开发者

How to lock user using forms authentication

Coding Platform: ASP.NET 4.0 Webforms with C#

I have two roles admin and member.

In my application, admin can manipulate most of the member data.

I know that in forms authentication a user can be unlocked like,

            Membersh开发者_Go百科ipUser user = Membership.GetUser(clickeduserName);
            user.UnlockUser();
            Membership.UpdateUser(user);

My questions are,

  1. How to lock a user in forms authentication?
  2. Why is MembershipUser.IsLockedOut Property set as ReadOnly?
  3. Is it not the right way to LockOut people as an administrator?


There are a few options discussed here: http://forums.asp.net/t/1435151.aspx

They vary from using IsApproved (settable) instead of IsLockedOut to mucking with the underlying SQL database to set the lockout flag.


You can make it lock the user (set .IsLockedOut to true) by doing the following:

    MembershipUser user = Membership.GetUser("UserToLock");        
    for (int i = 0; i < Membership.MaxInvalidPasswordAttempts; i++)
    {
        Membership.ValidateUser(user.UserName, "Not the right password");
    }


Excerpt from MSDN:

Normally, User's are LockedOut automatically when the MaxInvalidPasswordAttempts is reached within the PasswordAttemptWindow.

Users can also be locked out if you use the GetPassword or ResetPassword overload that accepts a password answer and the number of bad answers entered by the user reaches the value of Membership.MaxInvalidPasswordAttempts within the Membership.PasswordAttemptWindow.

A workaround could be to use IsApproved property like this:

MembershipUser user = Membership.GetUser();
user.IsApproved = false;
Membership.UpdateUser(user);
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜