根据我在线阅读的指南,要在多次尝试后锁定用户,你必须像这样配置管理员:
manager.UserLockoutEnabledByDefault = true;
manager.DefaultAccountLockoutTimeSpan = TimeSpan.FromDays(365);
manager.MaxFailedAccessAttemptsBeforeLockout = 1;
然后
var result = await SignInManager.PasswordSignInAsync(dto.Email, dto.Password, dto.RememberMe, shouldLockout: true);
当我尝试这个时,我的用户永远不会被锁定。我正在监视数据库,我看到以下字段:
LockoutEndDateUtc LockoutEnabled AccessFailedCount
2016-04-23 21:33:18.777 0 0
2016-04-23 21:32:36.470 1 0
AccessFailedCount永远不会增加,并且两个帐户的锁定启用似乎并不重要,我尝试锁定两者。
编辑:
我想知道问题是否与我注射的方式有关:
Startup.cs
private IAppBuilder _app;
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
_app = app;
app.UseNinjectMiddleware(CreateKernel);
}
private IKernel CreateKernel()
{
var kernel = new StandardKernel();
kernel.Load(Assembly.GetExecutingAssembly());
kernel.Bind<DbContext>().ToSelf().InRequestScope();
kernel.Bind<IDbContext>().To<DbContext>().InRequestScope();
kernel.Bind<IUserStore<User>>().To<ApplicationUserStore>();
kernel.Bind<UserService>().ToSelf();
kernel.Bind<SignInService>().ToSelf();
kernel.Bind<IAuthenticationManager>().ToMethod(x => HttpContext.Current.GetOwinContext().Authentication);
kernel.Bind<IDataProtectionProvider>().ToMethod(x => _app.GetDataProtectionProvider());
return kernel;
}
答案 0 :(得分:0)
最近我也发现了这一点,我的解决方案是手动增加失败的尝试次数。达到最大值并激活定时帐户锁定后,它将自动重置。
if (!UserManager.CheckPassword(usr, password)) {
// incorrect password... increment failed count
if (UserManager.AccessFailed(usr.Id) != IdentityResult.Success) {
// increment of failed attempt gave an error
Log.Err("Error Message");
}
// warn the user
return View(model);
}
IdentityConfig.cs
文件具有:
// configure user lockout defaults
manager.UserLockoutEnabledByDefault = true;
manager.DefaultAccountLockoutTimeSpan = TimeSpan.FromMinutes(15);
manager.MaxFailedAccessAttemptsBeforeLockout = 5;
如果该帐户已被锁定,则此代码将对其进行检查:
if (UserManager.IsLockedOut(usr.Id)) {
// account locked, too many attempts
// warn user - number of minutes locked = UserManager.DefaultAccountLockoutTimeSpan.Minutes
return View(model);
}