How to lock user using forms authentication
Coding Platform: ASP.NET 4.0 Webforms with C#
I have two roles admin and member.
In my application, admin can manipulate most of the member data. I know that in forms authentication a user can be unlocked like, Membersh开发者_Go百科ipUser user = Membership.GetUser(clickeduserName);
user.UnlockUser();
Membership.UpdateUser(user);
My questions are,
- How to lock a user in forms authentication?
- Why is
MembershipUser.IsLockedOut Property
set as ReadOnly? - Is it not the right way to LockOut people as an administrator?
There are a few options discussed here: http://forums.asp.net/t/1435151.aspx
They vary from using IsApproved (settable) instead of IsLockedOut to mucking with the underlying SQL database to set the lockout flag.
You can make it lock the user (set .IsLockedOut
to true) by doing the following:
MembershipUser user = Membership.GetUser("UserToLock");
for (int i = 0; i < Membership.MaxInvalidPasswordAttempts; i++)
{
Membership.ValidateUser(user.UserName, "Not the right password");
}
Excerpt from MSDN:
Normally, User's are
LockedOut
automatically when theMaxInvalidPasswordAttempts
is reached within thePasswordAttemptWindow
.Users can also be locked out if you use the
GetPassword
orResetPassword
overload that accepts a password answer and the number of bad answers entered by the user reaches the value of Membership.MaxInvalidPasswordAttempts
within theMembership.PasswordAttemptWindow
.
A workaround could be to use IsApproved property like this:
MembershipUser user = Membership.GetUser();
user.IsApproved = false;
Membership.UpdateUser(user);
精彩评论