I am using asp.net membership provider for managing users. I have a requirement to lock user accounts for 30 mins after 5 unsuccessful attempts. How should I do that using asp.net membership provider on the server side?
我使用asp.net会员提供程序来管理用户。我要求在5次尝试失败后锁定用户帐户30分钟。我应该如何在服务器端使用asp.net成员资格提供程序?
Also I want that 'Passwords should expire after 3 months', 'Last 10 used passwords should be remembered'. Is there any way to solve these requirements.
此外,我希望“密码在3个月后过期”,“最后10个使用的密码应该被记住”。有没有办法解决这些要求。
5 个解决方案
#1
0
if you are using SqlMembershipProvider then use
如果您使用SqlMembershipProvider然后使用
maxInvalidPasswordAttempts for attempts
maxInvalidPasswordAttempts用于尝试
passwordAttemptWindow for locking for specified period
passwordAttemptWindow用于锁定指定的时间段
no option for password expiration or password history
没有密码过期或密码历史记录的选项
but if you are using ActiveDirectoryMembershipProvider then use
但如果您使用的是ActiveDirectoryMembershipProvider,请使用
maxInvalidPasswordAttempts for attempts
maxInvalidPasswordAttempts用于尝试
passwordAnswerAttemptLockoutDuration for locking for specified period
passwordAnswerAttemptLockoutDuration用于锁定指定的时间段
and ajust your domain policy for password expiration or password history
并调整您的域策略以获取密码过期或密码历史记录
full info here
完整信息在这里
http://msdn.microsoft.com/en-us/library/ff648345.aspx#paght000022_usingthesqlmembershipprovider
#2
1
For the first requirement, the membership provider offers a MaxInvalidPasswordAttempts property which you can use in conjunction with the PasswordAttemptWindow property.
对于第一个要求,成员资格提供程序提供MaxInvalidPasswordAttempts属性,您可以将其与PasswordAttemptWindow属性一起使用。
The 2nd requirement to the best of my knowledge would require you to customize the membership provider. The base membership provider does not retain prior passwords or have a forced password reset to my knowledge. This could be done if you create a custom provider yourself however.
据我所知,第二个要求需要您自定义成员资格提供者。根据我的知识,基本成员资格提供程序不会保留先前的密码或重置强制密码。如果您自己创建自定义提供程序,则可以执行此操作。
Starter material for creating a custom membership provider
用于创建自定义成员资格提供程序的入门材料
#3
0
ASp.Net membership provider doesn't provide any built in support for your requirements, still you can achieve them by doing some custom work.i-e
ASp.Net会员提供商不为您的要求提供任何内置支持,您仍然可以通过做一些自定义工作来实现它们.i-e
- You can schedule a job that unlocks all locked user accounts, every 30 minutes.
- In your application you can put a check if subsequent user logins are 3months apart, the user should be redirected to changepassword page.
- Last 10 password of the user can be kept in another table, for which you need to write some code on change password functionality.
您可以安排每30分钟解锁所有锁定用户帐户的作业。
在您的应用程序中,您可以检查后续用户登录是否相隔3个月,应将用户重定向到changepassword页面。
用户的最后10个密码可以保存在另一个表中,您需要为更改密码功能编写一些代码。
#4
0
Create custom membership provider. There You can implement all needed functionality, see sample: http://msdn.microsoft.com/en-us/library/44w5aswa.aspx
创建定制成员资格提供在那里您可以实现所有需要的功能,请参阅示例:http://msdn.microsoft.com/en-us/library/44w5aswa.aspx
#5
0
you can do all the above mentioned functionalities by creating proper tables in database. i.e.,
您可以通过在数据库中创建适当的表来完成上述所有功能。即,
-
create one table to store count of wrong attempts, increment count when wrong attempt occurs based on the primary key i.e user name, within 5 attempts if he logs successfully then try to make that count to null
创建一个表来存储错误尝试的计数,当基于主键,即用户名发生错误尝试时增加计数,如果他成功记录,则在5次尝试中尝试将该计数设为null
-
While locking the user after 5 unsuccessful attempts store the time and write one script to check that time continuously, when it meets 30mins call unlock method
在5次尝试失败后锁定用户存储时间并编写一个脚本以连续检查该时间,当它遇到30分钟时调用解锁方法
-
For password also take day count, i.e., from changed date, each time when user logs in after checking user validity check for password day count if it cross 3days prompt them to change
对于密码,还要记录日期计数,即更改日期,每次用户登录后检查用户有效性检查密码日计数,如果它跨越3天提示他们更改
-
If you are taking user name as primary key, create one more table to store max 10 passwords for each user, while inserting password to this table(when user changes his password),check the table for number rows for that user if it is 10 then based on the last lesser date you can delete that row and insert new password and you can compare new password with old passwords also while inserting
如果您将用户名作为主键,请再创建一个表以为每个用户存储最多10个密码,同时在此表中插入密码(当用户更改其密码时),如果该用户为10,请检查该表的数字行数然后根据最后较小的日期,您可以删除该行并插入新密码,您也可以在插入时比较新密码和旧密码
#1
0
if you are using SqlMembershipProvider then use
如果您使用SqlMembershipProvider然后使用
maxInvalidPasswordAttempts for attempts
maxInvalidPasswordAttempts用于尝试
passwordAttemptWindow for locking for specified period
passwordAttemptWindow用于锁定指定的时间段
no option for password expiration or password history
没有密码过期或密码历史记录的选项
but if you are using ActiveDirectoryMembershipProvider then use
但如果您使用的是ActiveDirectoryMembershipProvider,请使用
maxInvalidPasswordAttempts for attempts
maxInvalidPasswordAttempts用于尝试
passwordAnswerAttemptLockoutDuration for locking for specified period
passwordAnswerAttemptLockoutDuration用于锁定指定的时间段
and ajust your domain policy for password expiration or password history
并调整您的域策略以获取密码过期或密码历史记录
full info here
完整信息在这里
http://msdn.microsoft.com/en-us/library/ff648345.aspx#paght000022_usingthesqlmembershipprovider
#2
1
For the first requirement, the membership provider offers a MaxInvalidPasswordAttempts property which you can use in conjunction with the PasswordAttemptWindow property.
对于第一个要求,成员资格提供程序提供MaxInvalidPasswordAttempts属性,您可以将其与PasswordAttemptWindow属性一起使用。
The 2nd requirement to the best of my knowledge would require you to customize the membership provider. The base membership provider does not retain prior passwords or have a forced password reset to my knowledge. This could be done if you create a custom provider yourself however.
据我所知,第二个要求需要您自定义成员资格提供者。根据我的知识,基本成员资格提供程序不会保留先前的密码或重置强制密码。如果您自己创建自定义提供程序,则可以执行此操作。
Starter material for creating a custom membership provider
用于创建自定义成员资格提供程序的入门材料
#3
0
ASp.Net membership provider doesn't provide any built in support for your requirements, still you can achieve them by doing some custom work.i-e
ASp.Net会员提供商不为您的要求提供任何内置支持,您仍然可以通过做一些自定义工作来实现它们.i-e
- You can schedule a job that unlocks all locked user accounts, every 30 minutes.
- In your application you can put a check if subsequent user logins are 3months apart, the user should be redirected to changepassword page.
- Last 10 password of the user can be kept in another table, for which you need to write some code on change password functionality.
您可以安排每30分钟解锁所有锁定用户帐户的作业。
在您的应用程序中,您可以检查后续用户登录是否相隔3个月,应将用户重定向到changepassword页面。
用户的最后10个密码可以保存在另一个表中,您需要为更改密码功能编写一些代码。
#4
0
Create custom membership provider. There You can implement all needed functionality, see sample: http://msdn.microsoft.com/en-us/library/44w5aswa.aspx
创建定制成员资格提供在那里您可以实现所有需要的功能,请参阅示例:http://msdn.microsoft.com/en-us/library/44w5aswa.aspx
#5
0
you can do all the above mentioned functionalities by creating proper tables in database. i.e.,
您可以通过在数据库中创建适当的表来完成上述所有功能。即,
-
create one table to store count of wrong attempts, increment count when wrong attempt occurs based on the primary key i.e user name, within 5 attempts if he logs successfully then try to make that count to null
创建一个表来存储错误尝试的计数,当基于主键,即用户名发生错误尝试时增加计数,如果他成功记录,则在5次尝试中尝试将该计数设为null
-
While locking the user after 5 unsuccessful attempts store the time and write one script to check that time continuously, when it meets 30mins call unlock method
在5次尝试失败后锁定用户存储时间并编写一个脚本以连续检查该时间,当它遇到30分钟时调用解锁方法
-
For password also take day count, i.e., from changed date, each time when user logs in after checking user validity check for password day count if it cross 3days prompt them to change
对于密码,还要记录日期计数,即更改日期,每次用户登录后检查用户有效性检查密码日计数,如果它跨越3天提示他们更改
-
If you are taking user name as primary key, create one more table to store max 10 passwords for each user, while inserting password to this table(when user changes his password),check the table for number rows for that user if it is 10 then based on the last lesser date you can delete that row and insert new password and you can compare new password with old passwords also while inserting
如果您将用户名作为主键,请再创建一个表以为每个用户存储最多10个密码,同时在此表中插入密码(当用户更改其密码时),如果该用户为10,请检查该表的数字行数然后根据最后较小的日期,您可以删除该行并插入新密码,您也可以在插入时比较新密码和旧密码