ASP.NET Core 2.2 锁定未激活

【问题标题】:ASP.NET Core 2.2 Lockout not activatingASP.NET Core 2.2 锁定未激活
【发布时间】:2019-08-09 06:51:52
【问题描述】:

我正在使用PasswordSignInAsync 来验证我的用户,如下所示:

var result = await _signInManager.PasswordSignInAsync(Input.UserName, Input.Password, Input.RememberMe, lockoutOnFailure: true);

但是,我注意到当我故意输入错误的密码时,我无法被锁定。

这是我的 startup.cs:

var lockoutOptions = new LockoutOptions()
{
    AllowedForNewUsers = true,
    DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5),
    MaxFailedAccessAttempts = 5
};

services.AddIdentity<User, Role>(
    options => {
        options.Lockout = lockoutOptions;
    }
)
.AddEntityFrameworkStores<AppDbContext>();

当我故意输入错误的密码时,我检查了数据库,AccessFailedCount 增加 1 直到达到 5,然后再次变为 0,这意味着它确实在工作。它只是锁定部分不起作用。

【问题讨论】:

    标签: c# asp.net .net asp.net-mvc asp.net-core


    【解决方案1】:

    您是否检查过数据库中当前用户的LockoutEnabled 实际上是true?如果设置为false,则用户永远不会被锁定。

    【讨论】:

      【解决方案2】:

      这就是我在 asp.net core 2.2 中配置锁定功能的方式

      services
    .AddIdentity<User, ApplicationRole>(options =>
    {
        options.Password.RequireDigit = false;
        options.Password.RequiredLength = 4;
        options.Password.RequireLowercase = false;
        options.Password.RequireNonAlphanumeric = false;
        options.Password.RequireUppercase = false;

        //lock out attempt
        options.Lockout.AllowedForNewUsers = true;
        options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
        options.Lockout.MaxFailedAccessAttempts = 3;
    })
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddDefaultTokenProviders();

      然后在我的控制器登录方法中

      var result = await await _signInManager.PasswordSignInAsync(username, password, rememberMe, lockoutOnFailure);

if (result.Succeeded)
{
  return Ok();
}

      记得在 lockoutOnFailure 参数上替换 true

      【讨论】:

        【解决方案3】:

        如果您已将内置 IdentityUser 和 IdentityRole 扩展到您各自的自定义用户和角色,那么您必须在您的自定义 UserStore 上实现 IUserLockoutStore 并为每个实现编写相应的代码以更新您的 AccessFailCount。

        public class UserStore :  IUserStore<User>, IUserEmailStore<User>, IUserPasswordStore<User>, IUserRoleStore<User> IUserLockoutStore<User>
{

    #region Other Interface Implementation
    #endregion


    #region  IUserLockoutStore

    public Task<DateTimeOffset?> GetLockoutEndDateAsync(User user, CancellationToken cancellationToken)
    {

        cancellationToken.ThrowIfCancellationRequested();

        //Get user from Database and Set User LockoutEnd Date
        User user = FromDatabase(user.Id);

        return Task.FromResult(user.LockoutEnd);

    }

    public Task SetLockoutEndDateAsync(User user, DateTimeOffset? lockoutEnd, CancellationToken cancellationToken)
    {
        cancellationToken.ThrowIfCancellationRequested();

        user.LockoutEnd = lockoutEnd;

        return Task.FromResult(0);
    }

    public Task<int> IncrementAccessFailedCountAsync(User user, CancellationToken cancellationToken)
    {
        cancellationToken.ThrowIfCancellationRequested();

        user.AccessFailedCount += 1;

        return Task.FromResult(user.AccessFailedCount);
    }

    public Task ResetAccessFailedCountAsync(User user, CancellationToken cancellationToken)
    {
        cancellationToken.ThrowIfCancellationRequested();

        user.AccessFailedCount = 0;

        return Task.FromResult(0);
    }

    public Task<int> GetAccessFailedCountAsync(User user, CancellationToken cancellationToken)
    {
        cancellationToken.ThrowIfCancellationRequested();

        //Get user from database and assign accessFailedCount
          User user = FromDatabase(user.Id);

        return Task.FromResult(user.accessFailedCount);
    }

    public Task<bool> GetLockoutEnabledAsync(User user, CancellationToken cancellationToken)
    {
        cancellationToken.ThrowIfCancellationRequested();

        //Get user from database and assign isLockOutEnabled
        User user = FromDatabase(user.Id);

        return Task.FromResult(user.isLockOutEnabled);
    }

    public Task SetLockoutEnabledAsync(User user, bool enabled, CancellationToken cancellationToken)
    {
        cancellationToken.ThrowIfCancellationRequested();

        user.LockoutEnabled = enabled;

        return Task.FromResult(0);
    }

    #endregion 

    public User FromDataBase(string Id)
    {
        //Code to retrieve User from Database
    }
}

        在启动文件中,您必须在 ConfigureService 部分中编写以下内容

        public void ConfigureServices(IServiceCollection services)
    {

       //Other Configurations
        services.AddIdentity<User, Role>(
            options =>
            {

                options.Lockout.AllowedForNewUsers = true;
                options.Lockout.MaxFailedAccessAttempts = 3;
                options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(15);
            }
            ).AddDefaultTokenProviders();
    }

        【讨论】:

          【解决方案4】:

          LockoutEnabled”属性表示,用户可以被锁定。这并不意味着用户当前被禁止。因此您必须默认设置 LockoutEnabled=true

          https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.identity.identityuser-1.lockoutenabled?view=aspnetcore-2.1

          【讨论】:

            猜你喜欢
            • 1970-01-01
            • 1970-01-01
            • 2019-06-15
            • 1970-01-01
            • 1970-01-01
            • 1970-01-01
            • 2019-08-09
            • 2019-05-10
            • 1970-01-01
            相关资源
            最近更新 更多
            热门标签
            Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode