locked
How can I set a task in asp.net core? RRS feed

  • Question

  • User1052024640 posted

    I wanna achieve this: whenever someone login his account failed for 3 times(for example input wrong password). The system will stop him from login in for 30 minutes.

    In my opinion, it should work by back-end but not the database.

    I think the asp.net core should record his IP&Time in a list and check if time is over every minute.

    Meanwhile, how can I set a task in asp.net core? Besides, I want to know if my idea is right? Thank you.

    Friday, June 28, 2019 12:13 PM

Answers

  • User-1764593085 posted

    Hi mywatermelon,

    I wanna achieve this: whenever someone login his account failed for 3 times(for example input wrong password). The system will stop him from login in for 30 minutes.

    If you use asp.net core Identity, you just need to enable it when you register:

    services.AddDefaultIdentity<identityUser>(options =>
                {
                    options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
                    options.Lockout.MaxFailedAccessAttempts = 3;
                    options.Lockout.AllowedForNewUsers = true;
                })
             .AddRoles<IdentityRole>()
             .AddDefaultUI(UIFramework.Bootstrap4)
             .AddEntityFrameworkStores<ApplicationDbContext>();

    Refer to https://github.com/aspnet/Identity/issues/1764

    If you want to implement in your own approach, you could add a cloumn "IsLockedOut" (boolean) ,"AttemptCounts" (int) and "FailLoginTime" (dateTime) to your user table and while a user attemts to login just count the number of attempts if its a unsucessfull login.

    When the count gets 3 set IslockedOut column in the table to "true" for that particular user ,reset AttemptCounts column  and set current time to FailLoginTime column.So when a user login you will firstly check whether it has been 30 minutes since FailLoginTime , if so ,set IsLockedOut to false.

    You need to check "Username","Password" and "IsLockedOut" in your logic when user login.

    Best Regards,

    Xing

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, July 1, 2019 5:39 AM

All replies

  • User753101303 posted

    Hi,

    It doesn't seems to be needed.

    And you are using ASP.NET Identity or your own approach ? I'm not sure why you would need to check for this each minute, you just need to check this on the next attempt (and if it was locked since enough time, then it is not locked anymore).

    If not done already try perhaps https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-2.2 . As most things it could be customized (you do have a learning curve but then  you can customize this particular point as you want without any impact on your main code).

    Friday, June 28, 2019 12:34 PM
  • User1052024640 posted

    I always consider that I can only do this in my own approach. I never heard that there is an official way to do this. I will absolutely use the official way instead of trying a new and unknown way.

    Thank you for giving me this tutorial. It is useful for a beginner just like me.

    Friday, June 28, 2019 12:46 PM
  • User-1764593085 posted

    Hi mywatermelon,

    I wanna achieve this: whenever someone login his account failed for 3 times(for example input wrong password). The system will stop him from login in for 30 minutes.

    If you use asp.net core Identity, you just need to enable it when you register:

    services.AddDefaultIdentity<identityUser>(options =>
                {
                    options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
                    options.Lockout.MaxFailedAccessAttempts = 3;
                    options.Lockout.AllowedForNewUsers = true;
                })
             .AddRoles<IdentityRole>()
             .AddDefaultUI(UIFramework.Bootstrap4)
             .AddEntityFrameworkStores<ApplicationDbContext>();

    Refer to https://github.com/aspnet/Identity/issues/1764

    If you want to implement in your own approach, you could add a cloumn "IsLockedOut" (boolean) ,"AttemptCounts" (int) and "FailLoginTime" (dateTime) to your user table and while a user attemts to login just count the number of attempts if its a unsucessfull login.

    When the count gets 3 set IslockedOut column in the table to "true" for that particular user ,reset AttemptCounts column  and set current time to FailLoginTime column.So when a user login you will firstly check whether it has been 30 minutes since FailLoginTime , if so ,set IsLockedOut to false.

    You need to check "Username","Password" and "IsLockedOut" in your logic when user login.

    Best Regards,

    Xing

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, July 1, 2019 5:39 AM
  • User1052024640 posted

    That's not only what I need and easy to achieve. Thank you.

    Monday, July 1, 2019 5:42 AM