我是Asp.Net Identity 2.0的新手。我们已经实现了在5次成功无效尝试后锁定帐户的功能。但是,即使用户达到最大无效尝试,该帐户也不会被锁定。
userManager.IsLockedOutAsync(user1.Id)始终返回false。不知道这里有什么问题。
以下是我的代码。如果我在这里做错了什么,请你帮帮我。
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
var user1 = await userManager.FindByNameAsync(context.UserName);
if (user1 != null)
{
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
// When a user is lockedout, this check is done to ensure that even if the credentials are valid
// the user can not login until the lockout duration has passed
if (await userManager.IsLockedOutAsync(user1.Id))
{
context.SetError("", string.Format("Your account has been locked out for {0} minutes due to multiple failed login attempts.", userManager.MaxFailedAccessAttemptsBeforeLockout.ToString()));
return;
}
// if user is subject to lockouts and the credentials are invalid
// record the failure and check if user is lockedout and display message, otherwise,
// display the number of attempts remaining before lockout
else if (await userManager.GetLockoutEnabledAsync(user1.Id) && user == null)
{
// Record the failure which also may cause the user to be locked out
await userManager.AccessFailedAsync(user1.Id);
string message;
if (await userManager.IsLockedOutAsync(user1.Id))
{
message = string.Format("Your account has been locked out for {0} minutes due to multiple failed login attempts.", userManager.MaxFailedAccessAttemptsBeforeLockout.ToString());
}
else
{
int accessFailedCount = await userManager.GetAccessFailedCountAsync(user1.Id);
int attemptsLeft =
Convert.ToInt32(
userManager.MaxFailedAccessAttemptsBeforeLockout.ToString()) - accessFailedCount;
message = string.Format(
"Invalid credentials. You have {0} more attempt(s) before your account gets locked out.", attemptsLeft);
}
context.SetError("", message);
return;
}
else if (user == null)
{
context.SetError("invalid_grant", "The User ID or Password is incorrect.");
return;
}
else if (!user.IsApproved)
{
context.SetError("Not Approved", "The user has to be approved manually by Admin.");
return;
}
else
{
DataController datacontroller = new DataController();
Contact vendor = datacontroller.CheckVendorIsActive(user.AccountNumber);
if (!string.IsNullOrEmpty(vendor.ApplicationUser.AccountNumber) && vendor.Description.ToLower().Equals("false"))
{
context.SetError("Inactive User", "Sorry! Your account status is inactive. Please contact helpdesk for more support.");
return;
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
CookieAuthenticationDefaults.AuthenticationType);
List<Claim> roles = oAuthIdentity.Claims.Where(c => c.Type == ClaimTypes.Role).ToList();
AuthenticationProperties properties = CreateProperties(user.UserName, Newtonsoft.Json.JsonConvert.SerializeObject(roles.Select(x => x.Value)), user.LastLoginDate.ToString(), user.AccountNumber, user.FirstName, user.LastName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
user.LastLoginDate = DateTime.Now;
await userManager.UpdateAsync(user);
}
}
else if (user1 == null)
{
context.SetError("invalid_grant", "The User ID or Password is incorrect.");
return;
}
}