通知用户有关帐户锁定，即在ASP .NET MVC2

问题描述：

我必须为MVC2项目中的SqlMembershipProvider实现“您的帐户锁定！”消息。通知用户有关帐户锁定，即在ASP .NET MVC2

我该怎么做？

基本上我的代码登录的样子：

[RequireHttps] 
[HttpPost] 
public ActionResult LogOn(LogOnModel model, string returnUrl) 
{ 
     if (ModelState.IsValid) 
     { 
       if (MembershipService.ValidateUser(model.UserName, model.Password)) 
       { 
        FormsService.SignIn(model.UserName, model.RememberMe); 

        UserProfile profile = UserProfile.GetUserProfile(model.UserName); 

       //.... 
       } 
       else 
       { 
      ModelState.AddModelError("", "The user name or password provided is incorrect."); 
     } 
    } 

    return View(model); 
}

答

，是不是就是正常的会员？

MembershipUser user = Membership.GetUser("Username") 

if (user != null && user.IsLockedOut) 
{ 
    return View("YourPasswordIsTooAmbiguousSoYouGotLockedOut"); 
}

MSDN：Membership.GetUser(string username)

- 旁注 -

中，你做的认证确实是一个安全& UX事情的顺序。我建议下面的伪代码（但我不是专家）：

public ActionResult LogOn(LogOnModel model) 
{ 
    // Is model valid? 
    if (!ModelState.IsValid) 
    { 
     this.ViewData["LogOnError"] = "Bad Credentials."; 
     return this.View(model); 
    } 

    // Is user valid? 
    if(!MembershipService.ValidateUser(model.UserName, model.Password)) 
    { 
     this.ViewData["LogOnError"] = "Wrong Credentials."; 
     return this.View(model); 
    } 

    MembershipUser user = Membership.GetUser(model.UserName); 

    // Was the user deleted in the last nano-second? 
    if (user == null) 
    { 
     this.ViewData["LogOnError"] = "Race Condition: User previously deleted."; 
     return this.View(model); 
    } 

    // Is user locked out? 
    if(user.IsLockedOut) 
    { 
     this.ViewData["LogOnError"] = "You are locked out."; 
     return this.View(model); 
    } 

    // Sign the user in. 
    FormsService.SignIn(model.UserName, model.RememberMe); 

    return this.View("LogOnSuccessful"); 
}

有我的行之前使用它：如果（MembershipService.ValidateUser（model.UserName，model.Password）） {...还是怎么样？ –

是的，你想在试图签署用户之前使用它*。 –

答

从你的代码我可以告诉你已经使用ModelState来显示错误给用户。所以你可能也会这样做来通知有关锁定的帐户。代码您的验证部分之前请执行下列操作：

[RequireHttps] 
[HttpPost] 
public ActionResult LogOn(LogOnModel model, string returnUrl) 
{ 
     if (ModelState.IsValid) 
     { 
      UserProfile profile = UserProfile.GetUserProfile(model.UserName); // Moved this here because locking check should be done before ValidateUser() 
      if (profile != null && !profile.IsLockedOut) 
      { 

       if (MembershipService.ValidateUser(model.UserName, model.Password)) 
       { 
        FormsService.SignIn(model.UserName, model.RememberMe); 

       //.... 
       } 
       else 
       { 
        ModelState.AddModelError("", "The user name or password provided is incorrect."); 
       } 
     } 
     else 
     { 
      ModelState.AddModelError("", "The user account does not exist or has been locked out."); 
     } 
    } 

    return View(model); 
}

通知用户有关帐户锁定，即在ASP .NET MVC2

相关推荐