ASP.net身份禁用用户 [英] ASP.net Identity Disable User

问题描述

使用新的ASP.net身份在MVC 5，我们如何禁用用户的登录用户？我不想删除它们，也许只是禁止他们的帐户一段时间。

Using the new ASP.net Identity in MVC 5, How do we disable a user from logging in? I don't want to delete them, maybe just disable their account for a time period.

有没有人对此有任何想法，我没有看到在ASPNetUsers表中的状态栏或任何东西。

Does anyone have any ideas on this as I don't see a status column or anything on the ASPNetUsers table.

推荐答案

更新：作为CountZero指出，如果你使用V2.1 +，那么你应该尝试使用锁定功能他们补充说第一，尝试下面的解决方案之前。看到自己的博客文章全样本：<一href=\"http://blogs.msdn.com/b/webdev/archive/2014/08/05/announcing-rtm-of-asp-net-identity-2-1-0.aspx\" rel=\"nofollow\">http://blogs.msdn.com/b/webdev/archive/2014/08/05/announcing-rtm-of-asp-net-identity-2-1-0.aspx

Update: As CountZero points out, if you're using v2.1+, then you should try and use the lockout functionality they added first, before trying the solution below. See their blog post for a full sample: http://blogs.msdn.com/b/webdev/archive/2014/08/05/announcing-rtm-of-asp-net-identity-2-1-0.aspx

2.0版本具有您可以用它来闭锁用户IUserLockoutStore接口，但不足之处是没有OOB功能实际利用它超出了的UserManager类公开直通方法。举例来说，如果它实际上递增锁定计数为标准的用户名/密码验证过程的一部分，这将是很好。然而，这是相当琐碎自己实现。

Version 2.0 has the IUserLockoutStore interface that you can use to lockout users, but the downside is that there is no OOB functionality to actually leverage it beyond the pass-through methods exposed by the UserManager class. For instance, it would be nice if it would actually increment the lockout count as a part of the standard username/password verification process. However, it's fairly trivial to implement yourself.

第1步：创建一个实现IUserLockoutStore一个自定义的用户存储

Step #1: Create a custom user store that implements IUserLockoutStore.

// I'm specifying the TKey generic param here since we use int's for our DB keys
// you may need to customize this for your environment
public class MyUserStore : IUserLockoutStore<MyUser, int>
{
    // IUserStore implementation here

    public Task<DateTimeOffset> GetLockoutEndDateAsync(MyUser user)
    {
        //..
    }

    public Task SetLockoutEndDateAsync(MyUser user, DateTimeOffset lockoutEnd)
    {
        //..
    }

    public Task<int> IncrementAccessFailedCountAsync(MyUser user)
    {
        //..
    }

    public Task ResetAccessFailedCountAsync(MyUser user)
    {
        //..
    }

    public Task<int> GetAccessFailedCountAsync(MyUser user)
    {
        //..
    }

    public Task<bool> GetLockoutEnabledAsync(MyUser user)
    {
        //..
    }

    public Task SetLockoutEnabledAsync(MyUser user, bool enabled)
    {
        //..
    }
}

第2步：相反的UserManager的，使用下面的类在登录/注销行为，它传递您的自定义用户存储的实例

Step #2: Instead of UserManager, use the following class in your login/logout actions, passing it an instance of your custom user store.

public class LockingUserManager<TUser, TKey> : UserManager<TUser, TKey>
    where TUser : class, IUser<TKey> 
    where TKey : IEquatable<TKey> 
{
    private readonly IUserLockoutStore<TUser, TKey> _userLockoutStore;

    public LockingUserManager(IUserLockoutStore<TUser, TKey> store)
        : base(store)
    {
        if (store == null) throw new ArgumentNullException("store");

        _userLockoutStore = store;
    }

    public override async Task<TUser> FindAsync(string userName, string password)
    {
        var user = await FindByNameAsync(userName);

        if (user == null) return null;

        var isUserLockedOut = await GetLockoutEnabled(user);

        if (isUserLockedOut) return user;

        var isPasswordValid = await CheckPasswordAsync(user, password);

        if (isPasswordValid)
        {
            await _userLockoutStore.ResetAccessFailedCountAsync(user);
        }
        else
        {
            await IncrementAccessFailedCount(user);

            user = null;
        }

        return user;
    }

    private async Task<bool> GetLockoutEnabled(TUser user)
    {
        var isLockoutEnabled = await _userLockoutStore.GetLockoutEnabledAsync(user);

        if (isLockoutEnabled == false) return false;

        var shouldRemoveLockout = DateTime.Now >= await _userLockoutStore.GetLockoutEndDateAsync(user);

        if (shouldRemoveLockout)
        {
            await _userLockoutStore.ResetAccessFailedCountAsync(user);

            await _userLockoutStore.SetLockoutEnabledAsync(user, false);

            return false;
        }

        return true;
    }

    private async Task IncrementAccessFailedCount(TUser user)
    {
        var accessFailedCount = await _userLockoutStore.IncrementAccessFailedCountAsync(user);

        var shouldLockoutUser = accessFailedCount > MaxFailedAccessAttemptsBeforeLockout;

        if (shouldLockoutUser)
        {
            await _userLockoutStore.SetLockoutEnabledAsync(user, true);

            var lockoutEndDate = new DateTimeOffset(DateTime.Now + DefaultAccountLockoutTimeSpan);

            await _userLockoutStore.SetLockoutEndDateAsync(user, lockoutEndDate);
        }
    }
}

示例

    [AllowAnonymous]
    [HttpPost]
    public async Task<ActionResult> Login(string userName, string password)
    {
        var userManager = new LockingUserManager<MyUser, int>(new MyUserStore())
        {
            DefaultAccountLockoutTimeSpan = /* get from appSettings */,
            MaxFailedAccessAttemptsBeforeLockout = /* get from appSettings */
        };

        var user = await userManager.FindAsync(userName, password);

        if (user == null)
        {
            // bad username or password; take appropriate action
        }

        if (await _userManager.GetLockoutEnabledAsync(user.Id))
        {
            // user is locked out; take appropriate action
        }

        // username and password are good
        // mark user as authenticated and redirect to post-login landing page
    }

如果你想手动锁定有人出来，你可以设置任何标志，你的 MyUserStore.GetLockoutEnabledAsync）检查（。

If you want to manually lock someone out, you can set whatever flag you're checking in MyUserStore.GetLockoutEnabledAsync().

这篇关于ASP.net身份禁用用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！