我正在将Webapi与Identity2.0 AccessFailedCount一起使用,LockoutEndDateUtc不在无效的用户名和密码上增加任何内容。我已经实现了WebAPI提供的基于令牌的身份验证。请帮忙 。
这是代码片段
using (UserManager<ApplicationUser> userManager = userManagerFactory)
{
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
if (await userManager.IsLockedOutAsync(user.Id))
{
context.SetError("lock_out", "The account is locked.");
return;
}
if (!userManager.IsEmailConfirmed(user.Id))
{
context.SetError("inactive_user", "The user is not active. Please check your Register Email to verify.");
return;
}
ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user,
context.Options.AuthenticationType);
ClaimsIdentity cookiesIdentity = await userManager.CreateIdentityAsync(user,
CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
最佳答案
终于我用这段代码解决了
// To lock the user with userName ---- setting of maximum access 5 in IdentityConfig.cs File
ApplicationUser userToLock = await userManager.FindByNameAsync(context.UserName);
if (userToLock != null)
{
await userManager.AccessFailedAsync(userToLock.Id);
}
现在访问
AccessFailedCount
,LockoutEndDateUtc
获得价值感谢您的帮助。特别感谢@trailmax ...将我的思想转移到webapi