1. 首頁
  2. 問答
  3. 通知用戶有關帳戶鎖定,即在ASP .NET MVC2

通知用戶有關帳戶鎖定,即在ASP .NET MVC2

2012-01-26 47 views
1

我必須爲MVC2項目中的SqlMembershipProvider實現「您的帳戶鎖定!」消息。通知用戶有關帳戶鎖定,即在ASP .NET MVC2

我該怎麼做?

基本上我的代碼登錄的樣子:

[RequireHttps] 
[HttpPost] 
public ActionResult LogOn(LogOnModel model, string returnUrl) 
{ 
     if (ModelState.IsValid) 
     { 
       if (MembershipService.ValidateUser(model.UserName, model.Password)) 
       { 
        FormsService.SignIn(model.UserName, model.RememberMe); 

        UserProfile profile = UserProfile.GetUserProfile(model.UserName); 

       //.... 
       } 
       else 
       { 
      ModelState.AddModelError("", "The user name or password provided is incorrect."); 
     } 
    } 

    return View(model); 
}

來源

2012-01-26 Academy of Programmer

回答

6

,是不是就是正常的會員?

MembershipUser user = Membership.GetUser("Username") 

if (user != null && user.IsLockedOut) 
{ 
    return View("YourPasswordIsTooAmbiguousSoYouGotLockedOut"); 
}

MSDN:Membership.GetUser(string username)

- 旁註 -

中,你做的認證確實是一個安全& UX事情的順序。我建議下面的僞代碼(但我不是專家):

public ActionResult LogOn(LogOnModel model) 
{ 
    // Is model valid? 
    if (!ModelState.IsValid) 
    { 
     this.ViewData["LogOnError"] = "Bad Credentials."; 
     return this.View(model); 
    } 

    // Is user valid? 
    if(!MembershipService.ValidateUser(model.UserName, model.Password)) 
    { 
     this.ViewData["LogOnError"] = "Wrong Credentials."; 
     return this.View(model); 
    } 

    MembershipUser user = Membership.GetUser(model.UserName); 

    // Was the user deleted in the last nano-second? 
    if (user == null) 
    { 
     this.ViewData["LogOnError"] = "Race Condition: User previously deleted."; 
     return this.View(model); 
    } 

    // Is user locked out? 
    if(user.IsLockedOut) 
    { 
     this.ViewData["LogOnError"] = "You are locked out."; 
     return this.View(model); 
    } 

    // Sign the user in. 
    FormsService.SignIn(model.UserName, model.RememberMe); 

    return this.View("LogOnSuccessful"); 
}

來源

2012-01-26 21:52:33

+0

有我的行之前使用它:如果(MembershipService.ValidateUser(model.UserName,model.Password)) {...還是怎麼樣? –

+1

是的,你想在試圖簽署用戶之前使用它*。 –

1

從你的代碼我可以告訴你已經使用ModelState來顯示錯誤給用戶。所以你可能也會這樣做來通知有關鎖定的帳戶。代碼您的驗證部分之前請執行下列操作:

[RequireHttps] 
[HttpPost] 
public ActionResult LogOn(LogOnModel model, string returnUrl) 
{ 
     if (ModelState.IsValid) 
     { 
      UserProfile profile = UserProfile.GetUserProfile(model.UserName); // Moved this here because locking check should be done before ValidateUser() 
      if (profile != null && !profile.IsLockedOut) 
      { 

       if (MembershipService.ValidateUser(model.UserName, model.Password)) 
       { 
        FormsService.SignIn(model.UserName, model.RememberMe); 

       //.... 
       } 
       else 
       { 
        ModelState.AddModelError("", "The user name or password provided is incorrect."); 
       } 
     } 
     else 
     { 
      ModelState.AddModelError("", "The user account does not exist or has been locked out."); 
     } 
    } 

    return View(model); 
}

來源

2012-01-26 22:00:45

相關問題

 相關問題