我一直在研究一个接受某个电话号码并返回密码的简单网络API。我的想法是,如果密码错误10次,我想删除/限制用户登录。可以在SQL Server或c#代码中完成吗? 感谢所有帮助
在业务层验证:
public void validate(validateRequest vReq, headers head, ref validateResponse vRes)
{
vRes = new validateResponse();
int isCorrect = vRes.isCorrect;
Data dal = new Data();
dal.OpenConnection();
dal.valpinCode(vReq.pinCode, ref isCorrect);
if (isCorrect == 1)
{
vRes.result.code = 0;
vRes.result.message = "Successful";
vRes.isCorrect = 0;
}
else
{
vRes.result.code = -3;
vRes.result.message = "Access Denied.";
vRes.isCorrect = -1;
}
我的数据层中的valpincode:
public void valpinCode(string pinCode, ref int isCorrect)
{
try
{
using (IDbConnection db = new SqlConnection(c.connstr))
{
if (db.State != ConnectionState.Open)
db.Open();
DynamicParameters param = new DynamicParameters();
param.Add("@pincode", pinCode);
param.Add("@exist", dbType: DbType.Int32, direction: ParameterDirection.Output);
con.Execute("valpin", param, commandType: CommandType.StoredProcedure);
isCorrect = param.Get<Int32>("@exist");
if (db.State != ConnectionState.Closed)
db.Close();
}
}
catch (Exception ex)
{
Common log = new Common();
log.LogError(ex);
}
}
我的valpin SP:
@pincode nvarchar(50),
@exist bit output
AS
BEGIN
IF NOT EXISTS(
SELECT *
FROM Users
WHERE pinCode=@pincode)
BEGIN
SET @exist=0
END
ELSE
BEGIN
SELECT *
FROM Users
WHERE pinCode=@pincode
SET @exist=1
END
END
用户表:
idUser phone countrycode pincode
1 7006100 961 5716
12 7006107 961 77709
请注意,密码是随机生成的
答案 0 :(得分:0)
执行此脚本只需添加一列,并为所有用户将其值设置为零
alter table users
add invalidAttempts int null
;
update users
set invalidAttempts =0
select * from users
此过程验证用户是否不存在(-1),如果用户被阻止(-2),如果密码错误(-3)和用户,则验证是否为(0)
任何无效尝试都存储在新字段/列中。如果它的数量达到10,则用户被阻止。您需要建立另一种方法来解锁它。如果未阻止用户,则有效登录将重置无效尝试。
ALTER PROCEDURE valpin @idUser INT, @pincode NVARCHAR(50)
AS
BEGIN
DECLARE @pin VARCHAR(50)
DECLARE @invalidAtempts INT
SELECT @pin = pincode, @invalidAtempts = invalidAttempts
FROM Users
WHERE idUser = @idUser
IF @invalidAtempts IS NULL
RETURN - 1 --User does not exists
END
IF @invalidAtempts >= 10
RETURN - 2 --blocked
IF @pin = @pincode
BEGIN
UPDATE users
SET invalidAttempts = 0
WHERE idUser = @idUser
RETURN 0 -- OK
END
ELSE
BEGIN
UPDATE users
SET invalidAttempts = invalidAttempts + 1
WHERE idUser = @idUser
RETURN - 3 -- wrong ping
END
您需要修改C#代码以反映此行为。另外,使用返回值ParameterDirection.ReturnValue;