我必须在 MVC2 项目中为 SqlMembershipProvider 实现“您的帐户已锁定!”消息。
我该怎么做?
基本上我的登录代码如下:
[RequireHttps]
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if (MembershipService.ValidateUser(model.UserName, model.Password))
{
FormsService.SignIn(model.UserName, model.RememberMe);
UserProfile profile = UserProfile.GetUserProfile(model.UserName);
//....
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
return View(model);
}
最佳答案
和普通成员(member)一样吗?
MembershipUser user = Membership.GetUser("Username")
if (user != null && user.IsLockedOut)
{
return View("YourPasswordIsTooAmbiguousSoYouGotLockedOut");
}
MSDN:Membership.GetUser(string username)
-边注-
您执行身份验证的顺序实际上是安全和用户体验方面的事情。我建议使用以下伪代码(但我不是专家):
public ActionResult LogOn(LogOnModel model)
{
// Is model valid?
if (!ModelState.IsValid)
{
this.ViewData["LogOnError"] = "Bad Credentials.";
return this.View(model);
}
// Is user valid?
if(!MembershipService.ValidateUser(model.UserName, model.Password))
{
this.ViewData["LogOnError"] = "Wrong Credentials.";
return this.View(model);
}
MembershipUser user = Membership.GetUser(model.UserName);
// Was the user deleted in the last nano-second?
if (user == null)
{
this.ViewData["LogOnError"] = "Race Condition: User previously deleted.";
return this.View(model);
}
// Is user locked out?
if(user.IsLockedOut)
{
this.ViewData["LogOnError"] = "You are locked out.";
return this.View(model);
}
// Sign the user in.
FormsService.SignIn(model.UserName, model.RememberMe);
return this.View("LogOnSuccessful");
}
关于c# - 通知用户有关帐户锁定的信息,即在 ASP .NET MVC2 下,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9025789/