本文介绍了一种在用户登录失败多次后自动锁定,并在指定时间后自动解锁的机制实现。通过在web.config中配置并创建自定义的AutoUnlockProvider类,可以实现在一定时间后自动解锁被锁定的用户账户。
在数据库里就一个字段,手动改回来也行。
但最好能有自动解锁的功能。哈哈。
下面参考了 国外的文章弄了一下,可行。
web.config memship下加了一个配置信息autounlocksample
<
membership
defaultProvider
="SQLProvider"
userIsOnlineTimeWindow
="15"
>
<
providers
>
<
clear
/>
<
add
name
="SQLProvider"
type
="System.Web.Security.SqlMembershipProvider"
connectionStringName
="SQL_UINIRMS"
applicationName
="UINIRMS"
enablePasswordRetrieval
="false"
enablePasswordReset
="true"
requiresQuestionAndAnswer
="true"
requiresUniqueEmail
="true"
passwordFormat
="Hashed"
maxInvalidPasswordAttempts
="5"
minRequiredPasswordLength
="1"
minRequiredNonalphanumericCharacters
="0"
passwordAttemptWindow
="10"
/>
<
add
name
="autounlocksample"
type
="AutoUnlockProvider"
connectionStringName
="SQL_UINIRMS"
autoUnlockTimeout
="2"
applicationName
="UINIRMS"
/>
</
providers
>
</ membership >
<
providers
>
<
clear
/>
<
add
name
="SQLProvider"
type
="System.Web.Security.SqlMembershipProvider"
connectionStringName
="SQL_UINIRMS"
applicationName
="UINIRMS"
enablePasswordRetrieval
="false"
enablePasswordReset
="true"
requiresQuestionAndAnswer
="true"
requiresUniqueEmail
="true"
passwordFormat
="Hashed"
maxInvalidPasswordAttempts
="5"
minRequiredPasswordLength
="1"
minRequiredNonalphanumericCharacters
="0"
passwordAttemptWindow
="10"
/>
<
add
name
="autounlocksample"
type
="AutoUnlockProvider"
connectionStringName
="SQL_UINIRMS"
autoUnlockTimeout
="2"
applicationName
="UINIRMS"
/>
</
providers
>
</ membership >
在App_Data文件夹下新建了一个类AutoUnlockProvider
1
using
System;
2 using System.Web.Security;
3 public class AutoUnlockProvider :SqlMembershipProvider
4 {
5 private int autoUnlockTimeout = 2 ; // Default to 60 minutes
6 public override void Initialize( string name,
7 System.Collections.Specialized.NameValueCollection config)
8 {
9 string sunlockTimeOut = config[ " autoUnlockTimeout " ];
10 if ( ! String.IsNullOrEmpty(sunlockTimeOut))
11 autoUnlockTimeout = Int32.Parse(sunlockTimeOut);
12 config.Remove( " autoUnlockTimeout " );
13 base .Initialize(name, config);
14 }
15
16 // other provider overrides
17 public override bool ValidateUser( string username, string password)
18 {
19 bool retval = Membership.ValidateUser(username, password);
20 // The account may be locked out at this point
21 if (retval == false )
22 {
23 bool successfulUnlock = AutoUnlockUser(username);
24 if (successfulUnlock)
25 // re-attempt the login
26 return Membership.ValidateUser(username, password);
27 else
28 return false ;
29 }
30 else
31 return retval; // first login was successful
32 }
33
34 private bool AutoUnlockUser( string username)
35 {
36 MembershipUser mu = Membership.GetUser(username, false );
37 if ((mu != null ) &&
38 (mu.IsLockedOut) &&
39 (mu.LastLockoutDate.ToUniversalTime().AddMinutes(
40 autoUnlockTimeout)
41 < DateTime.UtcNow)
42 )
43 {
44 bool retval = mu.UnlockUser();
45 if (retval)
46 return true ;
47 else
48 return false ; // something went wrong with the unlock
49 }
50 else
51 return false ; // not locked out in the first place
52 // or still in lockout period
53 }
54 }
2 using System.Web.Security;
3 public class AutoUnlockProvider :SqlMembershipProvider
4 {
5 private int autoUnlockTimeout = 2 ; // Default to 60 minutes
6 public override void Initialize( string name,
7 System.Collections.Specialized.NameValueCollection config)
8 {
9 string sunlockTimeOut = config[ " autoUnlockTimeout " ];
10 if ( ! String.IsNullOrEmpty(sunlockTimeOut))
11 autoUnlockTimeout = Int32.Parse(sunlockTimeOut);
12 config.Remove( " autoUnlockTimeout " );
13 base .Initialize(name, config);
14 }
15
16 // other provider overrides
17 public override bool ValidateUser( string username, string password)
18 {
19 bool retval = Membership.ValidateUser(username, password);
20 // The account may be locked out at this point
21 if (retval == false )
22 {
23 bool successfulUnlock = AutoUnlockUser(username);
24 if (successfulUnlock)
25 // re-attempt the login
26 return Membership.ValidateUser(username, password);
27 else
28 return false ;
29 }
30 else
31 return retval; // first login was successful
32 }
33
34 private bool AutoUnlockUser( string username)
35 {
36 MembershipUser mu = Membership.GetUser(username, false );
37 if ((mu != null ) &&
38 (mu.IsLockedOut) &&
39 (mu.LastLockoutDate.ToUniversalTime().AddMinutes(
40 autoUnlockTimeout)
41 < DateTime.UtcNow)
42 )
43 {
44 bool retval = mu.UnlockUser();
45 if (retval)
46 return true ;
47 else
48 return false ; // something went wrong with the unlock
49 }
50 else
51 return false ; // not locked out in the first place
52 // or still in lockout period
53 }
54 }
login.aspx中需要用自己写的类中的方法来验证用户。
protected
void
Login1_Authenticate(
object
sender, AuthenticateEventArgs e)
{
if ( new AutoUnlockProvider().ValidateUser(Login1.UserName, Login1.Password))
{
if ( new AutoUnlockProvider().ValidateUser(Login1.UserName, Login1.Password))
欢迎交流。
扫一扫
4025
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
