我使用带有Identity2.0 AccessFailedCount的Webapi,LockoutEndDateUtc没有在无效的用户名和密码上进行检测.我实现了WebAPI提供的基于令牌的身份验证.请帮忙 .
这是代码片段
using (UserManager<ApplicationUser> userManager = userManagerFactory)
{
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
if (await userManager.IsLockedOutAsync(user.Id))
{
context.SetError("lock_out", "The account is locked.");
return;
}
if (!userManager.IsEmailConfirmed(user.Id))
{
context.SetError("inactive_user", "The user is not active. Please check your Register Email to verify.");
return;
}
ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user,
context.Options.AuthenticationType);
ClaimsIdentity cookiesIdentity = await userManager.CreateIdentityAsync(user,
CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user);
AuthenticationTicket ticket = new …asp.net asp.net-mvc asp.net-web-api asp.net-web-api2 asp.net-identity-2