Roh*_*rma 4 asp.net asp.net-mvc asp.net-web-api asp.net-web-api2 asp.net-identity-2
我使用带有Identity2.0 AccessFailedCount的Webapi,LockoutEndDateUtc没有在无效的用户名和密码上进行检测.我实现了WebAPI提供的基于令牌的身份验证.请帮忙 .
这是代码片段
using (UserManager<ApplicationUser> userManager = userManagerFactory)
{
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
if (await userManager.IsLockedOutAsync(user.Id))
{
context.SetError("lock_out", "The account is locked.");
return;
}
if (!userManager.IsEmailConfirmed(user.Id))
{
context.SetError("inactive_user", "The user is not active. Please check your Register Email to verify.");
return;
}
ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user,
context.Options.AuthenticationType);
ClaimsIdentity cookiesIdentity = await userManager.CreateIdentityAsync(user,
CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
最后我已经解决了这个代码
// To lock the user with userName ---- setting of maximum access 5 in IdentityConfig.cs File
ApplicationUser userToLock = await userManager.FindByNameAsync(context.UserName);
if (userToLock != null)
{
await userManager.AccessFailedAsync(userToLock.Id);
}
现在访问AccessFailedCount,LockoutEndDateUtc获得价值
谢谢你的帮助.特别感谢@trailmax ......将我的想法转移到webapi
要增加AccessFailedCount用户,每次登录无效时,您都需要调用
await userManager.AccessFailedAsync(user.Id);
否则,这不会以任何方式为您完成。
ApplicationSignInManager为你做这个,但是(据我所知)这个类只适用于 MVC,不适用于 WebAPI
| 归档时间: |
|
| 查看次数: |
1988 次 |
| 最近记录: |