ASP.Net Identity 2.0 AccessFailedCount 不递增
[英]ASP.Net Identity 2.0 AccessFailedCount not incrementing
问题描述
Last night I was working on a new project using FormsAuthentication and was customizing the ticket to include a security token so if the user logs off in one browser it logs off in all of them.
昨晚我正在使用 FormsAuthentication 进行一个新项目,并正在自定义票证以包含安全令牌,因此如果用户在一个浏览器中注销,它会在所有浏览器中注销。 In looking at the latest iteration of ASP.net Identity, it looks like it already has this functionality built in.在查看 ASP.net Identity 的最新版本时,它似乎已经内置了此功能。
I created a new test MVC 5 web application with Individual Accounts enabled.我创建了一个新的测试 MVC 5 Web 应用程序,并启用了个人帐户。 Registration and authentication worked right out of the box.注册和身份验证开箱即用。
However, I noticed that failed login attempts were not incrementing the AccessFailedCount field in the AspNetUsers table.不过,我注意到失败的登录尝试没有在AspNetUsers表递增AccessFailedCount领域。 And since that wasn't incrementing, I could try as many failed login attempts as I wanted without getting the account locked out.而且由于它没有增加,我可以尝试尽可能多的失败登录尝试,而不会锁定帐户。
How do I enable the AccessFailedCount and Lockout functionality on ASP.net Identity 2.0?如何在 ASP.net Identity 2.0 上启用 AccessFailedCount 和锁定功能?
3 个解决方案
解决方案1
27 已采纳 2014-06-13 14:30:42
You have to handle this manually.您必须手动处理此问题。 The CheckPassword method calls the PasswordHasher.VerifyHashedPassword method to validate the password, but it does not update access failed count when the provided password does not match the existing one. CheckPassword方法调用PasswordHasher.VerifyHashedPassword方法来验证密码,但当提供的密码与现有密码不匹配时,它不会更新访问失败计数。
Here's an example of an authenticate method that supports lockout:以下是支持锁定的身份验证方法的示例:
UserManager<User> userManager = new UserManager<User>(new UserStore());
if (userManager.SupportsUserLockout && userManager.IsLockedOut(userId))
return;
var user = userManager.FindById(userId);
if (userManager.CheckPassword(user, password))
{
if (userManager.SupportsUserLockout && userManager.GetAccessFailedCount(userId) > 0)
{
userManager.ResetAccessFailedCount(userId);
}
// Authenticate user
}
else
{
if (userManager.SupportsUserLockout && userManager.GetLockoutEnabled(userId))
{
userManager.AccessFailed(userId);
}
}
解决方案2
17 2016-05-04 17:11:21
There is also the PasswordSignInAsync which accepts a "shouldLockout" argument.还有 PasswordSignInAsync 接受“shouldLockout”参数。 Setting this to true will auto increment failed login attempts将此设置为 true 将自动增加失败的登录尝试
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: true);
解决方案3
7 2018-11-01 14:30:04
For .NET Core 2.1 the shouldLockout is now named lockoutOnFailure对于 .NET Core 2.1, shouldLockout现在被命名为lockoutOnFailure
So your login call should look like this to increment failed login attempts:因此,您的登录调用应如下所示以增加失败的登录尝试次数:
var result = await SignInManager.PasswordSignInAsync(loginModel.Email, loginModel.Password, loginModel.RememberMe, lockoutOnFailure: true);
This will also reset the failed login attempts once the user logs in successfully.一旦用户成功登录,这也将重置失败的登录尝试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.