通知用户有关帐户锁定,即在ASP .NET MVC2
问题描述:
我必须为MVC2项目中的SqlMembershipProvider实现“您的帐户锁定!”消息。通知用户有关帐户锁定,即在ASP .NET MVC2
我该怎么做?
基本上我的代码登录的样子:
[RequireHttps]
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if (MembershipService.ValidateUser(model.UserName, model.Password))
{
FormsService.SignIn(model.UserName, model.RememberMe);
UserProfile profile = UserProfile.GetUserProfile(model.UserName);
//....
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
return View(model);
}
答
,是不是就是正常的会员?
MembershipUser user = Membership.GetUser("Username")
if (user != null && user.IsLockedOut)
{
return View("YourPasswordIsTooAmbiguousSoYouGotLockedOut");
}
MSDN:Membership.GetUser(string username)
- 旁注 -
中,你做的认证确实是一个安全& UX事情的顺序。我建议下面的伪代码(但我不是专家):
public ActionResult LogOn(LogOnModel model)
{
// Is model valid?
if (!ModelState.IsValid)
{
this.ViewData["LogOnError"] = "Bad Credentials.";
return this.View(model);
}
// Is user valid?
if(!MembershipService.ValidateUser(model.UserName, model.Password))
{
this.ViewData["LogOnError"] = "Wrong Credentials.";
return this.View(model);
}
MembershipUser user = Membership.GetUser(model.UserName);
// Was the user deleted in the last nano-second?
if (user == null)
{
this.ViewData["LogOnError"] = "Race Condition: User previously deleted.";
return this.View(model);
}
// Is user locked out?
if(user.IsLockedOut)
{
this.ViewData["LogOnError"] = "You are locked out.";
return this.View(model);
}
// Sign the user in.
FormsService.SignIn(model.UserName, model.RememberMe);
return this.View("LogOnSuccessful");
}
答
从你的代码我可以告诉你已经使用ModelState来显示错误给用户。所以你可能也会这样做来通知有关锁定的帐户。代码您的验证部分之前请执行下列操作:
[RequireHttps]
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid)
{
UserProfile profile = UserProfile.GetUserProfile(model.UserName); // Moved this here because locking check should be done before ValidateUser()
if (profile != null && !profile.IsLockedOut)
{
if (MembershipService.ValidateUser(model.UserName, model.Password))
{
FormsService.SignIn(model.UserName, model.RememberMe);
//....
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
else
{
ModelState.AddModelError("", "The user account does not exist or has been locked out.");
}
}
return View(model);
}
有我的行之前使用它:如果(MembershipService.ValidateUser(model.UserName,model.Password)) {...还是怎么样? –
是的,你想在试图签署用户之前使用它*。 –