通知用户有关帐户锁定的信息，即在ASP .NET MVC2下

Question

I have to implement " Your Account is Locked! " message for the SqlMembershipProvider in MVC2 project. 我必须在MVC2项目中为SqlMembershipProvider实现“ 您的帐户已锁定！ ”消息。

How I can do it? 我该怎么办？

Basically my code to logon looks like: 基本上我的登录代码如下：

[RequireHttps]
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
      if (ModelState.IsValid)
      {
                if (MembershipService.ValidateUser(model.UserName, model.Password))
                {
                     FormsService.SignIn(model.UserName, model.RememberMe);

                     UserProfile profile = UserProfile.GetUserProfile(model.UserName);

                 //.... 
                }
                else
                {
          ModelState.AddModelError("", "The user name or password provided is incorrect.");
        }
   }

   return View(model);
}

Answer 1

Is it just like normal membership? 就像普通会员一样吗？

MembershipUser user = Membership.GetUser("Username")

if (user != null && user.IsLockedOut)
{
    return View("YourPasswordIsTooAmbiguousSoYouGotLockedOut");
}

MSDN: Membership.GetUser(string username) MSDN： Membership.GetUser（字符串用户名）

- Side Note - - 旁注 -

The order in which you do authentication is really a Security & UX thing. 身份验证的顺序实际上是安全性和用户体验的事情。 I'd suggest the following pseudo-code (but I'm no expert): 我建议使用以下伪代码（但我不是专家）：

public ActionResult LogOn(LogOnModel model)
{
    // Is model valid?
    if (!ModelState.IsValid)
    {
        this.ViewData["LogOnError"] = "Bad Credentials.";
        return this.View(model);
    }

    // Is user valid?
    if(!MembershipService.ValidateUser(model.UserName, model.Password))
    {
        this.ViewData["LogOnError"] = "Wrong Credentials.";
        return this.View(model);
    }

    MembershipUser user = Membership.GetUser(model.UserName);

    // Was the user deleted in the last nano-second?
    if (user == null)
    {
        this.ViewData["LogOnError"] = "Race Condition: User previously deleted.";
        return this.View(model);
    }

    // Is user locked out?
    if(user.IsLockedOut)
    {
        this.ViewData["LogOnError"] = "You are locked out.";
        return this.View(model);
    }

    // Sign the user in.
    FormsService.SignIn(model.UserName, model.RememberMe);

    return this.View("LogOnSuccessful");
}

Answer 2

From your code I can tell you're already using ModelState to show errors to user. 从您的代码中，我可以告诉您已经在使用ModelState向用户显示错误。 So you may do the same for informing about locked account. 因此，您可以对通知锁定帐户执行相同的操作。 Before your validation part of code do the following: 在验证部分代码之前，请执行以下操作：

[RequireHttps]
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
      if (ModelState.IsValid)
      {
           UserProfile profile = UserProfile.GetUserProfile(model.UserName); // Moved this here because locking check should be done before ValidateUser()
           if (profile != null && !profile.IsLockedOut)
           {

                if (MembershipService.ValidateUser(model.UserName, model.Password))
                {
                     FormsService.SignIn(model.UserName, model.RememberMe);

                 //.... 
                }
                else
                {
                    ModelState.AddModelError("", "The user name or password provided is incorrect.");
                }
        }
        else
        {
           ModelState.AddModelError("", "The user account does not exist or has been locked out.");
        }
   }

   return View(model);
}

通知用户有关帐户锁定的信息，即在ASP .NET MVC2下

问题描述

2 个解决方案

解决方案1
6 已采纳 2012-01-26 21:52:33

解决方案2
1 2012-01-26 22:00:45

通知用户有关帐户锁定的信息，即在ASP .NET MVC2下

问题描述

2 个解决方案

解决方案1 6 已采纳 2012-01-26 21:52:33

解决方案2 1 2012-01-26 22:00:45

解决方案1
6 已采纳 2012-01-26 21:52:33

解决方案2
1 2012-01-26 22:00:45