ASP.Net Identity 2.0 AccessFailedCount不增加 [英] ASP.Net Identity 2.0 AccessFailedCount not incrementing

问题描述

昨晚，我正在使用FormsAuthentication进行一个新项目，并正在对票证进行自定义以包括安全令牌，因此，如果用户在一个浏览器中注销，则它将在所有浏览器中注销.在查看ASP.net Identity的最新版本时，它似乎已经内置了此功能.

Last night I was working on a new project using FormsAuthentication and was customizing the ticket to include a security token so if the user logs off in one browser it logs off in all of them. In looking at the latest iteration of ASP.net Identity, it looks like it already has this functionality built in.

我创建了一个启用了个人帐户"的新测试MVC 5 Web应用程序.注册和身份验证立即可用.

I created a new test MVC 5 web application with Individual Accounts enabled. Registration and authentication worked right out of the box.

但是，我注意到失败的登录尝试并没有增加 AspNetUsers 表中的 AccessFailedCount 字段.而且由于这种情况并没有增加，因此我可以尝试尝试多次失败的登录尝试，而不会导致帐户被锁定.

However, I noticed that failed login attempts were not incrementing the AccessFailedCount field in the AspNetUsers table. And since that wasn't incrementing, I could try as many failed login attempts as I wanted without getting the account locked out.

如何在ASP.net Identity 2.0上启用AccessFailedCount和锁定功能?

How do I enable the AccessFailedCount and Lockout functionality on ASP.net Identity 2.0?

推荐答案

您必须手动处理此问题. CheckPassword方法调用PasswordHasher.VerifyHashedPassword方法来验证密码，但是当提供的密码与现有密码不匹配时，它不会更新访问失败计数.

You have to handle this manually. The CheckPassword method calls the PasswordHasher.VerifyHashedPassword method to validate the password, but it does not update access failed count when the provided password does not match the existing one.

以下是支持锁定的身份验证方法的示例:

Here's an example of an authenticate method that supports lockout:

UserManager<User> userManager = new UserManager<User>(new UserStore());

if (userManager.SupportsUserLockout && userManager.IsLockedOut(userId))
    return;

var user = userManager.FindById(userId);
if (userManager.CheckPassword(user, password))
{
    if (userManager.SupportsUserLockout && userManager.GetAccessFailedCount(userId) > 0)
    {
        userManager.ResetAccessFailedCount(userId);
    }

    // Authenticate user
}
else
{
    if (userManager.SupportsUserLockout && userManager.GetLockoutEnabled(userId))
    {
        userManager.AccessFailed(userId);
    }
}

这篇关于ASP.Net Identity 2.0 AccessFailedCount不增加的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！