stackoom
  简体   繁体   中英

MVC5 Lockout User not working

 原文  2016-04-23 21:47:01       c#/ asp.net-mvc-5/ asp.net-identity

Question

Based on the guides I've read online, to lockout the user after x many attempts you have to configure the manager like this:

manager.UserLockoutEnabledByDefault = true;
manager.DefaultAccountLockoutTimeSpan = TimeSpan.FromDays(365);
manager.MaxFailedAccessAttemptsBeforeLockout = 1;

Then

var result = await SignInManager.PasswordSignInAsync(dto.Email, dto.Password, dto.RememberMe, shouldLockout: true);

When I tried this my users never get locked out. I was monitoring the database and I see the following fields:

LockoutEndDateUtc          LockoutEnabled   AccessFailedCount
2016-04-23 21:33:18.777           0                0
2016-04-23 21:32:36.470           1                0

The AccessFailedCount never increases and the Lockout Enabled for both accounts doesn't seem to matter, I tried locking both.

EDIT:

I am wondering if the problem is with the way I am injecting:

Startup.cs

private IAppBuilder _app;
public void Configuration(IAppBuilder app)
{
    ConfigureAuth(app);
    _app = app;
    app.UseNinjectMiddleware(CreateKernel);
}

private IKernel CreateKernel()
{
    var kernel = new StandardKernel();
    kernel.Load(Assembly.GetExecutingAssembly());

    kernel.Bind<DbContext>().ToSelf().InRequestScope();
    kernel.Bind<IDbContext>().To<DbContext>().InRequestScope();
    kernel.Bind<IUserStore<User>>().To<ApplicationUserStore>();
    kernel.Bind<UserService>().ToSelf();
    kernel.Bind<SignInService>().ToSelf();
    kernel.Bind<IAuthenticationManager>().ToMethod(x => HttpContext.Current.GetOwinContext().Authentication);
    kernel.Bind<IDataProtectionProvider>().ToMethod(x => _app.GetDataProtectionProvider());

    return kernel;
}

1 answers

solution1
 0  2020-11-25 14:34:53

Failed Attempts Count in ASP.NET MVC

Recently I also found this out and my solution was to manually increment the failed attemps. It automatically resets when maximum is reached and a timed account lock is activated.

if (!UserManager.CheckPassword(usr, password)) {
    // incorrect password... increment failed count
    if (UserManager.AccessFailed(usr.Id) != IdentityResult.Success) {
        // increment of failed attempt gave an error
        Log.Err("Error Message");
    }
    // warn the user
    return View(model);
}

IdentityConfig.cs file has: 

// configure user lockout defaults
manager.UserLockoutEnabledByDefault = true;
manager.DefaultAccountLockoutTimeSpan = TimeSpan.FromMinutes(15);
manager.MaxFailedAccessAttemptsBeforeLockout = 5;

And if the account is locked, this code checks for it:

if (UserManager.IsLockedOut(usr.Id)) {
    // account locked, too many attempts
    // warn user - number of minutes locked = UserManager.DefaultAccountLockoutTimeSpan.Minutes
    return View(model);
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AllowAnonymous not Working MVC5 Validation in MVC5 not working MVC5 Area not working MVC5 Identity UserManager.Update(user) not working MVC5 Customising Identity User user roles management in mvc5 MVC5 Accessing User in BaseController Attribute routing not working MVC5 MVC5 attribute routing not working MVC5 LogOff and ReturnToAction not working
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM