在Simple Membership Provider中,我们可以执行以下操作来跟踪无效登录尝试次数。
WebSecurity.IsAccountLockedOut(userName, allowedPasswordAttempts, intervalInSeconds)
ASP NET身份(http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity)
不支持此功能我尝试在大约5次登录尝试后在无效登录尝试中显示ReCaptcha。我在ASP NET Identity MVC 5中找不到任何示例。任何帮助?
答案 0 :(得分:1)
尝试将ApplicationOAuthProvider.cs中的GrantResourceOwnerCredentials方法更改为:
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
T user = await _userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
if (((int) HttpContext.Current.Session["Tries"]) >= 5)
{
context.SetError("maximum_tries", "You tried too many times");
return;
}
context.SetError("invalid_grant", "The user name or password is incorrect.");
HttpContext.Current.Session["Tries"] = ((int)HttpContext.Current.Session["Tries"]) + 1;
return;
}
ClaimsIdentity oAuthIdentity = await _userManager.CreateIdentityAsync(user,
context.Options.AuthenticationType);
var ticket = new AuthenticationTicket(oAuthIdentity, GenerareProperties(user));
context.Validated(ticket);
ClaimsIdentity cookiesIdentity = await _userManager.CreateIdentityAsync(user,
CookieAuthenticationDefaults.AuthenticationType);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
HttpContext.Current.Session["Tries"] = 0;
}
我只是使用会话来跟踪用户写入无效密码的次数。如果会话值等于5,那么我们将显示另一条消息。
答案 1 :(得分:1)
最新版本的ASP.NET Identity:最近发布了2.0.0-beta1,并且ASP.NET Identity使用了两个名为UserManager和UserStore的新类。
您可以从以下链接获得ASP.NET Identity的介绍:
如果您想通过使用ASP.NET Identiy来应用注册和登录,以下链接是有帮助的:
http://www.c-sharpcorner.com/UploadFile/4b0136/working-with-mvc-using-Asp-Net-identity-2-0-0-beta1/