我正在将Webapi与Identity2.0 AccessFailedCount一起使用,LockoutEndDateUtc不在无效的用户名和密码上增加任何内容。我已经实现了WebAPI提供的基于令牌的身份验证。请帮忙 。

这是代码片段

        using (UserManager<ApplicationUser> userManager = userManagerFactory)
        {
            ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);

            if (user == null)
            {
                context.SetError("invalid_grant", "The user name or password is incorrect.");
                return;
            }
            if (await userManager.IsLockedOutAsync(user.Id))
            {
                context.SetError("lock_out", "The account is locked.");
                return;
            }

            if (!userManager.IsEmailConfirmed(user.Id))
            {
                context.SetError("inactive_user", "The user is not active. Please check your Register Email to verify.");
                return;
            }

            ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user,
                context.Options.AuthenticationType);
            ClaimsIdentity cookiesIdentity = await userManager.CreateIdentityAsync(user,
                CookieAuthenticationDefaults.AuthenticationType);
            AuthenticationProperties properties = CreateProperties(user);
            AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
            context.Validated(ticket);
            context.Request.Context.Authentication.SignIn(cookiesIdentity);
        }

最佳答案

终于我用这段代码解决了

// To lock the user with userName ---- setting of maximum access 5 in IdentityConfig.cs File
ApplicationUser userToLock = await userManager.FindByNameAsync(context.UserName);
if (userToLock != null)
{
    await userManager.AccessFailedAsync(userToLock.Id);
}


现在访问AccessFailedCountLockoutEndDateUtc获得价值

感谢您的帮助。特别感谢@trailmax ...将我的思想转移到webapi

09-05 21:33