Asp.Net Identity - 无法在5次无效尝试后锁定帐户

时间:2017-04-28 12:35:21

标签: asp.net-web-api asp.net-identity-2

我是Asp.Net Identity 2.0的新手。我们已经实现了在5次成功无效尝试后锁定帐户的功能。但是,即使用户达到最大无效尝试,该帐户也不会被锁定。

userManager.IsLockedOutAsync(user1.Id)始终返回false。不知道这里有什么问题。

以下是我的代码。如果我在这里做错了什么,请你帮帮我。

    public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {


        var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();

        var user1 = await userManager.FindByNameAsync(context.UserName);


        if (user1 != null)
        {

            ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);

            // When a user is lockedout, this check is done to ensure that even if the credentials are valid
            // the user can not login until the lockout duration has passed
            if (await userManager.IsLockedOutAsync(user1.Id))
            {
                context.SetError("", string.Format("Your account has been locked out for {0} minutes due to multiple failed login attempts.", userManager.MaxFailedAccessAttemptsBeforeLockout.ToString()));
                return;
            }
            // if user is subject to lockouts and the credentials are invalid
            // record the failure and check if user is lockedout and display message, otherwise, 
            // display the number of attempts remaining before lockout
            else if (await userManager.GetLockoutEnabledAsync(user1.Id) && user == null)
            {
                // Record the failure which also may cause the user to be locked out
                await userManager.AccessFailedAsync(user1.Id);

                string message;

                if (await userManager.IsLockedOutAsync(user1.Id))
                {
                    message = string.Format("Your account has been locked out for {0} minutes due to multiple failed login attempts.", userManager.MaxFailedAccessAttemptsBeforeLockout.ToString());
                }
                else
                {
                    int accessFailedCount = await userManager.GetAccessFailedCountAsync(user1.Id);

                    int attemptsLeft =
                        Convert.ToInt32(
                            userManager.MaxFailedAccessAttemptsBeforeLockout.ToString()) - accessFailedCount;

                    message = string.Format(
                        "Invalid credentials. You have {0} more attempt(s) before your account gets locked out.", attemptsLeft);

                }

                context.SetError("", message);
                return;

            }

            else if (user == null)
            {
                context.SetError("invalid_grant", "The User ID or Password is incorrect.");
                return;
            }

            else if (!user.IsApproved)
            {
                context.SetError("Not Approved", "The user has to be approved manually by Admin.");
                return;
            }
            else
            {

                DataController datacontroller = new DataController();

                Contact vendor = datacontroller.CheckVendorIsActive(user.AccountNumber);

                if (!string.IsNullOrEmpty(vendor.ApplicationUser.AccountNumber) && vendor.Description.ToLower().Equals("false"))
                {
                    context.SetError("Inactive User", "Sorry! Your account status is inactive. Please contact helpdesk for more support.");
                    return;
                }

                ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
                   OAuthDefaults.AuthenticationType);

                ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
                    CookieAuthenticationDefaults.AuthenticationType);

                List<Claim> roles = oAuthIdentity.Claims.Where(c => c.Type == ClaimTypes.Role).ToList();

                AuthenticationProperties properties = CreateProperties(user.UserName, Newtonsoft.Json.JsonConvert.SerializeObject(roles.Select(x => x.Value)), user.LastLoginDate.ToString(), user.AccountNumber, user.FirstName, user.LastName);

                AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
                context.Validated(ticket);
                context.Request.Context.Authentication.SignIn(cookiesIdentity);

                user.LastLoginDate = DateTime.Now;

                await userManager.UpdateAsync(user);

            }
        }
        else if (user1 == null)
        {
            context.SetError("invalid_grant", "The User ID or Password is incorrect.");
            return;
        }


    }

0 个答案:

没有答案