Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

reset user lockout by sending a reset account link using asp net identity 2.1

I have an ASP MVC project in which I want to send an unlock account lockout link to the user's email after the user gets lockout.I use asp net identity 2.1 in my project. What i could possibly do is to lock the account for a period of 30 minutes using asp identity. After this time the account gets unlocked. I tried to send email to the user which contains a reset link. The link calls a method which has the following code.

[AllowAnonymous]
public async Task<ActionResult> UnlockAccount(string userId)
{
    await UserManager.ResetAccessFailedCountAsync(userId);
    return RedirectToAction("Login");
}

But after this still my account is locked for the time period of 30 minutes which i setup in IdentityConfig.cs. Is this possible in asp net identity.

like image 443
Noxious Reptile Avatar asked Oct 23 '15 06:10

Noxious Reptile


Video Answer


2 Answers

I know this is old but it's worth an answer as I've just been wondering the same myself...

The AccessFailedCount doesn't matter - the only thing locking the user out is the LockoutEndDateUtc. If the current UTC datetime is before the LockoutEndDateUtc then you won't be able to gain entry.

It's simple enough to reset though:

await UserManager.SetLockoutEndDateAsync(userId, new DateTimeOffset(DateTime.UtcNow));

You can set the DateTimeOffset to anything you want as long as it's before the current DateTimeUTC, in my example I use DateTime.UtcNow as it gives the added benefit of knowing when the account was unlocked.

When the user eventually logs in again the AccessFailedCount will be reset to 0, so you don't need to worry about resetting that.

like image 171
Percy Avatar answered Nov 10 '22 01:11

Percy


I thought I'd add an answer based on two of the comments above, as combined they seem to provide the best solution to this. I have a form in which I show a reCAPTCHA once the user is locked out, and clear the lockout if they submit the correct password along with a valid reCAPTCHA. The method I use to do the reset is below:

private async Task ResetLockoutIfPasswordCorrect(string username, string password)
{
    var user = await _userManager.FindByNameAsync(username);
    if (await _userManager.CheckPasswordAsync(user, password))
    {
        await _userManager.ResetAccessFailedCountAsync(user);
        await _userManager.SetLockoutEndDateAsync(user, null);
    }
}

As I say, I do guard this method with reCAPTCHA.

like image 30
Martin Owen Avatar answered Nov 10 '22 01:11

Martin Owen