Dev*_*per 1 c# asp.net asp.net-membership asp.net-mvc-2
我必须在MVC2项目中为SqlMembershipProvider 实现" Your Account is Locked! "消息.
我怎么能这样做?
基本上我的登录代码如下:
[RequireHttps]
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if (MembershipService.ValidateUser(model.UserName, model.Password))
{
FormsService.SignIn(model.UserName, model.RememberMe);
UserProfile profile = UserProfile.GetUserProfile(model.UserName);
//....
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
return View(model);
}
它就像普通会员一样吗?
MembershipUser user = Membership.GetUser("Username")
if (user != null && user.IsLockedOut)
{
return View("YourPasswordIsTooAmbiguousSoYouGotLockedOut");
}
MSDN:Membership.GetUser(字符串用户名)
- 旁注 -
您进行身份验证的顺序实际上是一个Security&UX事物.我建议使用以下伪代码(但我不是专家):
public ActionResult LogOn(LogOnModel model)
{
// Is model valid?
if (!ModelState.IsValid)
{
this.ViewData["LogOnError"] = "Bad Credentials.";
return this.View(model);
}
// Is user valid?
if(!MembershipService.ValidateUser(model.UserName, model.Password))
{
this.ViewData["LogOnError"] = "Wrong Credentials.";
return this.View(model);
}
MembershipUser user = Membership.GetUser(model.UserName);
// Was the user deleted in the last nano-second?
if (user == null)
{
this.ViewData["LogOnError"] = "Race Condition: User previously deleted.";
return this.View(model);
}
// Is user locked out?
if(user.IsLockedOut)
{
this.ViewData["LogOnError"] = "You are locked out.";
return this.View(model);
}
// Sign the user in.
FormsService.SignIn(model.UserName, model.RememberMe);
return this.View("LogOnSuccessful");
}
| 归档时间: |
|
| 查看次数: |
1449 次 |
| 最近记录: |