在五次失败的登录尝试后锁定用户,并在MVC3 Asp.net中显示错误
[英]Lock user after five failed login attempts and show an error in MVC3 Asp.net
问题描述
I want to show an error to the user after 5 failed login attempts and then lock her, I set this in web.config 
我想在5次失败的登录尝试后向用户显示错误,然后锁定她,我在web.config中进行了设置
maxInvalidPasswordAttempts="5"
Now I want to check user login attemps in LogOn controller and send an error if this parameter is more than 5, How can I count user login attemps and check it? 现在,我想在LogOn控制器中检查用户登录尝试次数,如果此参数大于5,则发送错误,如何计数用户登录尝试次数并进行检查? here is my controller: 这是我的控制器:
//
// GET: /Account/LogOn
public ActionResult LogOn()
{
return View();
}
//
// POST: /Account/LogOn
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if (Membership.ValidateUser(model.UserName, model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
4 个解决方案
解决方案1
0 2014-01-17 10:14:58
Try this, It can help you 试试这个,它可以帮助您
First create property as attempt and set each time using javascript and send with Logon. 首先将属性创建为try,然后每次使用javascript进行设置并使用登录发送。 Check if this is max number of attempt then lock the user. 检查这是否是最大尝试次数,然后锁定用户。
解决方案2
0 2014-01-17 10:15:25
在您的else语句中,您将需要保留当前失败尝试的次数,并检查该次数是否大于您的设置。
解决方案3
0 2016-10-06 07:35:29
attempt = attempt - 1;
MessageBox.Show`enter code here`("Incorrect Credentials");
MessageBox.Show("You only have " + attempt + " attempt(s) left");
con.Close();
}
}
else
{
MessageBox.Show("Empty Fields shit");
}
}
this.Hide();
Form3 ss = new Form3();
ss.Show();
解决方案4
0 2016-10-06 21:06:01
Try too add it as attribute. 也尝试将其添加为属性。
- when the login fail set attempt count in cookie. 当登录失败设置尝试次数计入cookie中。
add customize attribute.
添加定制属性。 public class testAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { HttpCookie cookie = httpContext.Request.Cookies.Get("cookieName"); if(Int32.TryParse(cookie.Value) == 5) { httpContext.Response.StatusCode = 401; httpContext.Response.End(); return false; } else return true; } }use created attribute in your login function.
在您的登录功能中使用created属性。 [HttpPost] [testAttribute] public ActionResult LogOn(LogOnModel model, string returnUrl) { if (ModelState.IsValid) { if (Membership.ValidateUser(model.UserName, model.Password)) { FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe); if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\\\")) { return Redirect(returnUrl); } else { return RedirectToAction("Index", "Home"); } } else { ModelState.AddModelError("", "The user name or password provided is incorrect."); } } // If we got this far, something failed, redisplay form return View(model); }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.