如何在错误密码计数锁定后解锁 ASPNETDB 用户帐户?

发布于 2024-09-06 12:56:32 字数 295 浏览 3 评论 0原文

我是新手,使用 ASPNETDB Visual Studio 生成的用户数据库登录控件,

我在 web.config 中设置了最大错误密码计数为 5,并测试了帐户被锁定的程度。但是我现在无法弄清楚如何解锁该帐户。

这个问题出现在我的远程托管站点上,所以这不是我可以使用 Visual Studio asp.net 配置工具执行的操作,

我可以在 .cs page_load 中运行一些 C# 代码,这可以让我输入用户名并将其解锁会很棒的。然后我可以制作一个表格,以便稍后在需要时轻松完成。

预先感谢您的任何帮助。

i'm new and using the login control with the ASPNETDB visual studio generated user database

i set a maximum bad password count of 5 in web.config and tested to the point that an account was locked out. i am however unable to figure out how to unlock the account now.

this problem is on my remotely hosted site, so this isn't something i can do with the visual studio asp.net configuration tool

some c# code i could run in the .cs page_load, that would let me input the username and have it unlocked would be great. then i could make a form to do it later when i need to easily.

thanks in advance for any help.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

寂寞清仓 2024-09-13 12:56:32
  MembershipUser usr = Membership.GetUser(userName);
  usr.UnlockUser();
  MembershipUser usr = Membership.GetUser(userName);
  usr.UnlockUser();
ゝ偶尔ゞ 2024-09-13 12:56:32

在数据库中手动转到 aspnet_membership 表,将 FailedLoginPasswordAttemptCount(名称类似)设置为零,并将 IsLockedOut 设置为 0 (false)。

我们创建了一个自定义安全屏幕来管理我的几个应用程序中的这些内容,或者您​​可以使用其他帖子中提到的组件。

HTH。

Manually, in the database, go to the aspnet_membership table, set FailedLoginPasswordAttemptCount (something similarly named) to zero and set IsLockedOut to 0 (false).

We created a custom security screen to manage these in several of my apps, or you can use a component like mentioned in the other posts.

HTH.

柒夜笙歌凉 2024-09-13 12:56:32

我有一些来自几年前构建的应用程序的非常旧的(丑陋的)代码。它几乎是对 gridview 控件的改造,它使用 aspnet_Membership_UnlockUser 存储过程作为删除命令,并将键设置为网格行中锁定用户的用户名。我什至没有使用过C#。这是我所拥有的:

<asp:Label runat="server" ID="LblLockedUsers" Text="Locked Out Users:" />

<asp:SqlDataSource ID="SqlLockedUsers" runat="server" ConnectionString='<%$ ConnectionStrings:myConnString %>'
SelectCommand="selLockedOutUsers" SelectCommandType="StoredProcedure" DeleteCommand="aspnet_Membership_UnlockUser"
DeleteCommandType="StoredProcedure" />

<asp:GridView ID="GvLockedUsers" runat="server" AllowPaging="True" PageSize="5" AutoGenerateColumns="False"
DataKeyNames="UserName" DataSourceID="SqlLockedUsers" AllowSorting="True" GridLines="None"
Width="100%">
  <Columns>
    <asp:TemplateField>
      <ItemTemplate>
        <asp:LinkButton ID="LnkUnlock" CommandArgument='<%# Eval("UserName") %>' CommandName="Delete" runat="server">Unlock</asp:LinkButton>
      </ItemTemplate>
    </asp:TemplateField>
    <asp:BoundField DataField="UserName" HeaderText="User Name" ReadOnly="True" SortExpression="UserName" />
    <asp:CheckBoxField DataField="IsLockedOut" HeaderText="Locked Out" ReadOnly="True" SortExpression="IsLockedOut" />
    <asp:BoundField DataField="LastLockoutDate" HeaderText="Last Lockout" SortExpression="LastLockoutDate" ReadOnly="True" />
    <asp:BoundField DataField="failedPasswordAttemptCount" HeaderText="Failed Password Attempts" SortExpression="failedPasswordAttemptCount" ReadOnly="True" />
  </Columns>
  <EmptyDataTemplate>
    No users are locked out at this time.
  </EmptyDataTemplate>
</asp:GridView>

这是我编写的由 gridview 使用的旧存储过程。这一切都可以做得更好,但这就是我当时所做的,而且效果很好。

CREATE PROCEDURE [dbo].[selLockedOutUsers]

AS

SELECT 
m.ApplicationId as applicationId,
a.ApplicationName as applicationName,
m.UserId as userId,
u.UserName as UserName,
m.IsLockedOut as isLockedOut,
m.LastLoginDate as lastLoginDate,
m.LastLockoutDate as lastLockoutDate,
m.FailedPasswordAttemptCount as failedPasswordAttemptCount

FROM 
aspnet_Membership m 
JOIN aspnet_Users u ON m.UserId = u.UserId
JOIN aspnet_Applications a ON m.ApplicationId = a.ApplicationId

WHERE 
m.IsLockedOut = '1'

这是我修改后的 aspnet_Membership_UnlockUser 存储过程。如您所见,我删除了应用程序名称参数,只是在过程中手动设置它。这样我只需要传递用户名作为参数。

ALTER PROCEDURE [dbo].[aspnet_Membership_UnlockUser]
    --@ApplicationName                         nvarchar(256), --replaced with '/'
    @UserName                                nvarchar(256)
AS
BEGIN
    DECLARE @UserId uniqueidentifier
    SELECT  @UserId = NULL
    SELECT  @UserId = u.UserId
    FROM    dbo.aspnet_Users u, dbo.aspnet_Applications a, dbo.aspnet_Membership m
    WHERE   LoweredUserName = LOWER(@UserName) AND
            u.ApplicationId = a.ApplicationId  AND
            LOWER('/') = a.LoweredApplicationName AND
            u.UserId = m.UserId

    IF ( @UserId IS NULL )
        RETURN 1

    UPDATE dbo.aspnet_Membership
    SET IsLockedOut = 0,
        FailedPasswordAttemptCount = 0,
        FailedPasswordAttemptWindowStart = CONVERT( datetime, '17540101', 112 ),
        FailedPasswordAnswerAttemptCount = 0,
        FailedPasswordAnswerAttemptWindowStart = CONVERT( datetime, '17540101', 112 ),
        LastLockoutDate = CONVERT( datetime, '17540101', 112 )
    WHERE @UserId = UserId

    RETURN 0
END

I have some really old (ugly) code from an app I built a few years back. It's pretty much a hack up of a gridview control which uses the aspnet_Membership_UnlockUser stored proc as the delete command with the key set as the username of the locked out user in the gridrow. I didn't even use C#. Here's what I have:

<asp:Label runat="server" ID="LblLockedUsers" Text="Locked Out Users:" />

<asp:SqlDataSource ID="SqlLockedUsers" runat="server" ConnectionString='<%$ ConnectionStrings:myConnString %>'
SelectCommand="selLockedOutUsers" SelectCommandType="StoredProcedure" DeleteCommand="aspnet_Membership_UnlockUser"
DeleteCommandType="StoredProcedure" />

<asp:GridView ID="GvLockedUsers" runat="server" AllowPaging="True" PageSize="5" AutoGenerateColumns="False"
DataKeyNames="UserName" DataSourceID="SqlLockedUsers" AllowSorting="True" GridLines="None"
Width="100%">
  <Columns>
    <asp:TemplateField>
      <ItemTemplate>
        <asp:LinkButton ID="LnkUnlock" CommandArgument='<%# Eval("UserName") %>' CommandName="Delete" runat="server">Unlock</asp:LinkButton>
      </ItemTemplate>
    </asp:TemplateField>
    <asp:BoundField DataField="UserName" HeaderText="User Name" ReadOnly="True" SortExpression="UserName" />
    <asp:CheckBoxField DataField="IsLockedOut" HeaderText="Locked Out" ReadOnly="True" SortExpression="IsLockedOut" />
    <asp:BoundField DataField="LastLockoutDate" HeaderText="Last Lockout" SortExpression="LastLockoutDate" ReadOnly="True" />
    <asp:BoundField DataField="failedPasswordAttemptCount" HeaderText="Failed Password Attempts" SortExpression="failedPasswordAttemptCount" ReadOnly="True" />
  </Columns>
  <EmptyDataTemplate>
    No users are locked out at this time.
  </EmptyDataTemplate>
</asp:GridView>

Here's the old stored proc I wrote which is used by the gridview. This all can be done so much better, but this is what I did back then and it works well.

CREATE PROCEDURE [dbo].[selLockedOutUsers]

AS

SELECT 
m.ApplicationId as applicationId,
a.ApplicationName as applicationName,
m.UserId as userId,
u.UserName as UserName,
m.IsLockedOut as isLockedOut,
m.LastLoginDate as lastLoginDate,
m.LastLockoutDate as lastLockoutDate,
m.FailedPasswordAttemptCount as failedPasswordAttemptCount

FROM 
aspnet_Membership m 
JOIN aspnet_Users u ON m.UserId = u.UserId
JOIN aspnet_Applications a ON m.ApplicationId = a.ApplicationId

WHERE 
m.IsLockedOut = '1'

Here's my modified aspnet_Membership_UnlockUser stored proc. As you can see, I removed the app name parameter and just set it in the proc manually. That way I only need to pass the username as a parameter.

ALTER PROCEDURE [dbo].[aspnet_Membership_UnlockUser]
    --@ApplicationName                         nvarchar(256), --replaced with '/'
    @UserName                                nvarchar(256)
AS
BEGIN
    DECLARE @UserId uniqueidentifier
    SELECT  @UserId = NULL
    SELECT  @UserId = u.UserId
    FROM    dbo.aspnet_Users u, dbo.aspnet_Applications a, dbo.aspnet_Membership m
    WHERE   LoweredUserName = LOWER(@UserName) AND
            u.ApplicationId = a.ApplicationId  AND
            LOWER('/') = a.LoweredApplicationName AND
            u.UserId = m.UserId

    IF ( @UserId IS NULL )
        RETURN 1

    UPDATE dbo.aspnet_Membership
    SET IsLockedOut = 0,
        FailedPasswordAttemptCount = 0,
        FailedPasswordAttemptWindowStart = CONVERT( datetime, '17540101', 112 ),
        FailedPasswordAnswerAttemptCount = 0,
        FailedPasswordAnswerAttemptWindowStart = CONVERT( datetime, '17540101', 112 ),
        LastLockoutDate = CONVERT( datetime, '17540101', 112 )
    WHERE @UserId = UserId

    RETURN 0
END
追风人 2024-09-13 12:56:32

您是否尝试过更改 Web.config 以将锁定时间延长为“更多尝试”或类似的内容?也许它会让你那样。

我不知道您有任何 CSharp 代码,但我使用的工具是 质量数据会员管理器控制,我可以通过网络表单管理会员资格(包括锁定状态)。

虽然这目前对您没有帮助,但将来应该会对您有所帮助。另外,一旦您可以再次登录(锁定到期后),我建议您从 Web.config 中删除锁定信息,直到您准备好上线为止。对您的应用程序进行广泛的测试必然会让您一次又一次地被锁定。

Have you tried changing the Web.config to extend the lockout time to "more attempts" or something like that? Maybe it will let you in that way.

I wouldn't know any CSharp code for you, but a tool that I use is the Quality Data membership Manager Control where I can manage membership (including lock status) through a web form.

While this will not help you right now, it should help you in the future. Also, once you can login (after your lockout expires) again, I would suggest removing the lockout info from the Web.config until you're ready to go live. Extensive testing of your application is bound to get you locked out again and again.

裂开嘴轻声笑有多痛 2024-09-13 12:56:32

本教程可能会有所帮助,您可能需要快速浏览该系列:

解锁并批准用户帐户

This tutorial might help, you might have to go through the series quickly:

Unlocking and Approving User Accounts

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文