C# ServiceStack如何使用MaxLoginAttents功能
我试图在我的ServiceStack项目中添加MaxLoginAttents功能。但在5次登录尝试失败后,它仍然允许登录尝试。我不知道我的代码中缺少了什么 AppHost.cs:C# ServiceStack如何使用MaxLoginAttents功能,c#,
servicestack,C#,
servicestack,我试图在我的ServiceStack项目中添加MaxLoginAttents功能。但在5次登录尝试失败后,它仍然允许登录尝试。我不知道我的代码中缺少了什么 AppHost.cs: public override void Configure(Funq.Container container) { ServiceStack.Text.JsConfig.EmitCamelCaseNames = true; Routes .Add<Hello>("/hel
public override void Configure(Funq.Container container)
{
ServiceStack.Text.JsConfig.EmitCamelCaseNames = true;
Routes
.Add<Hello>("/hello")
.Add<Hello>("/hello/{Name*}");
var appSettings = new AppSettings();
//Enable a custom authentication
Plugins.Add(new AuthFeature(() => new CustomUserSession(),
new IAuthProvider[] {
new CustomAuthProvider(appSettings),
})
{
MaxLoginAttempts = 5
});
}
public override void Configure(Funq.Container)
{
ServiceStack.Text.JsConfig.casenames=true;
路线
.Add(“/hello”)
.Add(“/hello/{Name*}”);
var appSettings=新的appSettings();
//启用自定义身份验证
添加(新的AuthFeature(()=>新的CustomUserSession(),
新IAuthProvider[]{
新的CustomAuthProvider(应用设置),
})
{
MaxLoginAttents=5
});
}
CustomAuthProvider.cs
public CustomAuthProvider(AppSettings appSettings) : base(appSettings) {}
public override bool TryAuthenticate(IServiceBase authService, string userName, string password)
{
// authentication logic
if (userName.Equals("username") && password.Equals("password"))
{
return true;
}
else
{
return false;
}
}
public override IHttpResult OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary<string, string> authInfo)
{
//Saving the session!
return base.OnAuthenticated(authService, session, tokens, authInfo);
}
公共CustomAuthProvider(AppSettings AppSettings):基本(AppSettings){
公共覆盖bool TryAuthenticate(IServiceBase authService、字符串用户名、字符串密码)
{
//认证逻辑
if(userName.Equals(“用户名”)和password.Equals(“密码”))
{
返回true;
}
其他的
{
返回false;
}
}
已验证的公用重写IHttpResult(IServiceBase authService、IAuthSession会话、IAuthTokens令牌、字典authInfo)
{
//正在保存会话!
返回base.OnAuthenticated(authService、会话、令牌、authInfo);
}
当您: 由于您正在重写
TryAuthenticate()
而不使用身份验证存储库,因此您必须自己验证它,在保存用户信息的任何位置都需要维护invalidloginattests
计数器
如果有帮助,这就是所有身份验证存储库用于:
对于所有其他应使用的序列化自定义,例如:
非常感谢。我会考虑这一点。
public virtual bool TryAuthenticate(IServiceBase authService, string userName, string password)
{
var authRepo = GetUserAuthRepository(authService.Request);
using (authRepo as IDisposable)
{
var session = authService.GetSession();
if (authRepo.TryAuthenticate(userName, password, out var userAuth))
{
if (IsAccountLocked(authRepo, userAuth))
throw new AuthenticationException(ErrorMessages.UserAccountLocked.Localize(authService.Request));
session.PopulateSession(userAuth, authRepo);
return true;
}
return false;
}
}
public static void RecordInvalidLoginAttempt(this IUserAuthRepository repo, IUserAuth userAuth)
{
var feature = HostContext.GetPlugin<AuthFeature>();
if (feature?.MaxLoginAttempts == null) return;
userAuth.InvalidLoginAttempts += 1;
userAuth.LastLoginAttempt = userAuth.ModifiedDate = DateTime.UtcNow;
if (userAuth.InvalidLoginAttempts >= feature.MaxLoginAttempts.Value)
{
userAuth.LockedDate = userAuth.LastLoginAttempt;
}
repo.SaveUserAuth(userAuth);
}
SetConfig(new HostConfig { UseCamelCase = true });
JsConfig.Init(new Config {
DateHandler = DateHandler.ISO8601,
AlwaysUseUtc = true,
TextCase = TextCase.CamelCase,
ExcludeDefaultValues = true,
});