernel.Bind<IDbContext>().To<DbContext>().InRequestScope();
    kernel.Bind<IUserStore<User>>().To<ApplicationUserStore>();
    kernel.Bind<UserService>().ToSelf();
    kernel.Bind<SignInService>().ToSelf();
    kernel.Bind<IAuthenticationManager>().ToMethod(x => HttpContext.Current.GetOwinContext().Authentication);
    kernel.Bind<IDataProtectionProvider>().ToMethod(x => _app.GetDataProtectionProvider());

    return kernel;
}

1 个答案:

答案 0 :(得分:0)

ASP.NET MVC中的失败尝试次数

最近我也发现了这一点,我的解决方案是手动增加失败的尝试次数。达到最大值并激活定时帐户锁定后,它将自动重置。

if (!UserManager.CheckPassword(usr, password)) {
    // incorrect password... increment failed count
    if (UserManager.AccessFailed(usr.Id) != IdentityResult.Success) {
        // increment of failed attempt gave an error
        Log.Err("Error Message");
    }
    // warn the user
    return View(model);
}

IdentityConfig.cs文件具有:

// configure user lockout defaults
manager.UserLockoutEnabledByDefault = true;
manager.DefaultAccountLockoutTimeSpan = TimeSpan.FromMinutes(15);
manager.MaxFailedAccessAttemptsBeforeLockout = 5;

如果该帐户已被锁定,则此代码将对其进行检查:

if (UserManager.IsLockedOut(usr.Id)) {
    // account locked, too many attempts
    // warn user - number of minutes locked = UserManager.DefaultAccountLockoutTimeSpan.Minutes
    return View(model);
}