maxInvalidPasswordAttempts不起作用

时间:2017-05-10 14:19:45

标签: asp.net asp.net-web-api

我正在尝试将帐户锁定与实时数据库一起使用。我找到了一个教程here,它说我需要修改web.config文件。我这样做了,但停工仍然无法正常工作。下面是我的web.config文件的副本。出于安全考虑,我删除了敏感数据库信息。 webapi和实际登录页面在两个不同的项目中是否重要?我正在使用AJAX调用将信息传递给webapi。

<connectionStrings>
  <add name="DefaultConnection"
    connectionString="Persist Security Info=False;Initial Catalog=Security;server=;user id=;password=;"
    providerName="System.Data.SqlClient" />
</connectionStrings>
<appSettings></appSettings>
<system.web>
  <authentication mode="None" />
  <compilation debug="true" targetFramework="4.5.1" />
  <httpRuntime targetFramework="4.5.1" />
  <membership defaultProvider="AspNetSqlMembershipProvider">
    <providers>
      <clear />
      <add name="AspNetSqlMembershipProvider"
        type="System.Web.Security.SqlMembershipProvider"
        connectionStringName="DefaultConnection"
        maxInvalidPasswordAttempts="1"
        minRequiredPasswordLength="6"
        passwordAttemptWindow="10"
        applicationName="/" />
    </providers>
  </membership>
</system.web>

修改

以下要求是登录功能:

login.userLogin = function (username, password) {
jQuery.support.cors = true;
var error = '';
$.ajax({
    url: 'http://localhost:60690/token',
    method: 'POST',
    data: {
        username: username,
        password: password,
        grant_type: 'password'
    },
    success: function (response) {
        $('#divLoginError').addClass('Hidden');
        sessionStorage.setItem('accessToken', response.access_token);
        sessionStorage.setItem('refreshToken', response.refresh_token);
        sessionStorage.setItem('username', response.userName);
        sessionStorage.setItem('expirationDatetime', moment().add(response.expires_in, 'seconds').format());
        window.location = 'index.html';
    },
    error: function (jqXHR) {
        var responseText = jqXHR.responseJSON;
        $('#lblLoginError').text(responseText.error_description);
        $('#divLoginError').removeClass('Hidden');
    }
});

}

0 个答案:

没有答案