Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
260 views
in Technique[技术] by (71.8m points)

c# - ASP.Net Identity 2.0 AccessFailedCount not incrementing

Last night I was working on a new project using FormsAuthentication and was customizing the ticket to include a security token so if the user logs off in one browser it logs off in all of them. In looking at the latest iteration of ASP.net Identity, it looks like it already has this functionality built in.

I created a new test MVC 5 web application with Individual Accounts enabled. Registration and authentication worked right out of the box.

However, I noticed that failed login attempts were not incrementing the AccessFailedCount field in the AspNetUsers table. And since that wasn't incrementing, I could try as many failed login attempts as I wanted without getting the account locked out.

How do I enable the AccessFailedCount and Lockout functionality on ASP.net Identity 2.0?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

You have to handle this manually. The CheckPassword method calls the PasswordHasher.VerifyHashedPassword method to validate the password, but it does not update access failed count when the provided password does not match the existing one.

Here's an example of an authenticate method that supports lockout:

UserManager<User> userManager = new UserManager<User>(new UserStore());

if (userManager.SupportsUserLockout && userManager.IsLockedOut(userId))
    return;

var user = userManager.FindById(userId);
if (userManager.CheckPassword(user, password))
{
    if (userManager.SupportsUserLockout && userManager.GetAccessFailedCount(userId) > 0)
    {
        userManager.ResetAccessFailedCount(userId);
    }

    // Authenticate user
}
else
{
    if (userManager.SupportsUserLockout && userManager.GetLockoutEnabled(userId))
    {
        userManager.AccessFailed(userId);
    }
}

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...