Clever Geek Handbook

MVC 5 Identity 2.0 lock not working

I need to block the user forever. I don't understand why this code is not working.

This string UserManager.IsLockedOut(user.Id);

will always return false

instead true

.

Perhaps you need to put this line UserManager.UserLockoutEnabledByDefault = true;

at the stage of user registration?

using (var _db = new ApplicationDbContext())
{
    UserStore<DALApplicationUser> UserStore = new UserStore<DALApplicationUser>(_db);
    UserManager<DALApplicationUser> UserManager = new UserManager<DALApplicationUser>(UserStore);
    UserManager.UserLockoutEnabledByDefault = true;
    DALApplicationUser user = _userService.GetUserByProfileId(id);
    bool a = UserManager.IsLockedOut(user.Id);
    UserManager.SetLockoutEnabled(user.Id, true);

    a = UserManager.IsLockedOut(user.Id);
    _db.SaveChanges();
}
+3


source to share


3 answers


Line

UserManager.SetLockoutEnabled(user.Id, true);

does not block or unlock the account. This method is used to permanently enable or disable the lockout process for a given user account. However, you make a call that basically sets this user account to be bound by the account blocking rules. Making a call with a second parameter like false

:

UserManager.SetLockoutEnabled(user.Id, false);

will allow you to set up a user account that is exempt from blocking rules - this can be useful for an administrator account.



Here is the code for UserManager.IsLockedOutAsync

:

/// <summary>
///     Returns true if the user is locked out
/// </summary>
/// <param name="userId"></param>
/// <returns></returns>
public virtual async Task<bool> IsLockedOutAsync(TKey userId)
{
    ThrowIfDisposed();
    var store = GetUserLockoutStore();
    var user = await FindByIdAsync(userId).WithCurrentCulture();
    if (user == null)
    {
        throw new InvalidOperationException(String.Format(CultureInfo.CurrentCulture, Resources.UserIdNotFound,
            userId));
    }
    if (!await store.GetLockoutEnabledAsync(user).WithCurrentCulture())
    {
        return false;
    }
    var lockoutTime = await store.GetLockoutEndDateAsync(user).WithCurrentCulture();
    return lockoutTime >= DateTimeOffset.UtcNow;
}

As you can see, in order for a user to be classified as locked, the lock must be enabled as above and the user must have a value LockoutEndDateUtc

that is greater than or equal to the current date.

So, to "permanently" block an account, you can do the following:

using (var _db = new ApplicationDbContext())
{
    UserStore<DALApplicationUser> UserStore = new UserStore<DALApplicationUser>(_db);
    UserManager<DALApplicationUser> UserManager = new UserManager<DALApplicationUser>(UserStore);
    UserManager.UserLockoutEnabledByDefault = true;
    DALApplicationUser user = _userService.GetUserByProfileId(id);

    bool a = UserManager.IsLockedOut(user.Id);

    //user.LockoutEndDateUtc = DateTime.MaxValue; //.NET 4.5+
    user.LockoutEndDateUtc = new DateTime(9999, 12, 30);
    _db.SaveChanges();

    a = UserManager.IsLockedOut(user.Id);
}
+14


source


The function SetLockoutEnabled

does not block the user, it enables the blocking function for the user

you need



UserManager.DefaultAccountLockoutTimeSpan = TimeSpan.FromHours(1); // lockout for 1 hour
UserManager.MaxFailedAccessAttemptsBeforeLockout = 5; // max fail attemps
UserManager.AccessFailedAsync(user.Id); // Register failed access

It will log the failure and block the user if blocking is enabled and the number of errors.

+8


source


Set shouldLockout to true in the Login action (it is false by default)

            // To enable password failures to trigger account lockout, change to shouldLockout: true
            var result = await SignInManager.PasswordSignInAsync(vm.Email, vm.Password, vm.RememberMe, shouldLockout: true);
+5


source






More articles:


All Articles