2011-07-26 201 views
0

我建立一個網站一個登錄頁面,並要防止從登錄用戶後5試20分鐘 失敗可能的一種方式是這樣的會話值超時

const int maxTryCount = 5; 
const int minutesToSuspend = 20; 

[HttpPost] 
    public ActionResult Index(PeopleAccount account, string returnUrl) 
    { 
     if (Session["TimeStamp"] == null || ((DateTime)Session["TimeStamp"]).AddMinutes(minutesToSuspend) <= DateTime.Now) 
     { 
      PeopleAccountService service = new PeopleAccountService(); 
      DataSet ds = service.Authentication(account.UserName, account.Password, null, null); 

      if (ds.Tables[1].Rows.Count > 0) 
      { 
       FormsAuthentication.SetAuthCookie(account.UserName, false); 
       Session.Clear(); 
       Session["UserAccressibility"] = ds.Tables[0]; 
       Session["UserFullName"] = ds.Tables[1].Rows[0][0]; 

       if (returnUrl != null && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\")) 
        return Redirect(returnUrl); 
       return RedirectToAction("Index", "Stuff", null); 
      } 
      else 
      { 
       Session["TryCount"] = (Session["TryCount"] == null 
             || (Session["TimeStamp"] != null && ((DateTime)Session["TimeStamp"]).AddMinutes(minutesToSuspend) <= DateTime.Now)) ? 
             1 : ((int)Session["TryCount"]) + 1; 

       if ((int)Session["TryCount"] > maxTryCount) 
       { 
        Session["TimeStamp"] = DateTime.Now; 
        return Redirect("~/UnauthorizedAccess/Index"); 
       } 

       ModelState.AddModelError("", Paymankaran.Content.Messages.InvalidUsernameAndOrPassword); 
       ModelState.AddModelError("", string.Format(Paymankaran.Content.Messages.TryCountWarning, 
                  Session["TryCount"], maxTryCount, minutesToSuspend)); 
       return View(); 
      } 
     } 

     return Redirect("~/UnauthorizedAccess/Index"); 
    } 
} 

事實上,我使用Session [」 TimeStamp「]和Session [」TryCount「]變量來實現此功能 是否有更好或更安全的方法? 這是實現此功能的好方法嗎?

回答