0
我建立一個網站一個登錄頁面,並要防止從登錄用戶後5試20分鐘 失敗可能的一種方式是這樣的會話值超時
const int maxTryCount = 5;
const int minutesToSuspend = 20;
[HttpPost]
public ActionResult Index(PeopleAccount account, string returnUrl)
{
if (Session["TimeStamp"] == null || ((DateTime)Session["TimeStamp"]).AddMinutes(minutesToSuspend) <= DateTime.Now)
{
PeopleAccountService service = new PeopleAccountService();
DataSet ds = service.Authentication(account.UserName, account.Password, null, null);
if (ds.Tables[1].Rows.Count > 0)
{
FormsAuthentication.SetAuthCookie(account.UserName, false);
Session.Clear();
Session["UserAccressibility"] = ds.Tables[0];
Session["UserFullName"] = ds.Tables[1].Rows[0][0];
if (returnUrl != null && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
return Redirect(returnUrl);
return RedirectToAction("Index", "Stuff", null);
}
else
{
Session["TryCount"] = (Session["TryCount"] == null
|| (Session["TimeStamp"] != null && ((DateTime)Session["TimeStamp"]).AddMinutes(minutesToSuspend) <= DateTime.Now)) ?
1 : ((int)Session["TryCount"]) + 1;
if ((int)Session["TryCount"] > maxTryCount)
{
Session["TimeStamp"] = DateTime.Now;
return Redirect("~/UnauthorizedAccess/Index");
}
ModelState.AddModelError("", Paymankaran.Content.Messages.InvalidUsernameAndOrPassword);
ModelState.AddModelError("", string.Format(Paymankaran.Content.Messages.TryCountWarning,
Session["TryCount"], maxTryCount, minutesToSuspend));
return View();
}
}
return Redirect("~/UnauthorizedAccess/Index");
}
}
事實上,我使用Session [」 TimeStamp「]和Session [」TryCount「]變量來實現此功能 是否有更好或更安全的方法? 這是實現此功能的好方法嗎?